diff --git a/app/src/main/java/com/amaze/filemanager/services/ExtractService.java b/app/src/main/java/com/amaze/filemanager/services/ExtractService.java index e175a89701..9db577d1e7 100644 --- a/app/src/main/java/com/amaze/filemanager/services/ExtractService.java +++ b/app/src/main/java/com/amaze/filemanager/services/ExtractService.java @@ -231,14 +231,18 @@ private void createDir(File dir) { private void unzipEntry(ZipFile zipFile, ZipEntry entry, String outputDir) throws Exception { + final File outputFile = new File(outputDir, fixEntryName(entry.getName())); + + if (!outputFile.getCanonicalPath().startsWith(outputDir)){ + throw new IOException("Incorrect ZipEntry path!"); + } + if (entry.isDirectory()) { // zip entry is a directory, return after creating new directory - createDir(new File(outputDir, entry.getName())); + createDir(outputFile); return; } - final File outputFile = new File(outputDir, entry.getName()); - if (!outputFile.getParentFile().exists()) { // creating directory if not already exists @@ -265,13 +269,19 @@ private void unzipEntry(ZipFile zipFile, ZipEntry entry, String outputDir) private void unzipRAREntry(Archive zipFile, FileHeader entry, String outputDir) throws Exception { - String name = entry.getFileNameString(); + String name = fixEntryName(entry.getFileNameString()); name = name.replaceAll("\\\\", "/"); + File outputFile = new File(outputDir, name); + + if (!outputFile.getCanonicalPath().startsWith(outputDir)){ + throw new IOException("Incorrect RAR FileHeader path!"); + } + if (entry.isDirectory()) { - createDir(new File(outputDir, name)); + createDir(outputFile); return; } - File outputFile = new File(outputDir, name); + if (!outputFile.getParentFile().exists()) { createDir(outputFile.getParentFile()); } @@ -299,12 +309,18 @@ private void unzipRAREntry(Archive zipFile, FileHeader entry, String outputDir) private void unzipTAREntry(TarArchiveInputStream zipFileStream, TarArchiveEntry entry, String outputDir) throws Exception { - String name = entry.getName(); + String name = fixEntryName(entry.getName()); + File outputFile = new File(outputDir, name); + + if (!outputFile.getCanonicalPath().startsWith(outputDir)){ + throw new IOException("Incorrect TarArchiveEntry path!"); + } + if (entry.isDirectory()) { - createDir(new File(outputDir, name)); + createDir(outputFile); return; } - File outputFile = new File(outputDir, name); + if (!outputFile.getParentFile().exists()) { createDir(outputFile.getParentFile()); } @@ -707,5 +723,12 @@ private synchronized void putDataPackage(DataPackage dataPackage) { this.dataPackages.add(dataPackage); } + protected String fixEntryName(String entryName){ + if(entryName.indexOf('\\') > 0) { + return entryName.replace('\\', '/'); + } else { + return entryName; + } + } } diff --git a/app/src/main/java/com/amaze/filemanager/services/asynctasks/RarHelperTask.java b/app/src/main/java/com/amaze/filemanager/services/asynctasks/RarHelperTask.java index a962e0eeb3..49ce6e6a75 100644 --- a/app/src/main/java/com/amaze/filemanager/services/asynctasks/RarHelperTask.java +++ b/app/src/main/java/com/amaze/filemanager/services/asynctasks/RarHelperTask.java @@ -11,6 +11,7 @@ import com.github.junrar.rarfile.FileHeader; import java.io.File; +import java.io.IOException; import java.util.ArrayList; import java.util.Collections; import java.util.Comparator; @@ -60,13 +61,19 @@ protected ArrayList doInBackground(File... params) { String name = header.getFileNameString(); if (!name.contains("\\")) { - elements.add(header); + if(name.startsWith("..\\") || name.startsWith("../") || name.equals("..")) { + continue; + } + elements.add(header); } } } else { for (FileHeader header : zipViewer.wholelistRar) { String name = header.getFileNameString(); + if(name.startsWith("..\\") || name.startsWith("../") || name.equals("..")) { + continue; + } if (name.substring(0, name.lastIndexOf("\\")).equals(dir)) { elements.add(header); } diff --git a/app/src/main/java/com/amaze/filemanager/services/asynctasks/ZipHelperTask.java b/app/src/main/java/com/amaze/filemanager/services/asynctasks/ZipHelperTask.java index 42aac71bf3..933c1d43ac 100644 --- a/app/src/main/java/com/amaze/filemanager/services/asynctasks/ZipHelperTask.java +++ b/app/src/main/java/com/amaze/filemanager/services/asynctasks/ZipHelperTask.java @@ -7,6 +7,7 @@ import com.amaze.filemanager.ui.ZipObj; import java.io.File; +import java.io.IOException; import java.util.ArrayList; import java.util.Collections; import java.util.Comparator; @@ -67,9 +68,12 @@ protected ArrayList doInBackground(String... params) { for (ZipObj entry : zipViewer.wholelist) { - String s = entry.getName(); - // System.out.println(s); File file = new File(entry.getName()); + + if(entry.getName().startsWith("../") || entry.getName().startsWith("..\\") || entry.getName().equals("..")) { + continue; + } + if (dir == null || dir.trim().length() == 0) { String y = entry.getName(); if (y.startsWith("/"))