add zip path traversal vulnerability check for zip decompression

2026-05-19 14:20:37 -04:00 · 2023-08-15 00:54:29 +03:00
parent 4caf77bc9b
commit a380eb9c3c
2 changed files with 7 additions and 1 deletions
--- a/app/src/main/kotlin/com/simplemobiletools/filemanager/pro/activities/DecompressActivity.kt
+++ b/app/src/main/kotlin/com/simplemobiletools/filemanager/pro/activities/DecompressActivity.kt
@@ -19,6 +19,7 @@ import net.lingala.zip4j.exception.ZipException.Type
 import net.lingala.zip4j.io.inputstream.ZipInputStream
 import net.lingala.zip4j.model.LocalFileHeader
 import java.io.BufferedInputStream
+import java.io.File

 class DecompressActivity : SimpleActivity() {
    companion object {
@@ -145,6 +146,11 @@ class DecompressActivity : SimpleActivity() {
                        continue
                    }

+                    val isVulnerableForZipPathTraversal = !File(newPath).canonicalPath.startsWith(parent)
+                    if (isVulnerableForZipPathTraversal) {
+                        continue
+                    }
+
                    val fos = getFileOutputStreamSync(newPath, newPath.getMimeType())
                    var count: Int
                    while (true) {