[commons-compress] branch master updated: COMPRESS-603

Tue, 08 Feb 2022 23:52:07 -0800 

This is an automated email from the ASF dual-hosted git repository.

peterlee pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/commons-compress.git


The following commit(s) were added to refs/heads/master by this push:
     new 510be7f  COMPRESS-603
510be7f is described below

commit 510be7f741c725d2293c77fb64513540b9195218
Author: PeterAlfredLee <[email protected]>
AuthorDate: Wed Feb 9 15:44:19 2022 +0800

    COMPRESS-603
    
    Expander should be able to work if an entry's name is "./".
---
 src/changes/changes.xml                            |  3 ++
 .../compress/archivers/examples/Expander.java      |  5 +++-
 .../compress/archivers/examples/ExpanderTest.java  | 35 ++++++++++++++++++++++
 3 files changed, 42 insertions(+), 1 deletion(-)

diff --git a/src/changes/changes.xml b/src/changes/changes.xml
index ddf1e48..0d17514 100644
--- a/src/changes/changes.xml
+++ b/src/changes/changes.xml
@@ -113,6 +113,9 @@ The <action> type attribute can be add,update,fix,remove.
       <action type="update" dev="kinow" due-to="Dependabot">
         Bump slf4j-api from 1.7.30 to 1.7.35 #213, #241.
       </action>
+      <action issue="COMPRESS-603" type="fix" date="2022-02-09" dev="Peter 
Lee" due-to="Matt Sicker">
+        Expander should be able to work if an entry's name is "./".
+      </action>
     </release>
     <release version="1.21" date="2021-07-12"
              description="Release 1.21 (Java 8)
diff --git 
a/src/main/java/org/apache/commons/compress/archivers/examples/Expander.java 
b/src/main/java/org/apache/commons/compress/archivers/examples/Expander.java
index 0271268..960a9dd 100644
--- a/src/main/java/org/apache/commons/compress/archivers/examples/Expander.java
+++ b/src/main/java/org/apache/commons/compress/archivers/examples/Expander.java
@@ -346,7 +346,10 @@ public class Expander {
         ArchiveEntry nextEntry = supplier.getNextReadableEntry();
         while (nextEntry != null) {
             final File f = new File(targetDirectory, nextEntry.getName());
-            if (!f.getCanonicalPath().startsWith(targetDirPath)) {
+            // check if targetDirectory and f are the same path - this may
+            // happen if the nextEntry.getName() is "./"
+            if (!f.getCanonicalPath().startsWith(targetDirPath)
+                    && !Files.isSameFile(targetDirectory.toPath(), 
f.toPath())) {
                 throw new IOException("Expanding " + nextEntry.getName()
                     + " would create file outside of " + targetDirectory);
             }
diff --git 
a/src/test/java/org/apache/commons/compress/archivers/examples/ExpanderTest.java
 
b/src/test/java/org/apache/commons/compress/archivers/examples/ExpanderTest.java
index 7b8cb94..ca60593 100644
--- 
a/src/test/java/org/apache/commons/compress/archivers/examples/ExpanderTest.java
+++ 
b/src/test/java/org/apache/commons/compress/archivers/examples/ExpanderTest.java
@@ -158,6 +158,15 @@ public class ExpanderTest extends AbstractTestCase {
         verifyTargetDir();
     }
 
+    @Test
+    public void testCompress603Tar() throws IOException, ArchiveException {
+        setupTarForCompress603();
+        try (TarFile f = new TarFile(archive)) {
+            new Expander().expand(f, resultDir);
+        }
+        verifyTargetDir();
+    }
+
     private void setup7z() throws IOException {
         archive = new File(dir, "test.7z");
         final File dummy = new File(dir, "x");
@@ -229,6 +238,32 @@ public class ExpanderTest extends AbstractTestCase {
         }
     }
 
+    private void setupTarForCompress603() throws IOException, ArchiveException 
{
+        archive = new File(dir, "test.tar");
+        final File dummy = new File(dir, "x");
+        try (OutputStream o = Files.newOutputStream(dummy.toPath())) {
+            o.write(new byte[14]);
+        }
+        try (ArchiveOutputStream aos = ArchiveStreamFactory.DEFAULT
+                .createArchiveOutputStream("tar", 
Files.newOutputStream(archive.toPath()))) {
+            aos.putArchiveEntry(aos.createArchiveEntry(dir, "./"));
+            aos.closeArchiveEntry();
+            aos.putArchiveEntry(aos.createArchiveEntry(dir, "./a"));
+            aos.closeArchiveEntry();
+            aos.putArchiveEntry(aos.createArchiveEntry(dir, "./a/b"));
+            aos.closeArchiveEntry();
+            aos.putArchiveEntry(aos.createArchiveEntry(dir, "./a/b/c"));
+            aos.closeArchiveEntry();
+            aos.putArchiveEntry(aos.createArchiveEntry(dummy, "./a/b/d.txt"));
+            aos.write("Hello, world 1".getBytes(UTF_8));
+            aos.closeArchiveEntry();
+            aos.putArchiveEntry(aos.createArchiveEntry(dummy, 
"./a/b/c/e.txt"));
+            aos.write("Hello, world 2".getBytes(UTF_8));
+            aos.closeArchiveEntry();
+            aos.finish();
+        }
+    }
+
     private void setupZip(final String entry) throws IOException, 
ArchiveException {
         archive = new File(dir, "test.zip");
         final File dummy = new File(dir, "x");

Reply via email to