Author: fanningpj
Date: Tue Jul 9 09:46:46 2024
New Revision: 1919058
URL: http://svn.apache.org/viewvc?rev=1919058&view=rev
Log:
make validateEntryNames use case insensitive check
Modified:
poi/trunk/poi-ooxml/src/main/java/org/apache/poi/openxml4j/util/ZipInputStreamZipEntrySource.java
poi/trunk/poi-ooxml/src/main/java/org/apache/poi/openxml4j/util/ZipSecureFile.java
Modified:
poi/trunk/poi-ooxml/src/main/java/org/apache/poi/openxml4j/util/ZipInputStreamZipEntrySource.java
URL:
http://svn.apache.org/viewvc/poi/trunk/poi-ooxml/src/main/java/org/apache/poi/openxml4j/util/ZipInputStreamZipEntrySource.java?rev=1919058&r1=1919057&r2=1919058&view=diff
==============================================================================
---
poi/trunk/poi-ooxml/src/main/java/org/apache/poi/openxml4j/util/ZipInputStreamZipEntrySource.java
(original)
+++
poi/trunk/poi-ooxml/src/main/java/org/apache/poi/openxml4j/util/ZipInputStreamZipEntrySource.java
Tue Jul 9 09:46:46 2024
@@ -22,6 +22,7 @@ import java.util.Collections;
import java.util.Enumeration;
import java.util.HashMap;
import java.util.HashSet;
+import java.util.Locale;
import java.util.Map;
import java.util.Set;
@@ -90,6 +91,8 @@ public class ZipInputStreamZipEntrySourc
* into memory, and don't close (since POI 4.0.1) the source stream.
* We'll then eat lots of memory, but be able to
* work with the entries at-will.
+ * @throws IOException if an error occurs while reading the zip entries
+ * @throws InvalidZipException if the input file contains an entry with an
empty name or more than 1 entry with the same name
* @see #setThresholdBytesForTempFiles
*/
public ZipInputStreamZipEntrySource(ZipArchiveThresholdInputStream inp)
throws IOException {
@@ -100,8 +103,12 @@ public class ZipInputStreamZipEntrySourc
break;
}
String name = zipEntry.getName();
+ if (name == null || name.isEmpty()) {
+ throw new InvalidZipException("Input file contains an entry
with an empty name");
+ }
+ name = name.toLowerCase(Locale.ROOT);
if (filenames.contains(name)) {
- throw new InvalidZipException("Input file contains more than 1
entry with the name " + name);
+ throw new InvalidZipException("Input file contains more than 1
entry with the name " + zipEntry.getName());
}
filenames.add(name);
zipEntries.put(name, new ZipArchiveFakeEntry(zipEntry, inp));
Modified:
poi/trunk/poi-ooxml/src/main/java/org/apache/poi/openxml4j/util/ZipSecureFile.java
URL:
http://svn.apache.org/viewvc/poi/trunk/poi-ooxml/src/main/java/org/apache/poi/openxml4j/util/ZipSecureFile.java?rev=1919058&r1=1919057&r2=1919058&view=diff
==============================================================================
---
poi/trunk/poi-ooxml/src/main/java/org/apache/poi/openxml4j/util/ZipSecureFile.java
(original)
+++
poi/trunk/poi-ooxml/src/main/java/org/apache/poi/openxml4j/util/ZipSecureFile.java
Tue Jul 9 09:46:46 2024
@@ -21,6 +21,7 @@ import java.io.File;
import java.io.IOException;
import java.util.Enumeration;
import java.util.HashSet;
+import java.util.Locale;
import java.util.Set;
import org.apache.commons.compress.archivers.zip.ZipArchiveEntry;
@@ -257,9 +258,14 @@ public class ZipSecureFile extends ZipFi
final Enumeration<ZipArchiveEntry> en = getEntries();
final Set<String> filenames = new HashSet<>();
while (en.hasMoreElements()) {
- String name = en.nextElement().getName();
+ final ZipArchiveEntry entry = en.nextElement();
+ String name = entry.getName();
+ if (name == null || name.isEmpty()) {
+ throw new InvalidZipException("Input file contains an entry
with an empty name");
+ }
+ name = name.toLowerCase(Locale.ROOT);
if (filenames.contains(name)) {
- throw new InvalidZipException("Input file contains more than 1
entry with the name " + name);
+ throw new InvalidZipException("Input file contains more than 1
entry with the name " + entry.getName());
}
filenames.add(name);
}
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
