Hi,
Please help review the proposed change for JDK-8197398.
issue: https://bugs.openjdk.java.net/browse/JDK-8197398
webrev: http://cr.openjdk.java.net/~sherman/8197398/webrev
A little background:
The existing zipfs has an assumption that the "normal/healthy/secured"
zip/jar file should not
include any entry that has an absolute path, root "/" included. Various
jar/zip tools have been
fixed/patched in the past years to avoid create such a jar/zip file for
security reason. But there
are zip/jar files in the wild that do include absolute paths and do
include a "/" root sometime, the
offending jar file included in the bug report is just one of those.
With this "wrong" assumption, the existing zipfs implementation always
add a pseudo root
directory before building the internal inode tree and unfortunately
attaches the "real" root
entry (exists in the jar/zip file) to be its child, in which trigger a
circle when iteration.
The proposed change is to solve this problem by only adding the pseudo
root when there is no
real root in the zip/jar file. Further the proposed change will try to
"normalize" the zip/jar file
when it has any update needs to sync/write the update to the underlying
zip/jar file when
closing, by removing any absolute path for all the entries, root "/"
included, with the assumption
that the zipfis implementation should never create/generate an unsecured
zip/jar file.
Thanks,
Sherman
