Skip to content

Commit

Permalink
re-fix zip traversal vuln, path discrepancy
Browse files Browse the repository at this point in the history
/data/data/foo vs /data/user/0/foo,
as suggested by @jcperuffo in MobileChromeApps#92 (comment)
  • Loading branch information
bikubi committed May 19, 2022
1 parent 1fe648b commit a3855df
Showing 1 changed file with 2 additions and 1 deletion.
3 changes: 2 additions & 1 deletion src/android/Zip.java
Original file line number Diff line number Diff line change
Expand Up @@ -127,7 +127,8 @@ private void unzipSync(CordovaArgs args, CallbackContext callbackContext) {
} else {
File file = new File(outputDirectory + compressedName);
String canonicalPath = file.getCanonicalPath();
if (!canonicalPath.startsWith(outputDirectory)) {
String absolutePath = file.getAbsolutePath();
if (!canonicalPath.startsWith(outputDirectory) && !absolutePath.startsWith(outputDirectory)) {
String errorMessage = "Zip traversal security error";
callbackContext.error(errorMessage);
Log.e(LOG_TAG, errorMessage);
Expand Down

0 comments on commit a3855df

Please sign in to comment.