diff --git a/bundlerepository/pom.xml b/bundlerepository/pom.xml
index 212e9597d8..4ad8533147 100644
--- a/bundlerepository/pom.xml
+++ b/bundlerepository/pom.xml
@@ -38,7 +38,7 @@
${project.groupId}
org.apache.felix.utils
- 1.11.0-SNAPSHOT
+ 1.11.4
true
diff --git a/bundlerepository/src/main/java/org/apache/felix/bundlerepository/impl/FileUtil.java b/bundlerepository/src/main/java/org/apache/felix/bundlerepository/impl/FileUtil.java
index 9a27e3ff49..1421ee661f 100644
--- a/bundlerepository/src/main/java/org/apache/felix/bundlerepository/impl/FileUtil.java
+++ b/bundlerepository/src/main/java/org/apache/felix/bundlerepository/impl/FileUtil.java
@@ -112,6 +112,9 @@ public static void unjar(JarInputStream jis, File dir)
}
File target = new File(dir, je.getName());
+ if (!target.getCanonicalPath().startsWith(dir.getCanonicalPath())) {
+ throw new IOException("The output file is not contained in the destination directory");
+ }
// Check to see if the JAR entry is a directory.
if (je.isDirectory())
@@ -219,4 +222,4 @@ public static InputStream openURL(final URLConnection conn) throws IOException
throw newException;
}
}
-}
\ No newline at end of file
+}
diff --git a/bundlerepository/src/main/java/org/apache/felix/bundlerepository/impl/ObrGogoCommand.java b/bundlerepository/src/main/java/org/apache/felix/bundlerepository/impl/ObrGogoCommand.java
index 4d3f7a6ebe..7c5b1d7527 100644
--- a/bundlerepository/src/main/java/org/apache/felix/bundlerepository/impl/ObrGogoCommand.java
+++ b/bundlerepository/src/main/java/org/apache/felix/bundlerepository/impl/ObrGogoCommand.java
@@ -765,6 +765,9 @@ public static void unjar(JarInputStream jis, File dir)
}
File target = new File(dir, je.getName());
+ if (!target.getCanonicalPath().startsWith(dir.getCanonicalPath())) {
+ throw new IOException("The output file is not contained in the destination directory");
+ }
// Check to see if the JAR entry is a directory.
if (je.isDirectory())
diff --git a/deploymentadmin/deploymentadmin/src/main/java/org/apache/felix/deploymentadmin/spi/SnapshotCommand.java b/deploymentadmin/deploymentadmin/src/main/java/org/apache/felix/deploymentadmin/spi/SnapshotCommand.java
index 29c2c2c2b3..0e44d4eddf 100644
--- a/deploymentadmin/deploymentadmin/src/main/java/org/apache/felix/deploymentadmin/spi/SnapshotCommand.java
+++ b/deploymentadmin/deploymentadmin/src/main/java/org/apache/felix/deploymentadmin/spi/SnapshotCommand.java
@@ -92,6 +92,9 @@ protected static void restore(File archiveFile, File targetDir) throws IOExcepti
ZipEntry entry;
while ((entry = input.getNextEntry()) != null) {
File targetEntry = new File(targetDir, entry.getName());
+ if (!targetEntry.getCanonicalPath().startsWith(targetDir.getCanonicalPath())) {
+ throw new IOException("The output file is not contained in the destination directory");
+ }
if (entry.isDirectory()) {
if (!targetEntry.mkdirs()) {
@@ -223,4 +226,4 @@ protected void onFailure(Exception e) {
m_session.getLog().log(LogService.LOG_WARNING, "Failed to restore snapshot!", e);
}
}
-}
\ No newline at end of file
+}
diff --git a/gogo/command/src/main/java/org/apache/felix/gogo/command/Util.java b/gogo/command/src/main/java/org/apache/felix/gogo/command/Util.java
index 21a84272a1..c4b4ddfe42 100644
--- a/gogo/command/src/main/java/org/apache/felix/gogo/command/Util.java
+++ b/gogo/command/src/main/java/org/apache/felix/gogo/command/Util.java
@@ -166,6 +166,9 @@ public static void unjar(JarInputStream jis, File dir)
}
File target = new File(dir, je.getName());
+ if (!target.getCanonicalPath().startsWith(dir.getCanonicalPath())) {
+ throw new IOException("The output file is not contained in the destination directory");
+ }
// Check to see if the JAR entry is a directory.
if (je.isDirectory())