comphelper/source/misc/storagehelper.cxx | 13 +++++++++++--
1 file changed, 11 insertions(+), 2 deletions(-)
New commits:
commit fd7ccdd0b333203989fbb404aded4e09e9d0c720
Author: Michael Stahl <michael.st...@allotropia.de>
AuthorDate: Thu Jul 4 14:07:25 2024 +0200
Commit: Christian Lohmaier <lohmaier+libreoff...@googlemail.com>
CommitDate: Wed Jul 10 11:48:12 2024 +0200
comphelper: treat zip file path segments '.' and '..' as invalid
This will prevent also opening with RepairPackage, would need to adapt
ZipPackage::getZipFileContents() a bit, but let's hope nobody acutally
has such files.
Also treat path that starts with "/" as invalid, presumably it's not
allowed by APPNOTE.TXT:
"The name of the file, with optional relative path."
Change-Id: Ic694ea2fb34f5de1d490a9a251cf56e4004e9673
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/169994
Reviewed-by: Michael Stahl <michael.st...@allotropia.de>
Tested-by: Jenkins
(cherry picked from commit 6005260078c126bf3f1cf4d6f1ebb631453f5ac7)
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/169964
Reviewed-by: Xisco Fauli <xiscofa...@libreoffice.org>
(cherry picked from commit fda9ae6f1cef7512f0560828f67553b91641bd26)
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/170228
Reviewed-by: Ilmari Lauhakangas <ilmari.lauhakan...@libreoffice.org>
Tested-by: Christian Lohmaier <lohmaier+libreoff...@googlemail.com>
Reviewed-by: Christian Lohmaier <lohmaier+libreoff...@googlemail.com>
diff --git a/comphelper/source/misc/storagehelper.cxx
b/comphelper/source/misc/storagehelper.cxx
index 1d504cb91725..734ffbec0be9 100644
--- a/comphelper/source/misc/storagehelper.cxx
+++ b/comphelper/source/misc/storagehelper.cxx
@@ -548,10 +548,17 @@ uno::Sequence< beans::NamedValue >
OStorageHelper::CreateGpgPackageEncryptionDat
bool OStorageHelper::IsValidZipEntryFileName( std::u16string_view aName, bool
bSlashAllowed )
{
+ long nDots{0};
for ( size_t i = 0; i < aName.size(); i++ )
{
switch ( aName[i] )
{
+ case '.':
+ if (nDots != -1)
+ {
+ ++nDots;
+ }
+ break;
case '\':
case '?':
case '<':
@@ -561,15 +568,17 @@ bool OStorageHelper::IsValidZipEntryFileName(
std::u16string_view aName, bool bS
case ':':
return false;
case '/':
- if ( !bSlashAllowed )
+ if (!bSlashAllowed || nDots == 1 || nDots == 2 || i == 0)
return false;
+ nDots = 0;
break;
default:
+ nDots = -1;
if ( aName[i] < 32 || (aName[i] >= 0xD800 && aName[i] <=
0xDFFF) )
return false;
}
}
- return true;
+ return nDots != 1 && nDots != 2;
}
