Revert D33633205: address path traversal vulnerability

Differential Revision: D33633205 (62b922a) Original commit changeset: 1834fcdfa96b Original Phabricator Diff: D33633205 (62b922a) fbshipit-source-id: bb09fe48749b284f4cc5e7d9e7e51e985a9897de
facebookarchive · Jan 28, 2022 · 464a578 · 464a578
1 parent 62b922a
commit 464a578
Showing 1 changed file with 1 addition and 3 deletions.
diff --git a/deps/zip/ZipHelper.java b/deps/zip/ZipHelper.java
@@ -15,6 +15,7 @@
 import java.util.zip.ZipOutputStream;
 
 public class ZipHelper {
+
   public static final String ZIP_SUFFIX = ".zip";
   public static final String TMP_SUFFIX = ".tmp";
 
@@ -134,9 +135,6 @@ public static boolean extractZip(InputStream inputStream, File extractDir) throw
 
     while (entry != null) {
       File newFile = new File(extractDir, entry.getName());
-      if (!newFile.getCanonicalPath().startsWith(extractDir.getName())) {
-        throw new IOException("Invalid entry name");
-      }
       if (entry.isDirectory()) {
         if (!newFile.isDirectory() && !newFile.mkdirs()) {
           throw new IOException("Can't create directory");