From 6fd096b6b4fe85999b913de74621937b3ccc42b9 Mon Sep 17 00:00:00 2001 From: Tglman Date: Tue, 17 Sep 2024 14:41:26 +0100 Subject: [PATCH] fix: add checks for zip paths --- .../OEnterpriseLocalPaginatedStorage.java | 40 ++++++++++++------- 1 file changed, 26 insertions(+), 14 deletions(-) diff --git a/agent/src/main/java/com/orientechnologies/orient/core/storage/impl/local/paginated/OEnterpriseLocalPaginatedStorage.java b/agent/src/main/java/com/orientechnologies/orient/core/storage/impl/local/paginated/OEnterpriseLocalPaginatedStorage.java index 2783f61a..e05dee0f 100755 --- a/agent/src/main/java/com/orientechnologies/orient/core/storage/impl/local/paginated/OEnterpriseLocalPaginatedStorage.java +++ b/agent/src/main/java/com/orientechnologies/orient/core/storage/impl/local/paginated/OEnterpriseLocalPaginatedStorage.java @@ -996,37 +996,38 @@ private void restoreFromIncrementalBackup( entryLoop: while ((zipEntry = zipInputStream.getNextEntry()) != null) { - if (zipEntry.getName().equals(IV_NAME)) { + String zipPath = zipEntry.getName(); + String fileName = checkAndCleanPath(zipPath).toString(); + if (fileName.equals(IV_NAME)) { walIv = restoreIv(zipInputStream); continue; } - if (zipEntry.getName().equals(ENCRYPTION_IV)) { + if (fileName.equals(ENCRYPTION_IV)) { encryptionIv = restoreEncryptionIv(zipInputStream); continue; } - if (zipEntry.getName().equals(CONF_ENTRY_NAME)) { + if (fileName.equals(CONF_ENTRY_NAME)) { replaceConfiguration(zipInputStream); continue; } - if (zipEntry.getName().equalsIgnoreCase("database_instance.uuid")) { + if (fileName.equalsIgnoreCase("database_instance.uuid")) { continue; } - if (zipEntry.getName().equals(CONF_UTF_8_ENTRY_NAME)) { + if (fileName.equals(CONF_UTF_8_ENTRY_NAME)) { replaceConfiguration(zipInputStream); continue; } - if (zipEntry - .getName() + if (fileName .toLowerCase(serverLocale) .endsWith(CASDiskWriteAheadLog.WAL_SEGMENT_EXTENSION)) { - final String walName = zipEntry.getName(); + final String walName = fileName; final int segmentIndex = walName.lastIndexOf( ".", walName.length() - CASDiskWriteAheadLog.WAL_SEGMENT_EXTENSION.length() - 1); @@ -1051,10 +1052,10 @@ private void restoreFromIncrementalBackup( final long expectedFileId = OLongSerializer.INSTANCE.deserialize(binaryFileId, 0); long fileId; - if (!writeCache.exists(zipEntry.getName())) { - fileId = readCache.addFile(zipEntry.getName(), expectedFileId, writeCache); + if (!writeCache.exists(fileName)) { + fileId = readCache.addFile(fileName, expectedFileId, writeCache); } else { - fileId = writeCache.fileIdByName(zipEntry.getName()); + fileId = writeCache.fileIdByName(fileName); } if (!writeCache.fileIdsAreEqual(expectedFileId, fileId)) @@ -1070,10 +1071,9 @@ private void restoreFromIncrementalBackup( final int b = zipInputStream.read(data, rb, data.length - rb); if (b == -1) { - if (rb > 0) - throw new OStorageException("Can not read data from file " + zipEntry.getName()); + if (rb > 0) throw new OStorageException("Can not read data from file " + fileName); else { - processedFiles.add(zipEntry.getName()); + processedFiles.add(fileName); continue entryLoop; } } @@ -1283,4 +1283,16 @@ public synchronized void endDDL() { protected void checkBackupRunning() { waitBackup(); } + + private Path checkAndCleanPath(String zipPath) { + Path rootDirectory = getStoragePath(); + Path zipEntryPath = rootDirectory.resolve(zipPath).normalize(); + if (!zipEntryPath.startsWith(rootDirectory)) { + throw new IllegalStateException("Bad zip entry " + zipPath); + } + if (!zipEntryPath.getParent().equals(rootDirectory)) { + throw new IllegalStateException("Bad zip entry " + zipPath); + } + return zipEntryPath.getFileName(); + } }