OLD | NEW |
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "third_party/zlib/google/zip_reader.h" | 5 #include "third_party/zlib/google/zip_reader.h" |
6 | 6 |
7 #include "base/file_util.h" | 7 #include "base/file_util.h" |
8 #include "base/logging.h" | 8 #include "base/logging.h" |
9 #include "base/strings/string_util.h" | 9 #include "base/strings/string_util.h" |
10 #include "base/strings/utf_string_conversions.h" | 10 #include "base/strings/utf_string_conversions.h" |
(...skipping 16 matching lines...) Expand all Loading... |
27 // function in zip.h, but not true for user-supplied random zip files. | 27 // function in zip.h, but not true for user-supplied random zip files. |
28 ZipReader::EntryInfo::EntryInfo(const std::string& file_name_in_zip, | 28 ZipReader::EntryInfo::EntryInfo(const std::string& file_name_in_zip, |
29 const unz_file_info& raw_file_info) | 29 const unz_file_info& raw_file_info) |
30 : file_path_(base::FilePath::FromUTF8Unsafe(file_name_in_zip)), | 30 : file_path_(base::FilePath::FromUTF8Unsafe(file_name_in_zip)), |
31 is_directory_(false) { | 31 is_directory_(false) { |
32 original_size_ = raw_file_info.uncompressed_size; | 32 original_size_ = raw_file_info.uncompressed_size; |
33 | 33 |
34 // Directory entries in zip files end with "/". | 34 // Directory entries in zip files end with "/". |
35 is_directory_ = EndsWith(file_name_in_zip, "/", false); | 35 is_directory_ = EndsWith(file_name_in_zip, "/", false); |
36 | 36 |
37 // Check the file name here for directory traversal issues. In the name of | 37 // Check the file name here for directory traversal issues. |
38 // simplicity and security, we might reject a valid file name such as "a..b". | 38 is_unsafe_ = file_path_.ReferencesParent(); |
39 is_unsafe_ = file_name_in_zip.find("..") != std::string::npos; | |
40 | 39 |
41 // We also consider that the file name is unsafe, if it's invalid UTF-8. | 40 // We also consider that the file name is unsafe, if it's invalid UTF-8. |
42 base::string16 file_name_utf16; | 41 base::string16 file_name_utf16; |
43 if (!UTF8ToUTF16(file_name_in_zip.data(), file_name_in_zip.size(), | 42 if (!UTF8ToUTF16(file_name_in_zip.data(), file_name_in_zip.size(), |
44 &file_name_utf16)) { | 43 &file_name_utf16)) { |
45 is_unsafe_ = true; | 44 is_unsafe_ = true; |
46 } | 45 } |
47 | 46 |
48 // We also consider that the file name is unsafe, if it's absolute. | 47 // We also consider that the file name is unsafe, if it's absolute. |
49 // On Windows, IsAbsolute() returns false for paths starting with "/". | 48 // On Windows, IsAbsolute() returns false for paths starting with "/". |
(...skipping 174 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
224 break; | 223 break; |
225 } else if (num_bytes_read > 0) { | 224 } else if (num_bytes_read > 0) { |
226 // Some data is read. Write it to the output file. | 225 // Some data is read. Write it to the output file. |
227 if (num_bytes_read != stream.WriteSync(buf, num_bytes_read)) { | 226 if (num_bytes_read != stream.WriteSync(buf, num_bytes_read)) { |
228 success = false; | 227 success = false; |
229 break; | 228 break; |
230 } | 229 } |
231 } | 230 } |
232 } | 231 } |
233 | 232 |
| 233 stream.CloseSync(); |
234 unzCloseCurrentFile(zip_file_); | 234 unzCloseCurrentFile(zip_file_); |
| 235 |
| 236 if (current_entry_info()->last_modified() != base::Time::UnixEpoch()) |
| 237 base::TouchFile(output_file_path, |
| 238 base::Time::Now(), |
| 239 current_entry_info()->last_modified()); |
| 240 |
235 return success; | 241 return success; |
236 } | 242 } |
237 | 243 |
238 bool ZipReader::ExtractCurrentEntryIntoDirectory( | 244 bool ZipReader::ExtractCurrentEntryIntoDirectory( |
239 const base::FilePath& output_directory_path) { | 245 const base::FilePath& output_directory_path) { |
240 DCHECK(current_entry_info_.get()); | 246 DCHECK(current_entry_info_.get()); |
241 | 247 |
242 base::FilePath output_file_path = output_directory_path.Append( | 248 base::FilePath output_file_path = output_directory_path.Append( |
243 current_entry_info()->file_path()); | 249 current_entry_info()->file_path()); |
244 return ExtractCurrentEntryToFilePath(output_file_path); | 250 return ExtractCurrentEntryToFilePath(output_file_path); |
(...skipping 56 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
301 } | 307 } |
302 | 308 |
303 void ZipReader::Reset() { | 309 void ZipReader::Reset() { |
304 zip_file_ = NULL; | 310 zip_file_ = NULL; |
305 num_entries_ = 0; | 311 num_entries_ = 0; |
306 reached_end_ = false; | 312 reached_end_ = false; |
307 current_entry_info_.reset(); | 313 current_entry_info_.reset(); |
308 } | 314 } |
309 | 315 |
310 } // namespace zip | 316 } // namespace zip |
OLD | NEW |