lsm/hutool
1
0
Fork 0
mirror of https://gitee.com/dromara/hutool.git synced 2025-04-05 17:37:59 +08:00
Code Issues Actions Packages Projects Releases Wiki Activity

修复ZipReader.checkZipBomb遇到空目录报错问题

Browse Source
This commit is contained in:
Looly 2024-04-28 22:57:39 +08:00
parent 5a1b50f1de
commit cce1b9aaa1
3 changed files with 32 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
CHANGELOG.md
View File

@ -2,7 +2,7 @@
# 🚀Changelog
-------------------------------------------------------------------------------------------------------------
# 5.8.28(2024-04-25)
# 5.8.28(2024-04-28)
### 🐣新特性
* 【core 】 修正XmlUtil的omitXmlDeclaration描述注释issue#I9CPC7@Gitee
@ -27,6 +27,7 @@
* 【cron 】 修复CronPattern.nextMatchAfter匹配初始值问题issue#I9FQUA@Gitee
* 【core 】 修复FileUtil.copyFile没有创建父目录导致的问题issue#3557@Github
* 【http 】 修复HttpDownloader全局超时无效问题issue#3556@Github
* 【core 】 修复ZipReader.checkZipBomb遇到空目录报错问题issue#I9K494@Gitee
-------------------------------------------------------------------------------------------------------------
# 5.8.27(2024-03-29)

8
hutool-core/src/main/java/cn/hutool/core/compress/ZipReader.java
View File

@ -252,12 +252,14 @@ public class ZipReader implements Closeable {
* @return 检查后的{@link ZipEntry}
*/
private ZipEntry checkZipBomb(ZipEntry entry) {
if(maxSizeDiff < 0){
return entry;
}
if (null == entry) {
return null;
}
if(maxSizeDiff < 0 || entry.isDirectory()){
// 目录不检查
return entry;
}
final long compressedSize = entry.getCompressedSize();
final long uncompressedSize = entry.getSize();
if (compressedSize < 0 || uncompressedSize < 0 ||

25
hutool-core/src/test/java/cn/hutool/core/util/IssueI9K494Test.java Normal file
View File

@ -0,0 +1,25 @@
package cn.hutool.core.util;
import cn.hutool.core.io.FileUtil;
import cn.hutool.core.io.IoUtil;
import org.junit.Ignore;
import org.junit.Test;
import java.io.FileInputStream;
import java.nio.charset.StandardCharsets;
public class IssueI9K494Test {
@Test
@Ignore
public void unzipTest() {
FileInputStream inputStream = IoUtil.toStream(FileUtil.file("d:/test/unzip5616889482468994725.zip"));
ZipUtil.unzip(inputStream, FileUtil.file("d:/test/"), StandardCharsets.UTF_8);
}
@Test
@Ignore
public void unzipTest2() {
FileInputStream inputStream = IoUtil.toStream(FileUtil.file("d:/test/test.zip"));
ZipUtil.unzip(inputStream, FileUtil.file("d:/test/"), StandardCharsets.UTF_8);
}
}