[JENKINS-51777] Don't let tar entries escape target dir

jenkinsci · Jun 8, 2018 · 7438abb · 7438abb
1 parent e992e11
commit 7438abb
Showing 1 changed file with 4 additions and 0 deletions.
diff --git a/core/src/main/java/hudson/FilePath.java b/core/src/main/java/hudson/FilePath.java
@@ -2452,6 +2452,10 @@ private void readFromTar(String name, File baseDir, InputStream in) throws IOExc
             TarArchiveEntry te;
             while ((te = t.getNextTarEntry()) != null) {
                 File f = new File(baseDir, te.getName());
+                if (!f.toPath().normalize().startsWith(baseDir.toPath())) {
+                    throw new IOException(
+                            "Tar " + name + " contains illegal file name that breaks out of the target directory: " + te.getName());
+                }
                 if (te.isDirectory()) {
                     mkdirs(f);
                 } else {