aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorPJ Fanning <fanningpj@apache.org>2024-07-09 09:46:46 +0000
committerPJ Fanning <fanningpj@apache.org>2024-07-09 09:46:46 +0000
commitc1d6d0d4a1bc6215d8861a345503f1a1c951a49a (patch)
tree230c8cabc55c9ccbfa6506f5b88225465d7ebecd
parent894ef6e1bdbbd700979f8f6fd71aa53863ddedc3 (diff)
downloadpoi-c1d6d0d4a1bc6215d8861a345503f1a1c951a49a.tar.gz
poi-c1d6d0d4a1bc6215d8861a345503f1a1c951a49a.zip
make validateEntryNames use case insensitive check
git-svn-id: https://svn.apache.org/repos/asf/poi/trunk@1919058 13f79535-47bb-0310-9956-ffa450edef68
-rw-r--r--poi-ooxml/src/main/java/org/apache/poi/openxml4j/util/ZipInputStreamZipEntrySource.java9
-rw-r--r--poi-ooxml/src/main/java/org/apache/poi/openxml4j/util/ZipSecureFile.java10
2 files changed, 16 insertions, 3 deletions
diff --git a/poi-ooxml/src/main/java/org/apache/poi/openxml4j/util/ZipInputStreamZipEntrySource.java b/poi-ooxml/src/main/java/org/apache/poi/openxml4j/util/ZipInputStreamZipEntrySource.java
index 676a9a3c0c..5bc09a73e3 100644
--- a/poi-ooxml/src/main/java/org/apache/poi/openxml4j/util/ZipInputStreamZipEntrySource.java
+++ b/poi-ooxml/src/main/java/org/apache/poi/openxml4j/util/ZipInputStreamZipEntrySource.java
@@ -22,6 +22,7 @@ import java.util.Collections;
import java.util.Enumeration;
import java.util.HashMap;
import java.util.HashSet;
+import java.util.Locale;
import java.util.Map;
import java.util.Set;
@@ -90,6 +91,8 @@ public class ZipInputStreamZipEntrySource implements ZipEntrySource {
* into memory, and don't close (since POI 4.0.1) the source stream.
* We'll then eat lots of memory, but be able to
* work with the entries at-will.
+ * @throws IOException if an error occurs while reading the zip entries
+ * @throws InvalidZipException if the input file contains an entry with an empty name or more than 1 entry with the same name
* @see #setThresholdBytesForTempFiles
*/
public ZipInputStreamZipEntrySource(ZipArchiveThresholdInputStream inp) throws IOException {
@@ -100,8 +103,12 @@ public class ZipInputStreamZipEntrySource implements ZipEntrySource {
break;
}
String name = zipEntry.getName();
+ if (name == null || name.isEmpty()) {
+ throw new InvalidZipException("Input file contains an entry with an empty name");
+ }
+ name = name.toLowerCase(Locale.ROOT);
if (filenames.contains(name)) {
- throw new InvalidZipException("Input file contains more than 1 entry with the name " + name);
+ throw new InvalidZipException("Input file contains more than 1 entry with the name " + zipEntry.getName());
}
filenames.add(name);
zipEntries.put(name, new ZipArchiveFakeEntry(zipEntry, inp));
diff --git a/poi-ooxml/src/main/java/org/apache/poi/openxml4j/util/ZipSecureFile.java b/poi-ooxml/src/main/java/org/apache/poi/openxml4j/util/ZipSecureFile.java
index 233661f5de..f022737f69 100644
--- a/poi-ooxml/src/main/java/org/apache/poi/openxml4j/util/ZipSecureFile.java
+++ b/poi-ooxml/src/main/java/org/apache/poi/openxml4j/util/ZipSecureFile.java
@@ -21,6 +21,7 @@ import java.io.File;
import java.io.IOException;
import java.util.Enumeration;
import java.util.HashSet;
+import java.util.Locale;
import java.util.Set;
import org.apache.commons.compress.archivers.zip.ZipArchiveEntry;
@@ -257,9 +258,14 @@ public class ZipSecureFile extends ZipFile {
final Enumeration<ZipArchiveEntry> en = getEntries();
final Set<String> filenames = new HashSet<>();
while (en.hasMoreElements()) {
- String name = en.nextElement().getName();
+ final ZipArchiveEntry entry = en.nextElement();
+ String name = entry.getName();
+ if (name == null || name.isEmpty()) {
+ throw new InvalidZipException("Input file contains an entry with an empty name");
+ }
+ name = name.toLowerCase(Locale.ROOT);
if (filenames.contains(name)) {
- throw new InvalidZipException("Input file contains more than 1 entry with the name " + name);
+ throw new InvalidZipException("Input file contains more than 1 entry with the name " + entry.getName());
}
filenames.add(name);
}