make validateEntryNames use case insensitive check

git-svn-id: https://svn.apache.org/repos/asf/poi/trunk@1919058 13f79535-47bb-0310-9956-ffa450edef68

2 files changed, 16 insertions, 3 deletions

diff --git a/poi-ooxml/src/main/java/org/apache/poi/openxml4j/util/ZipInputStreamZipEntrySource.java b/poi-ooxml/src/main/java/org/apache/poi/openxml4j/util/ZipInputStreamZipEntrySource.java
index 676a9a3c0c..5bc09a73e3 100644
--- a/poi-ooxml/src/main/java/org/apache/poi/openxml4j/util/ZipInputStreamZipEntrySource.java
+++ b/poi-ooxml/src/main/java/org/apache/poi/openxml4j/util/ZipInputStreamZipEntrySource.java
@@ -22,6 +22,7 @@ import java.util.Collections;
 import java.util.Enumeration;
 import java.util.HashMap;
 import java.util.HashSet;
+import java.util.Locale;
 import java.util.Map;
 import java.util.Set;
 
@@ -90,6 +91,8 @@ public class ZipInputStreamZipEntrySource implements ZipEntrySource {
      *  into memory, and don't close (since POI 4.0.1) the source stream.
      * We'll then eat lots of memory, but be able to
      *  work with the entries at-will.
+     * @throws IOException if an error occurs while reading the zip entries
+     * @throws InvalidZipException if the input file contains an entry with an empty name or more than 1 entry with the same name
      * @see #setThresholdBytesForTempFiles
      */
     public ZipInputStreamZipEntrySource(ZipArchiveThresholdInputStream inp) throws IOException {
@@ -100,8 +103,12 @@ public class ZipInputStreamZipEntrySource implements ZipEntrySource {
                 break;
             }
             String name = zipEntry.getName();
+            if (name == null || name.isEmpty()) {
+                throw new InvalidZipException("Input file contains an entry with an empty name");
+            }
+            name = name.toLowerCase(Locale.ROOT);
             if (filenames.contains(name)) {
-                throw new InvalidZipException("Input file contains more than 1 entry with the name " + name);
+                throw new InvalidZipException("Input file contains more than 1 entry with the name " + zipEntry.getName());
             }
             filenames.add(name);
             zipEntries.put(name, new ZipArchiveFakeEntry(zipEntry, inp));
diff --git a/poi-ooxml/src/main/java/org/apache/poi/openxml4j/util/ZipSecureFile.java b/poi-ooxml/src/main/java/org/apache/poi/openxml4j/util/ZipSecureFile.java
index 233661f5de..f022737f69 100644
--- a/poi-ooxml/src/main/java/org/apache/poi/openxml4j/util/ZipSecureFile.java
+++ b/poi-ooxml/src/main/java/org/apache/poi/openxml4j/util/ZipSecureFile.java
@@ -21,6 +21,7 @@ import java.io.File;
 import java.io.IOException;
 import java.util.Enumeration;
 import java.util.HashSet;
+import java.util.Locale;
 import java.util.Set;
 
 import org.apache.commons.compress.archivers.zip.ZipArchiveEntry;
@@ -257,9 +258,14 @@ public class ZipSecureFile extends ZipFile {
         final Enumeration<ZipArchiveEntry> en = getEntries();
         final Set<String> filenames = new HashSet<>();
         while (en.hasMoreElements()) {
-            String name = en.nextElement().getName();
+            final ZipArchiveEntry entry = en.nextElement();
+            String name = entry.getName();
+            if (name == null || name.isEmpty()) {
+                throw new InvalidZipException("Input file contains an entry with an empty name");
+            }
+            name = name.toLowerCase(Locale.ROOT);
             if (filenames.contains(name)) {
-                throw new InvalidZipException("Input file contains more than 1 entry with the name " + name);
+                throw new InvalidZipException("Input file contains more than 1 entry with the name " + entry.getName());
             }
             filenames.add(name);
         }