Git-Mirrors/haveno
1
0
Fork 0
mirror of https://github.com/haveno-dex/haveno.git synced 2025-06-24 06:44:19 -04:00
Code Issues Projects Releases Packages Wiki Activity

Merge 05c88a17e9 into 32148e7440

Browse source
This commit is contained in:
teresa 2025-06-19 20:16:22 +07:00 committed by GitHub
commit 3b5ebff1ed
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
2 changed files with 5 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

2
common/src/main/java/haveno/common/persistence/PersistenceManager.java
View file

@ -502,7 +502,7 @@ public class PersistenceManager<T extends PersistableEnvelope> {
tempFile = usedTempFilePath != null tempFile = usedTempFilePath != null
? FileUtil.createNewFile(usedTempFilePath) ? FileUtil.createNewFile(usedTempFilePath)
: File.createTempFile("temp_" + fileName, null, dir); : Files.createTempFile(dir.toPath(), "temp_" + fileName, null).toFile();
// Don't use a new temp file path each time, as that causes the delete-on-exit hook to leak memory: // Don't use a new temp file path each time, as that causes the delete-on-exit hook to leak memory:
tempFile.deleteOnExit(); tempFile.deleteOnExit();

4
common/src/main/java/haveno/common/util/ZipUtils.java
View file

@ -104,6 +104,10 @@ public class ZipUtils {
int count; int count;
while ((entry = zipStream.getNextEntry()) != null) { while ((entry = zipStream.getNextEntry()) != null) {
File file = new File(dir, entry.getName()); File file = new File(dir, entry.getName());
if (!file.toPath().normalize().startsWith(dir.toPath())) {
throw new SecurityException("ZIP entry contains path traversal attempt: " + entry.getName());
}
if (entry.isDirectory()) { if (entry.isDirectory()) {
file.mkdirs(); file.mkdirs();
} else { } else {