From 2d3047c39ed9015c10c6572a59593affe618b16b Mon Sep 17 00:00:00 2001
From: Perry Poon <plrthink@gmail.com>
Date: Mon, 8 Jul 2019 23:03:51 +0800
Subject: [PATCH 1/2] fix path traversal vulnerability issue, again

---
 .../com/rnziparchive/RNZipArchiveModule.java  | 29 ++++++++++---------
 1 file changed, 15 insertions(+), 14 deletions(-)

diff --git a/android/src/main/java/com/rnziparchive/RNZipArchiveModule.java b/android/src/main/java/com/rnziparchive/RNZipArchiveModule.java
index 7901332..875c37c 100644
--- a/android/src/main/java/com/rnziparchive/RNZipArchiveModule.java
+++ b/android/src/main/java/com/rnziparchive/RNZipArchiveModule.java
@@ -27,18 +27,15 @@
 import java.util.zip.ZipEntry;
 import java.util.zip.ZipFile;
 import java.util.zip.ZipInputStream;
-import java.util.zip.ZipOutputStream;
 
 import net.lingala.zip4j.exception.ZipException;
 import net.lingala.zip4j.model.FileHeader;
-import net.lingala.zip4j.progress.ProgressMonitor;
 import net.lingala.zip4j.model.ZipParameters;
 import net.lingala.zip4j.util.Zip4jConstants;
 
 public class RNZipArchiveModule extends ReactContextBaseJavaModule {
   private static final String TAG = RNZipArchiveModule.class.getSimpleName();
 
-  private static final int BUFFER_SIZE = 4096;
   private static final String PROGRESS_EVENT_NAME = "zipArchiveProgressEvent";
   private static final String EVENT_KEY_FILENAME = "filePath";
   private static final String EVENT_KEY_PROGRESS = "progress";
@@ -83,6 +80,10 @@ public void run() {
           updateProgress(0, 1, zipFilePath); // force 0%
           for (int i = 0; i < totalFiles; i++) {
             FileHeader fileHeader = (FileHeader) fileHeaderList.get(i);
+
+            File fout = new File(destDirectory, fileHeader.getFileName());
+            ensureZipPathSafety(fout, destDirectory);
+
             zipFile.extractFile(fileHeader, destDirectory);
             if (!fileHeader.isDirectory()) {
               extractedFileNames.add(fileHeader.getFileName());
@@ -90,7 +91,7 @@ public void run() {
             updateProgress(i + 1, totalFiles, zipFilePath);
           }
           promise.resolve(Arguments.fromList(extractedFileNames));
-        } catch (ZipException ex) {
+        } catch (Exception ex) {
           updateProgress(0, 1, zipFilePath); // force 0%
           promise.reject(null, String.format("Failed to unzip file, due to: %s", getStackTrace(ex)));
         }
@@ -161,11 +162,7 @@ public void onCopyProgress(long bytesRead) {
             };
 
             File fout = new File(destDirectory, entry.getName());
-            String destDirCanonicalPath = (new File(destDirectory)).getCanonicalPath();
-            String canonicalPath = fout.getCanonicalPath();
-            if (!canonicalPath.startsWith(destDirCanonicalPath)) {
-              throw new Exception(String.format("Found Zip Path Traversal Vulnerability with %s", canonicalPath));
-            }
+            ensureZipPathSafety(fout, destDirectory);
 
             if (!fout.exists()) {
               //noinspection ResultOfMethodCallIgnored
@@ -254,11 +251,7 @@ public void run() {
               if (entry.isDirectory()) continue;
               fout = new File(destDirectory, entry.getName());
 
-              String destDirCanonicalPath = (new File(destDirectory)).getCanonicalPath();
-              String canonicalPath = fout.getCanonicalPath();
-              if (!canonicalPath.startsWith(destDirCanonicalPath)) {
-                throw new Exception(String.format("Found Zip Path Traversal Vulnerability with %s", canonicalPath));
-              }
+              ensureZipPathSafety(fout, destDirectory);
 
               if (!fout.exists()) {
                 //noinspection ResultOfMethodCallIgnored
@@ -493,4 +486,12 @@ private String getStackTrace(Exception e) {
     return sw.toString();
   }
 
+  private void ensureZipPathSafety(final File fout, final String destDirectory) throws Exception {
+    String destDirCanonicalPath = (new File(destDirectory)).getCanonicalPath();
+    String canonicalPath = fout.getCanonicalPath();
+    if (!canonicalPath.startsWith(destDirCanonicalPath)) {
+      throw new Exception(String.format("Found Zip Path Traversal Vulnerability with %s", canonicalPath));
+    }
+  }
+
 }

From af7fbd05683d1ef30ed886577e174faddbc17c34 Mon Sep 17 00:00:00 2001
From: Perry Poon <plrthink@gmail.com>
Date: Mon, 8 Jul 2019 23:16:48 +0800
Subject: [PATCH 2/2] 4.1.2-beta.0

---
 package.json | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/package.json b/package.json
index 39193ee..19a183e 100644
--- a/package.json
+++ b/package.json
@@ -1,6 +1,6 @@
 {
   "name": "react-native-zip-archive",
-  "version": "4.1.1",
+  "version": "4.1.2-beta.0",
   "description": "A little wrapper on ZipArchive for react-native",
   "main": "index.js",
   "scripts": {