Fix a path traversal issue in extension unpacking. Because of the sandbox, this was not exploitable, but still a good thing to fix.

Review URL: http://codereview.chromium.org/399063

git-svn-id: svn://svn.chromium.org/chrome/trunk/src@32502 0039d316-1c4b-4281-b951-d872f2087c98

1 files changed, 6 insertions, 5 deletions

diff --git a/chrome/common/zip.cc b/chrome/common/zip.cc
index 097f035..3d5e729 100644
--- a/chrome/common/zip.cc
+++ b/chrome/common/zip.cc
@@ -29,11 +29,6 @@ static bool ExtractCurrentFile(unzFile zip_file,
   if (filename_inzip[0] == '\0')
     return false;
 
-  // Check the filename here for directory traversal issues. In the name of
-  // simplicity and security, we might reject a valid filename such as "a..b"
-  if (strstr(filename_inzip, "..") != NULL)
-    return false;
-
   err = unzOpenCurrentFile(zip_file);
   if (err != UNZ_OK)
     return false;
@@ -45,6 +40,12 @@ static bool ExtractCurrentFile(unzFile zip_file,
 #elif defined(OS_POSIX)
   filename = filename_inzip;
 #endif
+
+  // Check the filename here for directory traversal issues. In the name of
+  // simplicity and security, we might reject a valid filename such as "a..b".
+  if (filename.find(FILE_PATH_LITERAL("..")) != FilePath::StringType::npos)
+    return false;
+
   SplitString(filename, '/', &filename_parts);
 
   FilePath dest_file(dest_dir);