summaryrefslogtreecommitdiffstats
path: root/chrome/common/zip_unittest.cc
diff options
context:
space:
mode:
authoraa@chromium.org <aa@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98>2009-11-19 07:04:14 +0000
committeraa@chromium.org <aa@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98>2009-11-19 07:04:14 +0000
commit6bd2521cca50d0575c350234be687cf2ead92b01 (patch)
tree091efa1c2baae1e32579d7909ac78c73c2e9ef60 /chrome/common/zip_unittest.cc
parenta795b64e9f876d8533f5961dd0092e49e393df04 (diff)
downloadchromium_src-6bd2521cca50d0575c350234be687cf2ead92b01.zip
chromium_src-6bd2521cca50d0575c350234be687cf2ead92b01.tar.gz
chromium_src-6bd2521cca50d0575c350234be687cf2ead92b01.tar.bz2
Fix a path traversal issue in extension unpacking. Because of the sandbox, this was not exploitable, but still a good thing to fix.
Review URL: http://codereview.chromium.org/399063 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@32502 0039d316-1c4b-4281-b951-d872f2087c98
Diffstat (limited to 'chrome/common/zip_unittest.cc')
-rw-r--r--chrome/common/zip_unittest.cc14
1 files changed, 14 insertions, 0 deletions
diff --git a/chrome/common/zip_unittest.cc b/chrome/common/zip_unittest.cc
index ae43a09..57eabf4 100644
--- a/chrome/common/zip_unittest.cc
+++ b/chrome/common/zip_unittest.cc
@@ -110,6 +110,20 @@ TEST_F(ZipTest, UnzipEvil) {
ASSERT_FALSE(file_util::PathExists(evil_file));
}
+TEST_F(ZipTest, UnzipEvil2) {
+ ScopedTempDir dest_dir;
+ ASSERT_TRUE(dest_dir.CreateUniqueTempDir());
+
+ FilePath test_dir;
+ ASSERT_TRUE(PathService::Get(chrome::DIR_TEST_DATA, &test_dir));
+ test_dir = test_dir.AppendASCII("zip");
+ TestUnzipFile(FILE_PATH_LITERAL("evil_via_invalid_utf8.zip"), true, false);
+
+ FilePath evil_file = dest_dir.path();
+ evil_file = evil_file.AppendASCII("../evil.txt");
+ ASSERT_FALSE(file_util::PathExists(evil_file));
+}
+
TEST_F(ZipTest, Zip) {
FilePath src_dir;
ASSERT_TRUE(PathService::Get(chrome::DIR_TEST_DATA, &src_dir));
generated by cgit v1.1 at 2025-01-18 05:43:59 +0000