comphelper: treat zip file path segments '.' and '..' as invalid

This will prevent also opening with RepairPackage, would need to adapt
ZipPackage::getZipFileContents() a bit, but let's hope nobody acutally
has such files.

Also treat path that starts with "/" as invalid, presumably it's not
allowed by APPNOTE.TXT:
"The name of the file, with optional relative path."

Change-Id: Ic694ea2fb34f5de1d490a9a251cf56e4004e9673
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/169994
Reviewed-by: Michael Stahl <michael.stahl@allotropia.de>
Tested-by: Jenkins

1 files changed, 11 insertions, 2 deletions

diff --git a/comphelper/source/misc/storagehelper.cxx b/comphelper/source/misc/storagehelper.cxx
index b00e8c543752..b0b7897fd2ab 100644
--- a/comphelper/source/misc/storagehelper.cxx
+++ b/comphelper/source/misc/storagehelper.cxx
@@ -566,10 +566,17 @@ uno::Sequence< beans::NamedValue > OStorageHelper::CreateGpgPackageEncryptionDat
 
 bool OStorageHelper::IsValidZipEntryFileName( std::u16string_view aName, bool bSlashAllowed )
 {
+    long nDots{0};
     for ( size_t i = 0; i < aName.size(); i++ )
     {
         switch ( aName[i] )
         {
+            case '.':
+                if (nDots != -1)
+                {
+                    ++nDots;
+                }
+                break;
             case '\\':
             case '?':
             case '<':
@@ -579,15 +586,17 @@ bool OStorageHelper::IsValidZipEntryFileName( std::u16string_view aName, bool bS
             case ':':
                 return false;
             case '/':
-                if ( !bSlashAllowed )
+                if (!bSlashAllowed || nDots == 1 || nDots == 2 || i == 0)
                     return false;
+                nDots = 0;
                 break;
             default:
+                nDots = -1;
                 if ( aName[i] < 32  || (aName[i] >= 0xD800 && aName[i] <= 0xDFFF) )
                     return false;
         }
     }
-    return true;
+    return nDots != 1 && nDots != 2;
 }