Skip to content
体验新版
项目
组织
正在加载...
登录
切换导航
打开侧边栏
Quincy379
jadx
提交
9b1761f7
J
jadx
项目概览
Quincy379
/
jadx
与 Fork 源项目一致
从无法访问的项目Fork
通知
1
Star
0
Fork
0
代码
文件
提交
分支
Tags
贡献者
分支图
Diff
Issue
0
列表
看板
标记
里程碑
合并请求
0
Wiki
0
Wiki
分析
仓库
DevOps
项目成员
Pages
J
jadx
项目概览
项目概览
详情
发布
仓库
仓库
文件
提交
分支
标签
贡献者
分支图
比较
Issue
0
Issue
0
列表
看板
标记
里程碑
合并请求
0
合并请求
0
Pages
分析
分析
仓库分析
DevOps
Wiki
0
Wiki
成员
成员
收起侧边栏
关闭侧边栏
动态
分支图
创建新Issue
提交
Issue看板
体验新版 GitCode,发现更多精彩内容 >>
未验证
提交
9b1761f7
编写于
9月 27, 2020
作者:
S
skylot
提交者:
GitHub
9月 27, 2020
浏览文件
操作
浏览文件
下载
电子邮件补丁
差异文件
fix: prevent zipbomb forged headers attacks (#980, PR #982)
上级
73ca2e0f
变更
6
隐藏空白更改
内联
并排
Showing
6 changed file
with
125 addition
and
40 deletion
+125
-40
jadx-core/src/main/java/jadx/api/ResourcesLoader.java
jadx-core/src/main/java/jadx/api/ResourcesLoader.java
+4
-13
jadx-core/src/main/java/jadx/core/clsp/ClsSet.java
jadx-core/src/main/java/jadx/core/clsp/ClsSet.java
+13
-13
jadx-core/src/main/java/jadx/core/xmlgen/ResourcesSaver.java
jadx-core/src/main/java/jadx/core/xmlgen/ResourcesSaver.java
+4
-1
jadx-plugins/jadx-dex-input/src/main/java/jadx/plugins/input/dex/DexFileLoader.java
...t/src/main/java/jadx/plugins/input/dex/DexFileLoader.java
+9
-13
jadx-plugins/jadx-plugins-api/src/main/java/jadx/api/plugins/utils/LimitedInputStream.java
.../main/java/jadx/api/plugins/utils/LimitedInputStream.java
+53
-0
jadx-plugins/jadx-plugins-api/src/main/java/jadx/api/plugins/utils/ZipSecurity.java
...api/src/main/java/jadx/api/plugins/utils/ZipSecurity.java
+42
-0
未找到文件。
jadx-core/src/main/java/jadx/api/ResourcesLoader.java
浏览文件 @
9b1761f7
...
...
@@ -7,7 +7,6 @@ import java.io.FileInputStream;
import
java.io.IOException
;
import
java.io.InputStream
;
import
java.util.ArrayList
;
import
java.util.Enumeration
;
import
java.util.List
;
import
java.util.zip.ZipEntry
;
import
java.util.zip.ZipFile
;
...
...
@@ -69,7 +68,7 @@ public final class ResourcesLoader {
if
(!
ZipSecurity
.
isValidZipEntry
(
entry
))
{
return
null
;
}
try
(
InputStream
inputStream
=
new
BufferedInputStream
(
zipFile
.
getInputStream
(
entry
)
))
{
try
(
InputStream
inputStream
=
ZipSecurity
.
getInputStreamForEntry
(
zipFile
,
entry
))
{
return
decoder
.
decode
(
entry
.
getSize
(),
inputStream
);
}
}
...
...
@@ -129,17 +128,9 @@ public final class ResourcesLoader {
return
;
}
if
(
FileUtils
.
isZipFile
(
file
))
{
try
(
ZipFile
zip
=
new
ZipFile
(
file
))
{
Enumeration
<?
extends
ZipEntry
>
entries
=
zip
.
entries
();
while
(
entries
.
hasMoreElements
())
{
ZipEntry
entry
=
entries
.
nextElement
();
if
(
ZipSecurity
.
isValidZipEntry
(
entry
))
{
addEntry
(
list
,
file
,
entry
);
}
}
}
catch
(
Exception
e
)
{
LOG
.
warn
(
"Failed to open zip file: {}"
,
file
.
getAbsolutePath
());
}
ZipSecurity
.
visitZipEntries
(
file
,
(
zipFile
,
entry
)
->
{
addEntry
(
list
,
file
,
entry
);
});
}
else
{
addResourceFile
(
list
,
file
);
}
...
...
jadx-core/src/main/java/jadx/core/clsp/ClsSet.java
浏览文件 @
9b1761f7
...
...
@@ -325,22 +325,22 @@ public class ClsSet {
private
void
load
(
File
input
)
throws
IOException
,
DecodeException
{
String
name
=
input
.
getName
();
try
(
InputStream
inputStream
=
new
FileInputStream
(
input
))
{
if
(
name
.
endsWith
(
CLST_EXTENSION
))
{
if
(
name
.
endsWith
(
CLST_EXTENSION
))
{
try
(
InputStream
inputStream
=
new
FileInputStream
(
input
))
{
load
(
inputStream
);
}
else
if
(
name
.
endsWith
(
".jar"
))
{
try
(
ZipInputStream
in
=
new
ZipInputStream
(
inputStream
))
{
ZipEntry
entry
=
in
.
getNextEntry
();
while
(
entry
!=
null
)
{
if
(
entry
.
getName
().
endsWith
(
CLST_EXTENSION
)
&&
ZipSecurity
.
isValidZipEntry
(
entry
))
{
load
(
in
);
}
entry
=
in
.
getNextEntry
(
);
}
}
else
if
(
name
.
endsWith
(
".jar"
))
{
ZipSecurity
.
readZipEntries
(
input
,
(
entry
,
in
)
->
{
if
(
entry
.
getName
().
endsWith
(
CLST_EXTENSION
)
)
{
try
{
load
(
in
);
}
catch
(
Exception
e
)
{
throw
new
JadxRuntimeException
(
"Failed to load jadx class set"
);
}
}
}
else
{
throw
new
JadxRuntimeException
(
"Unknown file format: "
+
name
);
}
}
);
}
else
{
throw
new
JadxRuntimeException
(
"Unknown file format: "
+
name
);
}
}
...
...
jadx-core/src/main/java/jadx/core/xmlgen/ResourcesSaver.java
浏览文件 @
9b1761f7
...
...
@@ -2,6 +2,7 @@ package jadx.core.xmlgen;
import
java.io.File
;
import
java.nio.file.Files
;
import
java.nio.file.Path
;
import
java.nio.file.StandardCopyOption
;
import
org.slf4j.Logger
;
...
...
@@ -89,9 +90,11 @@ public class ResourcesSaver implements Runnable {
private
void
saveResourceFile
(
ResourceFile
resFile
,
File
outFile
)
throws
JadxException
{
ResourcesLoader
.
decodeStream
(
resFile
,
(
size
,
is
)
->
{
Path
target
=
outFile
.
toPath
();
try
{
Files
.
copy
(
is
,
outFile
.
toPath
()
,
StandardCopyOption
.
REPLACE_EXISTING
);
Files
.
copy
(
is
,
target
,
StandardCopyOption
.
REPLACE_EXISTING
);
}
catch
(
Exception
e
)
{
Files
.
deleteIfExists
(
target
);
// delete partially written file
throw
new
JadxRuntimeException
(
"Resource file save error"
,
e
);
}
return
null
;
...
...
jadx-plugins/jadx-dex-input/src/main/java/jadx/plugins/input/dex/DexFileLoader.java
浏览文件 @
9b1761f7
...
...
@@ -11,7 +11,6 @@ import java.util.Collection;
import
java.util.Collections
;
import
java.util.List
;
import
java.util.stream.Collectors
;
import
java.util.zip.ZipFile
;
import
org.slf4j.Logger
;
import
org.slf4j.LoggerFactory
;
...
...
@@ -66,19 +65,16 @@ public class DexFileLoader {
private
static
List
<
DexReader
>
collectDexFromZip
(
File
file
)
{
List
<
DexReader
>
result
=
new
ArrayList
<>();
try
(
ZipFile
zip
=
new
ZipFile
(
file
))
{
zip
.
stream
()
.
filter
(
entry
->
!
entry
.
isDirectory
())
.
filter
(
ZipSecurity:
:
isValidZipEntry
)
.
forEach
(
entry
->
{
try
(
InputStream
in
=
zip
.
getInputStream
(
entry
))
{
result
.
addAll
(
checkFileMagic
(
null
,
in
,
entry
.
getName
()));
}
catch
(
Exception
e
)
{
LOG
.
error
(
"Failed to read zip entry: {}"
,
entry
,
e
);
}
});
try
{
ZipSecurity
.
readZipEntries
(
file
,
(
entry
,
in
)
->
{
try
{
result
.
addAll
(
checkFileMagic
(
null
,
in
,
entry
.
getName
()));
}
catch
(
Exception
e
)
{
LOG
.
error
(
"Failed to read zip entry: {}"
,
entry
,
e
);
}
});
}
catch
(
Exception
e
)
{
LOG
.
warn
(
"Failed to open zip file: {}"
,
file
.
getAbsolutePath
()
);
LOG
.
error
(
"Failed to process zip file: {}"
,
file
.
getAbsolutePath
(),
e
);
}
return
result
;
}
...
...
jadx-plugins/jadx-plugins-api/src/main/java/jadx/api/plugins/utils/LimitedInputStream.java
0 → 100644
浏览文件 @
9b1761f7
package
jadx.api.plugins.utils
;
import
java.io.FilterInputStream
;
import
java.io.IOException
;
import
java.io.InputStream
;
public
class
LimitedInputStream
extends
FilterInputStream
{
private
final
long
maxSize
;
private
long
currentPos
;
protected
LimitedInputStream
(
InputStream
in
,
long
maxSize
)
{
super
(
in
);
this
.
maxSize
=
maxSize
;
}
private
void
checkPos
()
{
if
(
currentPos
>
maxSize
)
{
throw
new
IllegalStateException
(
"Read limit exceeded"
);
}
}
@Override
public
int
read
()
throws
IOException
{
int
data
=
super
.
read
();
if
(
data
!=
-
1
)
{
currentPos
++;
checkPos
();
}
return
data
;
}
@Override
public
int
read
(
byte
[]
b
,
int
off
,
int
len
)
throws
IOException
{
int
count
=
super
.
read
(
b
,
off
,
len
);
if
(
count
>
0
)
{
currentPos
+=
count
;
checkPos
();
}
return
count
;
}
@Override
public
long
skip
(
long
n
)
throws
IOException
{
long
skipped
=
super
.
skip
(
n
);
if
(
skipped
!=
0
)
{
currentPos
+=
skipped
;
checkPos
();
}
return
skipped
;
}
}
jadx-plugins/jadx-plugins-api/src/main/java/jadx/api/plugins/utils/ZipSecurity.java
浏览文件 @
9b1761f7
package
jadx.api.plugins.utils
;
import
java.io.BufferedInputStream
;
import
java.io.File
;
import
java.io.IOException
;
import
java.io.InputStream
;
import
java.util.Enumeration
;
import
java.util.function.BiConsumer
;
import
java.util.zip.ZipEntry
;
import
java.util.zip.ZipFile
;
import
org.slf4j.Logger
;
import
org.slf4j.LoggerFactory
;
...
...
@@ -12,6 +17,7 @@ public class ZipSecurity {
// size of uncompressed zip entry shouldn't be bigger of compressed in MAX_SIZE_DIFF times
private
static
final
int
MAX_SIZE_DIFF
=
100
;
private
static
final
int
MAX_ENTRIES_COUNT
=
100_000
;
private
ZipSecurity
()
{
}
...
...
@@ -73,4 +79,40 @@ public class ZipSecurity {
return
isValidZipEntryName
(
entry
.
getName
())
&&
!
isZipBomb
(
entry
);
}
public
static
InputStream
getInputStreamForEntry
(
ZipFile
zipFile
,
ZipEntry
entry
)
throws
IOException
{
InputStream
in
=
zipFile
.
getInputStream
(
entry
);
LimitedInputStream
limited
=
new
LimitedInputStream
(
in
,
entry
.
getSize
());
return
new
BufferedInputStream
(
limited
);
}
public
static
void
visitZipEntries
(
File
file
,
BiConsumer
<
ZipFile
,
ZipEntry
>
visitor
)
{
try
(
ZipFile
zip
=
new
ZipFile
(
file
))
{
Enumeration
<?
extends
ZipEntry
>
entries
=
zip
.
entries
();
int
entriesProcessed
=
0
;
while
(
entries
.
hasMoreElements
())
{
ZipEntry
entry
=
entries
.
nextElement
();
if
(!
entry
.
isDirectory
()
&&
isValidZipEntry
(
entry
))
{
visitor
.
accept
(
zip
,
entry
);
entriesProcessed
++;
if
(
entriesProcessed
>
MAX_ENTRIES_COUNT
)
{
throw
new
IllegalStateException
(
"Zip entries count limit exceeded: "
+
MAX_ENTRIES_COUNT
+
", last entry: "
+
entry
.
getName
());
}
}
}
}
catch
(
Exception
e
)
{
throw
new
RuntimeException
(
"Failed to process zip file: "
+
file
.
getAbsolutePath
(),
e
);
}
}
public
static
void
readZipEntries
(
File
file
,
BiConsumer
<
ZipEntry
,
InputStream
>
visitor
)
{
visitZipEntries
(
file
,
(
zip
,
entry
)
->
{
try
(
InputStream
in
=
getInputStreamForEntry
(
zip
,
entry
))
{
visitor
.
accept
(
entry
,
in
);
}
catch
(
Exception
e
)
{
throw
new
RuntimeException
(
"Error process zip entry: "
+
entry
.
getName
());
}
});
}
}
编辑
预览
Markdown
is supported
0%
请重试
或
添加新附件
.
添加附件
取消
You are about to add
0
people
to the discussion. Proceed with caution.
先完成此消息的编辑!
取消
想要评论请
注册
或
登录