You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@camel.apache.org by co...@apache.org on 2022/01/26 08:30:26 UTC

[camel] 01/02: Make sure the tmpdir can't be bypassed

This is an automated email from the ASF dual-hosted git repository.

coheigea pushed a commit to branch camel-3.11.x
in repository https://gitbox.apache.org/repos/asf/camel.git

commit 81c10d11e87c92f7a712d56874412ea7301d0c53
Author: Colm O hEigeartaigh <co...@apache.org>
AuthorDate: Wed Jan 26 07:53:12 2022 +0000

    Make sure the tmpdir can't be bypassed
---
 .../src/main/java/org/apache/camel/component/jira/FileConverter.java   | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/components/camel-jira/src/main/java/org/apache/camel/component/jira/FileConverter.java b/components/camel-jira/src/main/java/org/apache/camel/component/jira/FileConverter.java
index 11048af..587dd24 100644
--- a/components/camel-jira/src/main/java/org/apache/camel/component/jira/FileConverter.java
+++ b/components/camel-jira/src/main/java/org/apache/camel/component/jira/FileConverter.java
@@ -38,6 +38,9 @@ public final class FileConverter {
         if (body instanceof byte[]) {
             byte[] bos = (byte[]) body;
             String destDir = System.getProperty("java.io.tmpdir");
+            if (!destDir.endsWith(File.separator)) {
+                destDir += File.separator;
+            }
             file = new File(destDir, genericFile.getFileName());
             if (!file.getCanonicalPath().startsWith(destDir)) {
                 throw new IOException("File is not jailed to the destination directory");