From 07b0508f16f5e8e1bcd52963c82dbdf15ac9701e Mon Sep 17 00:00:00 2001
From: Jialiang Li <jlli@linkedin.com>
Date: Mon, 21 May 2018 21:31:12 -0700
Subject: [PATCH] Add code to check if the untarred file will be put outside of
 the target output directory (#2835)

---
 .../linkedin/pinot/common/utils/TarGzCompressionUtils.java | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/pinot-common/src/main/java/com/linkedin/pinot/common/utils/TarGzCompressionUtils.java b/pinot-common/src/main/java/com/linkedin/pinot/common/utils/TarGzCompressionUtils.java
index 58838a0eef9..0e1e9eeee7c 100644
--- a/pinot-common/src/main/java/com/linkedin/pinot/common/utils/TarGzCompressionUtils.java
+++ b/pinot-common/src/main/java/com/linkedin/pinot/common/utils/TarGzCompressionUtils.java
@@ -171,7 +171,8 @@ private static void addFileToTarGz(TarArchiveOutputStream tOut, String path, Str
   public static List<File> unTar(final File inputFile, final File outputDir) throws FileNotFoundException, IOException,
       ArchiveException {
 
-    LOGGER.debug(String.format("Untaring %s to dir %s.", inputFile.getAbsolutePath(), outputDir.getAbsolutePath()));
+    String outputDirectoryPath = outputDir.getCanonicalPath();
+    LOGGER.debug(String.format("Untaring %s to dir %s.", inputFile.getAbsolutePath(), outputDirectoryPath));
     TarArchiveInputStream debInputStream = null;
     InputStream is = null;
     final List<File> untaredFiles = new LinkedList<File>();
@@ -181,6 +182,10 @@ public static List<File> unTar(final File inputFile, final File outputDir) throw
       TarArchiveEntry entry = null;
       while ((entry = (TarArchiveEntry) debInputStream.getNextEntry()) != null) {
         final File outputFile = new File(outputDir, entry.getName());
+        // Check whether the untarred file will be put outside of the target output directory.
+        if (!outputFile.getCanonicalPath().startsWith(outputDirectoryPath)) {
+          throw new IOException("Tar file must not be untarred outside of the target output directory!");
+        }
         if (entry.isDirectory()) {
           LOGGER.debug(String.format("Attempting to write output directory %s.", outputFile.getAbsolutePath()));
           if (!outputFile.exists()) {