@@ -252,19 +252,41 @@ private void doFullPatch(DownloadTaskParams param) throws IOException {
252252 }
253253 }
254254
255- private void copyFromResource (HashMap <String , ArrayList <File > > resToCopy , HashMap < String , ArrayList < File >> resToCopy2 ) throws IOException {
255+ private void copyFromResource (HashMap <String , ArrayList <File > > resToCopy ) throws IOException {
256256 SafeZipFile zipFile = new SafeZipFile (new File (context .getPackageResourcePath ()));
257257 Enumeration <? extends ZipEntry > entries = zipFile .entries ();
258258 while (entries .hasMoreElements ()) {
259259 ZipEntry ze = entries .nextElement ();
260260
261+ String fn = ze .getName ();
262+ ArrayList <File > targets = resToCopy .get (fn );
263+ if (targets != null ) {
264+ File lastTarget = null ;
265+ for (File target : targets ) {
266+ if (UpdateContext .DEBUG ) {
267+ Log .d ("react-native-update" , "Copying from resource " + fn + " to " + target );
268+ }
269+ if (lastTarget != null ) {
270+ copyFile (lastTarget , target );
271+ } else {
272+ zipFile .unzipToFile (ze , target );
273+ lastTarget = target ;
274+ }
275+ }
276+ }
277+ }
278+ zipFile .close ();
279+ }
280+
281+ private void copyFromResourceV2 (HashMap <String , ArrayList <File >> resToCopy2 ) throws IOException {
282+ SafeZipFile zipFile = new SafeZipFile (new File (context .getPackageResourcePath ()));
283+ Enumeration <? extends ZipEntry > entries = zipFile .entries ();
284+ while (entries .hasMoreElements ()) {
285+ ZipEntry ze = entries .nextElement ();
261286 String fn = ze .getName ();
262287 long zipCrc32 = ze .getCrc ();
263288 String crc32Decimal = getCRC32AsDecimal (zipCrc32 );
264289 ArrayList <File > targets = resToCopy2 .get (crc32Decimal );
265- if (targets ==null || targets .isEmpty ()){
266- targets = resToCopy .get (fn );
267- }
268290 if (targets != null ) {
269291 File lastTarget = null ;
270292 for (File target : targets ) {
@@ -290,6 +312,7 @@ private void doPatchFromApk(DownloadTaskParams param) throws IOException, JSONEx
290312 param .unzipDirectory .mkdirs ();
291313 HashMap <String , ArrayList <File >> copyList = new HashMap <String , ArrayList <File >>();
292314 HashMap <String , ArrayList <File >> copiesv2List = new HashMap <String , ArrayList <File >>();
315+ Boolean isV2 = false ;
293316
294317 boolean foundDiff = false ;
295318 boolean foundBundlePatch = false ;
@@ -310,53 +333,56 @@ private void doPatchFromApk(DownloadTaskParams param) throws IOException, JSONEx
310333 JSONObject copies = obj .getJSONObject ("copies" );
311334 JSONObject copiesv2 = obj .getJSONObject ("copiesv2" );
312335 Iterator <?> keys = copies .keys ();
313- Iterator <?> keys2 = copiesv2 .keys ();
314- while ( keys .hasNext () ) {
315- String to = (String )keys .next ();
316- String from = copies .getString (to );
317- if (from .isEmpty ()) {
318- from = to ;
336+ Iterator <?> keysV2 = copiesv2 .keys ();
337+ if (keysV2 .hasNext ()){
338+ isV2 = true ;
339+ while ( keysV2 .hasNext () ) {
340+ String from = (String )keysV2 .next ();
341+ String to = copiesv2 .getString (from );
342+ if (from .isEmpty ()) {
343+ from = to ;
344+ }
345+ ArrayList <File > target = null ;
346+ if (!copiesv2List .containsKey (from )) {
347+ target = new ArrayList <File >();
348+ copiesv2List .put (from , target );
349+ } else {
350+ target = copiesv2List .get ((from ));
351+ }
352+ File toFile = new File (param .unzipDirectory , to );
353+
354+ // Fixing a Zip Path Traversal Vulnerability
355+ // https://support.google.com/faqs/answer/9294009
356+ String canonicalPath = toFile .getCanonicalPath ();
357+ if (!canonicalPath .startsWith (param .unzipDirectory .getCanonicalPath () + File .separator )) {
358+ throw new SecurityException ("Illegal name: " + to );
359+ }
360+ target .add (toFile );
319361 }
320- ArrayList <File > target = null ;
321- if (!copyList .containsKey (from )) {
322- target = new ArrayList <File >();
323- copyList .put (from , target );
324- } else {
325- target = copyList .get ((from ));
326- }
327- File toFile = new File (param .unzipDirectory , to );
328-
329- // Fixing a Zip Path Traversal Vulnerability
330- // https://support.google.com/faqs/answer/9294009
331- String canonicalPath = toFile .getCanonicalPath ();
332- if (!canonicalPath .startsWith (param .unzipDirectory .getCanonicalPath () + File .separator )) {
333- throw new SecurityException ("Illegal name: " + to );
362+ }else {
363+ while ( keys .hasNext () ) {
364+ String to = (String )keys .next ();
365+ String from = copies .getString (to );
366+ if (from .isEmpty ()) {
367+ from = to ;
368+ }
369+ ArrayList <File > target = null ;
370+ if (!copyList .containsKey (from )) {
371+ target = new ArrayList <File >();
372+ copyList .put (from , target );
373+ } else {
374+ target = copyList .get ((from ));
375+ }
376+ File toFile = new File (param .unzipDirectory , to );
377+
378+ // Fixing a Zip Path Traversal Vulnerability
379+ // https://support.google.com/faqs/answer/9294009
380+ String canonicalPath = toFile .getCanonicalPath ();
381+ if (!canonicalPath .startsWith (param .unzipDirectory .getCanonicalPath () + File .separator )) {
382+ throw new SecurityException ("Illegal name: " + to );
383+ }
384+ target .add (toFile );
334385 }
335- target .add (toFile );
336- }
337-
338- while ( keys2 .hasNext () ) {
339- String from = (String )keys2 .next ();
340- String to = copiesv2 .getString (from );
341- if (from .isEmpty ()) {
342- from = to ;
343- }
344- ArrayList <File > target = null ;
345- if (!copiesv2List .containsKey (from )) {
346- target = new ArrayList <File >();
347- copiesv2List .put (from , target );
348- } else {
349- target = copiesv2List .get ((from ));
350- }
351- File toFile = new File (param .unzipDirectory , to );
352-
353- // Fixing a Zip Path Traversal Vulnerability
354- // https://support.google.com/faqs/answer/9294009
355- String canonicalPath = toFile .getCanonicalPath ();
356- if (!canonicalPath .startsWith (param .unzipDirectory .getCanonicalPath () + File .separator )) {
357- throw new SecurityException ("Illegal name: " + to );
358- }
359- target .add (toFile );
360386 }
361387 continue ;
362388 }
@@ -385,7 +411,11 @@ private void doPatchFromApk(DownloadTaskParams param) throws IOException, JSONEx
385411 throw new Error ("bundle patch not found" );
386412 }
387413
388- copyFromResource (copyList , copiesv2List );
414+ if (isV2 ){
415+ copyFromResourceV2 (copiesv2List );
416+ }else {
417+ copyFromResource (copyList );
418+ }
389419
390420 if (UpdateContext .DEBUG ) {
391421 Log .d ("react-native-update" , "Unzip finished" );
0 commit comments