Update Zip.java

Author: odaysec

java/src/org/openqa/selenium/io/Zip.java

@@ -102,6 +102,11 @@ public static void unzip(InputStream source, File outputDir) throws IOException
       while ((entry = zis.getNextEntry()) != null) {
         File file = new File(outputDir, entry.getName());
         if (entry.isDirectory()) {
+          String canonicalOutputDirPath = outputDir.getCanonicalPath();
+          String canonicalDirPath = file.getCanonicalPath();
+          if (!canonicalDirPath.startsWith(canonicalOutputDirPath + File.separator)) {
+            throw new IOException("Directory entry is outside of the target dir: " + entry.getName());
+          }
           FileHandler.createDir(file);
           continue;
         }