ensure isLeadingPath cannot be subverted by too many double-dots

https://bz.apache.org/bugzilla/show_bug.cgi?id=62502

src/main/org/apache/tools/ant/util/FileUtils.java

@@ -1182,6 +1182,10 @@ public class FileUtils {
      * <p>This method uses {@link #normalize} under the covers and
      * does not resolve symbolic links.</p>
      *
+     * <p>If either path tries to go beyond the file system root
+     * (i.e. it contains more ".." segments than can be travelled up)
+     * the method will return false.</p>
+     *
      * @param leading The leading path, must not be null, must be absolute.
      * @param path The path to check, must not be null, must be absolute.
      * @return true if path starts with leading; false otherwise.
@@ -1198,6 +1202,11 @@ public class FileUtils {
         if (!l.endsWith(File.separator)) {
             l += File.separator;
         }
+        // ensure "/foo/"  is not considered a parent of "/foo/../../bar"
+        String up = File.separator + ".." + File.separator;
+        if (l.contains(up) || p.contains(up) || (p + File.separator).contains(up)) {
+            return false;
+        }
         return p.startsWith(l);
     }
 

src/tests/junit/org/apache/tools/ant/util/FileUtilsTest.java

@@ -591,6 +591,16 @@ public class FileUtilsTest {
         FILE_UTILS.getDefaultEncoding();
     }
 
+    /**
+     * @see "https://bz.apache.org/bugzilla/show_bug.cgi?id=62502"
+     */
+    @Test
+    public void isLeadingPathCannotBeFooledByTooManyDoubleDots() {
+        assertFalse(FILE_UTILS.isLeadingPath(new File("/foo"), new File("/foo/../../bar")));
+        assertFalse(FILE_UTILS.isLeadingPath(new File("c:\\foo"), new File("c:\\foo\\..\\..\\bar")));
+        assertFalse(FILE_UTILS.isLeadingPath(new File("/foo"), new File("/foo/../..")));
+    }
+
     /**
      * adapt file separators to local conventions
      */