From 299350f655f619176f4d8b70ef1d6fc68900a77f Mon Sep 17 00:00:00 2001
From: Jeremy Long <jeremy.long@gmail.com>
Date: Sun, 16 Nov 2014 06:21:02 -0500
Subject: [PATCH] correctly closed streams when extracting a gzip archive

Former-commit-id: 0a0c917cc3e4c4a004823fba9b7f8ab53f90d557
---
 .../data/update/task/DownloadTask.java        | 44 ++++++++++++-------
 1 file changed, 28 insertions(+), 16 deletions(-)

diff --git a/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/update/task/DownloadTask.java b/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/update/task/DownloadTask.java
index 2231dc613..0cf992c6e 100644
--- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/update/task/DownloadTask.java
+++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/update/task/DownloadTask.java
@@ -260,26 +260,38 @@ public class DownloadTask implements Callable<Future<ProcessTask>> {
      * @throws IOException thrown if there is an error extracting the file.
      */
     private void extractGzip(File file) throws FileNotFoundException, IOException {
-        String originalPath = file.getPath();
+        final String originalPath = file.getPath();
         File gzip = new File(originalPath + ".gz");
         if (gzip.isFile()) {
             gzip.delete();
         }
-        file.renameTo(gzip);
-        file = new File(originalPath);
-
-        byte[] buffer = new byte[4096];
-
-        GZIPInputStream cin = new GZIPInputStream(new FileInputStream(gzip));
-
-        FileOutputStream out = new FileOutputStream(file);
-
-        int len;
-        while ((len = cin.read(buffer)) > 0) {
-            out.write(buffer, 0, len);
+        if (!file.renameTo(gzip)) {
+            throw new IOException("Unable to rename '" + file.getPath() + "'");
+        }
+        final File newfile = new File(originalPath);
+
+        final byte[] buffer = new byte[4096];
+
+        GZIPInputStream cin = null;
+        FileOutputStream out = null;
+        try {
+            cin = new GZIPInputStream(new FileInputStream(gzip));
+            out = new FileOutputStream(newfile);
+
+            int len;
+            while ((len = cin.read(buffer)) > 0) {
+                out.write(buffer, 0, len);
+            }
+        } finally {
+            if (cin != null) {
+                cin.close();
+            }
+            if (out != null) {
+                out.close();
+            }
+            if (gzip.isFile()) {
+                FileUtils.delete(gzip);
+            }
         }
-        cin.close();
-        out.close();
-        FileUtils.delete(gzip);
     }
 }