d61e0cdbb6cfe921823308c65d4471f6db40a706 - LeafOS-Project/android_packages_apps_Gallery2

commit	d61e0cdbb6cfe921823308c65d4471f6db40a706	[log] [tgz]
author	spickl <spickl@google.com>	Thu Jan 26 19:25:59 2023 +0000
committer	Michael Bestas <mkbestas@lineageos.org>	Mon Oct 09 16:59:11 2023 +0300
tree	865a3ba38dfb711cb96aa4223690dfceebda3097
parent	452229bfd556c9899fd4428a3918c788d5b07761 [diff]

Fix Gallery2 path traversal bug

Fix a path traversal bug that allowed a malicious launcher app to access files in the private space of the Gallery2 app by injecting a bad path.
Fix: Check URI before passing the file out from SharedImageProvider and raise exception if it's not pointing to the relevant folder.
Bug: 198174170
Test: manual by following the reporters instructions

Change-Id: I74dce6c4794b3eafb922bb9a2f2516677cc5f4d8

src/com/android/gallery3d/filtershow/provider/SharedImageProvider.java[diff]

1 file changed

tree: 865a3ba38dfb711cb96aa4223690dfceebda3097

gallerycommon/
jni/
jni_jpegstream/
res/
src/
src_pd/
.gitignore
Android.bp
AndroidManifest.xml
CleanSpec.mk
jarjar-rules.txt
proguard.flags