diff options
| author | 2014-08-07 20:57:59 +0000 | |
|---|---|---|
| committer | 2014-08-07 15:00:45 +0000 | |
| commit | 0660244119243928a69e5f21ef5ea339c7f6d008 (patch) | |
| tree | 903bb725d4767fcdd59737656f66433a62d426e0 | |
| parent | f9b4c2cc6ffbcb21f8e9b015ed3bdab0501bdf65 (diff) | |
| parent | cce476034388383a6006555a225e2170f3b4dcd9 (diff) | |
Merge "Sanity-check paths of files to be restored" into lmp-dev
| -rw-r--r-- | services/backup/java/com/android/server/backup/BackupManagerService.java | 16 |
1 files changed, 16 insertions, 0 deletions
diff --git a/services/backup/java/com/android/server/backup/BackupManagerService.java b/services/backup/java/com/android/server/backup/BackupManagerService.java index 59aef328ef76..77b14ac18742 100644 --- a/services/backup/java/com/android/server/backup/BackupManagerService.java +++ b/services/backup/java/com/android/server/backup/BackupManagerService.java @@ -5129,6 +5129,14 @@ public class BackupManagerService extends IBackupManager.Stub { } } + // The path needs to be canonical + if (info.path.contains("..") || info.path.contains("//")) { + if (MORE_DEBUG) { + Slog.w(TAG, "Dropping invalid path " + info.path); + } + return false; + } + // Otherwise we think this file is good to go return true; } @@ -5680,6 +5688,14 @@ if (MORE_DEBUG) Slog.v(TAG, " + got " + nRead + "; now wanting " + (size - soF break; } + // The path needs to be canonical + if (info.path.contains("..") || info.path.contains("//")) { + if (MORE_DEBUG) { + Slog.w(TAG, "Dropping invalid path " + info.path); + } + okay = false; + } + // If the policy is satisfied, go ahead and set up to pipe the // data to the agent. if (DEBUG && okay && mAgent != null) { |