From fd34626771a63d3a835863e1b4bf71dcb26e28d8 Mon Sep 17 00:00:00 2001 From: Mike Lockwood Date: Wed, 8 Dec 2010 16:08:01 -0800 Subject: MTP: Improve argument checking in SendObjectInfo In particular, make sure the parent is a folder and make sure file does not already exist. Change-Id: Ifa870faba3285f03a92025d9e82f93fed78a761c Signed-off-by: Mike Lockwood --- media/mtp/MtpDatabase.h | 5 +++-- media/mtp/MtpProperty.cpp | 1 + media/mtp/MtpServer.cpp | 23 +++++++++++++++++------ 3 files changed, 21 insertions(+), 8 deletions(-) (limited to 'media/mtp') diff --git a/media/mtp/MtpDatabase.h b/media/mtp/MtpDatabase.h index 9929805..6dcb931 100644 --- a/media/mtp/MtpDatabase.h +++ b/media/mtp/MtpDatabase.h @@ -85,8 +85,9 @@ public: MtpDataPacket& packet) = 0; virtual MtpResponseCode getObjectFilePath(MtpObjectHandle handle, - MtpString& filePath, - int64_t& fileLength) = 0; + MtpString& outFilePath, + int64_t& outFileLength, + MtpObjectFormat& outFormat) = 0; virtual MtpResponseCode deleteFile(MtpObjectHandle handle) = 0; diff --git a/media/mtp/MtpProperty.cpp b/media/mtp/MtpProperty.cpp index b095ce1..8016c35 100644 --- a/media/mtp/MtpProperty.cpp +++ b/media/mtp/MtpProperty.cpp @@ -343,6 +343,7 @@ void MtpProperty::print() { print(mMaximumValue, buffer); buffer += ", "; print(mStepSize, buffer); + buffer += ")"; LOGI("%s", (const char *)buffer); break; case kFormEnum: diff --git a/media/mtp/MtpServer.cpp b/media/mtp/MtpServer.cpp index 5c1e02a..d65845d 100644 --- a/media/mtp/MtpServer.cpp +++ b/media/mtp/MtpServer.cpp @@ -112,8 +112,10 @@ void MtpServer::addStorage(const char* filePath) { } MtpStorage* MtpServer::getStorage(MtpStorageID id) { + if (id == 0) + return mStorages[0]; for (int i = 0; i < mStorages.size(); i++) { - MtpStorage* storage = mStorages[i]; + MtpStorage* storage = mStorages[i]; if (storage->getStorageID() == id) return storage; } @@ -557,7 +559,8 @@ MtpResponseCode MtpServer::doGetObject() { MtpObjectHandle handle = mRequest.getParameter(1); MtpString pathBuf; int64_t fileLength; - int result = mDatabase->getObjectFilePath(handle, pathBuf, fileLength); + MtpObjectFormat format; + int result = mDatabase->getObjectFilePath(handle, pathBuf, fileLength, format); if (result != MTP_RESPONSE_OK) return result; @@ -593,7 +596,8 @@ MtpResponseCode MtpServer::doGetPartialObject() { uint32_t length = mRequest.getParameter(3); MtpString pathBuf; int64_t fileLength; - int result = mDatabase->getObjectFilePath(handle, pathBuf, fileLength); + MtpObjectFormat format; + int result = mDatabase->getObjectFilePath(handle, pathBuf, fileLength, format); if (result != MTP_RESPONSE_OK) return result; if (offset + length > fileLength) @@ -639,10 +643,13 @@ MtpResponseCode MtpServer::doSendObjectInfo() { path = storage->getPath(); parent = 0; } else { - int64_t dummy; - int result = mDatabase->getObjectFilePath(parent, path, dummy); + int64_t length; + MtpObjectFormat format; + int result = mDatabase->getObjectFilePath(parent, path, length, format); if (result != MTP_RESPONSE_OK) return result; + if (format != MTP_FORMAT_ASSOCIATION) + return MTP_RESPONSE_INVALID_PARENT_OBJECT; } // read only the fields we need @@ -676,6 +683,10 @@ MtpResponseCode MtpServer::doSendObjectInfo() { path += "/"; path += (const char *)name; + // file should not already exist + if (access(path, R_OK) == 0) + return MTP_RESPONSE_GENERAL_ERROR; + MtpObjectHandle handle = mDatabase->beginSendObject((const char*)path, format, parent, storageID, mSendObjectFileSize, modifiedTime); if (handle == kInvalidObjectHandle) { @@ -835,7 +846,7 @@ MtpResponseCode MtpServer::doDeleteObject() { MtpString filePath; int64_t fileLength; - int result = mDatabase->getObjectFilePath(handle, filePath, fileLength); + int result = mDatabase->getObjectFilePath(handle, filePath, fileLength, format); if (result == MTP_RESPONSE_OK) { LOGV("deleting %s", (const char *)filePath); deletePath((const char *)filePath); -- cgit v1.1