diff options
author | Marco Nelissen <marcone@google.com> | 2014-09-26 16:03:49 -0700 |
---|---|---|
committer | Marco Nelissen <marcone@google.com> | 2014-09-26 16:07:49 -0700 |
commit | 5f411696a62b7f0fb95ba3519aa127c09f155eed (patch) | |
tree | 717403a1369eb30dab2719d0ee8249f2b9de2a1d /media/java/android/mtp | |
parent | 7e3bfca8d0eef90aa08f36b5067fb37301fad8f2 (diff) | |
download | frameworks_base-5f411696a62b7f0fb95ba3519aa127c09f155eed.zip frameworks_base-5f411696a62b7f0fb95ba3519aa127c09f155eed.tar.gz frameworks_base-5f411696a62b7f0fb95ba3519aa127c09f155eed.tar.bz2 |
Validate MTP path
Bug: 17673184
Change-Id: I51a64f065d9b3609557af81e596ebeb8720ab6c5
Diffstat (limited to 'media/java/android/mtp')
-rwxr-xr-x | media/java/android/mtp/MtpDatabase.java | 20 |
1 files changed, 20 insertions, 0 deletions
diff --git a/media/java/android/mtp/MtpDatabase.java b/media/java/android/mtp/MtpDatabase.java index fce3fd0..1921f47 100755 --- a/media/java/android/mtp/MtpDatabase.java +++ b/media/java/android/mtp/MtpDatabase.java @@ -39,6 +39,7 @@ import android.view.Display; import android.view.WindowManager; import java.io.File; +import java.io.IOException; import java.util.HashMap; import java.util.Locale; @@ -300,8 +301,27 @@ public class MtpDatabase { return false; } + // returns true if the path is in the storage root + private boolean inStorageRoot(String path) { + try { + File f = new File(path); + String canonical = f.getCanonicalPath(); + if (canonical.startsWith(mMediaStoragePath)) { + return true; + } + } catch (IOException e) { + // ignore + } + return false; + } + private int beginSendObject(String path, int format, int parent, int storageId, long size, long modified) { + // if the path is outside of the storage root, do not allow access + if (!inStorageRoot(path)) { + Log.e(TAG, "attempt to put file outside of storage area: " + path); + return -1; + } // if mSubDirectories is not null, do not allow copying files to any other locations if (!inStorageSubDirectory(path)) return -1; |