diff options
| author | Marco Nelissen <marcone@google.com> | 2014-09-27 01:03:49 +0000 |
|---|---|---|
| committer | Android (Google) Code Review <android-gerrit@google.com> | 2014-09-27 01:03:50 +0000 |
| commit | f8c4f9efcb5ad376970ccf7fb3b0b1b923506704 (patch) | |
| tree | dce8a6372f734c4760ad91f53cf42abed4e87f94 /media/java | |
| parent | 9e1dccc1817abe29133a5e29e3290cf4f7b66be8 (diff) | |
| parent | 5f411696a62b7f0fb95ba3519aa127c09f155eed (diff) | |
| download | frameworks_base-f8c4f9efcb5ad376970ccf7fb3b0b1b923506704.zip frameworks_base-f8c4f9efcb5ad376970ccf7fb3b0b1b923506704.tar.gz frameworks_base-f8c4f9efcb5ad376970ccf7fb3b0b1b923506704.tar.bz2 | |
Merge "Validate MTP path" into lmp-dev
Diffstat (limited to 'media/java')
| -rwxr-xr-x | media/java/android/mtp/MtpDatabase.java | 20 |
1 files changed, 20 insertions, 0 deletions
diff --git a/media/java/android/mtp/MtpDatabase.java b/media/java/android/mtp/MtpDatabase.java index fce3fd0..1921f47 100755 --- a/media/java/android/mtp/MtpDatabase.java +++ b/media/java/android/mtp/MtpDatabase.java @@ -39,6 +39,7 @@ import android.view.Display; import android.view.WindowManager; import java.io.File; +import java.io.IOException; import java.util.HashMap; import java.util.Locale; @@ -300,8 +301,27 @@ public class MtpDatabase { return false; } + // returns true if the path is in the storage root + private boolean inStorageRoot(String path) { + try { + File f = new File(path); + String canonical = f.getCanonicalPath(); + if (canonical.startsWith(mMediaStoragePath)) { + return true; + } + } catch (IOException e) { + // ignore + } + return false; + } + private int beginSendObject(String path, int format, int parent, int storageId, long size, long modified) { + // if the path is outside of the storage root, do not allow access + if (!inStorageRoot(path)) { + Log.e(TAG, "attempt to put file outside of storage area: " + path); + return -1; + } // if mSubDirectories is not null, do not allow copying files to any other locations if (!inStorageSubDirectory(path)) return -1; |