From cce476034388383a6006555a225e2170f3b4dcd9 Mon Sep 17 00:00:00 2001 From: Christopher Tate Date: Mon, 4 Aug 2014 14:49:26 -0700 Subject: Sanity-check paths of files to be restored The duplicated implementations are an artifact of an ongoing refactor of the full-data restore code. The adb-specific path will be switched to use the FullRestoreEngine [as has already been done for the 'adb backup' path using the parallel full backup engine], at which point the extra implementation here will be removed, but for now we need to make sure that all bases are covered. Bug 16298491 Change-Id: I9cdb8a1c537939a620208df3cf0e921061b981ad --- .../com/android/server/backup/BackupManagerService.java | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) (limited to 'services/backup') diff --git a/services/backup/java/com/android/server/backup/BackupManagerService.java b/services/backup/java/com/android/server/backup/BackupManagerService.java index d434d7a..f59ec71 100644 --- a/services/backup/java/com/android/server/backup/BackupManagerService.java +++ b/services/backup/java/com/android/server/backup/BackupManagerService.java @@ -5107,6 +5107,14 @@ public class BackupManagerService extends IBackupManager.Stub { } } + // The path needs to be canonical + if (info.path.contains("..") || info.path.contains("//")) { + if (MORE_DEBUG) { + Slog.w(TAG, "Dropping invalid path " + info.path); + } + return false; + } + // Otherwise we think this file is good to go return true; } @@ -5658,6 +5666,14 @@ if (MORE_DEBUG) Slog.v(TAG, " + got " + nRead + "; now wanting " + (size - soF break; } + // The path needs to be canonical + if (info.path.contains("..") || info.path.contains("//")) { + if (MORE_DEBUG) { + Slog.w(TAG, "Dropping invalid path " + info.path); + } + okay = false; + } + // If the policy is satisfied, go ahead and set up to pipe the // data to the agent. if (DEBUG && okay && mAgent != null) { -- cgit v1.1