diff options
| author | Android Build Coastguard Worker <android-build-coastguard-worker@google.com> | 2022-07-07 01:49:03 +0000 |
|---|---|---|
| committer | Android Build Coastguard Worker <android-build-coastguard-worker@google.com> | 2022-07-07 01:49:03 +0000 |
| commit | 813397f7f94f9b3e5904442e3943fa8f99942acc (patch) | |
| tree | 74f867000bec44d77e0921af24691df65d687f65 | |
| parent | 1db169ef47905408d060503e35e4aea889261f9b (diff) | |
| parent | 6e8945a569d914f818c854ace75d305552ea69ef (diff) | |
| download | adb-android12L-d2-s6-release.tar.gz | |
Merge cherrypicks of [17625327] into sc-d2-release.android-12.1.0_r26android-12.1.0_r25android-12.1.0_r24android-12.1.0_r23android-12.1.0_r18android-12.1.0_r17android-12.1.0_r13android-12.1.0_r12android12L-d2-s8-releaseandroid12L-d2-s7-releaseandroid12L-d2-s6-releaseandroid12L-d2-s5-releaseandroid12L-d2-s1-releaseandroid12L-d2-release
Change-Id: I6fa41b923a2f5c435903410b409a7b633af999e0
| -rw-r--r-- | client/file_sync_client.cpp | 12 |
1 files changed, 11 insertions, 1 deletions
diff --git a/client/file_sync_client.cpp b/client/file_sync_client.cpp index 2e8b9756..8f8601b9 100644 --- a/client/file_sync_client.cpp +++ b/client/file_sync_client.cpp @@ -544,7 +544,17 @@ class SyncConnection { if (!ReadFdExactly(fd, buf, len)) return false; buf[len] = 0; - + // Address the unlikely scenario wherein a + // compromised device/service might be able to + // traverse across directories on the host. Let's + // shut that door! + if (strchr(buf, '/') +#if defined(_WIN32) + || strchr(buf, '\\') +#endif + ) { + return false; + } callback(dent.mode, dent.size, dent.mtime, buf); } } |