diff options
author | Android Build Coastguard Worker <android-build-coastguard-worker@google.com> | 2022-04-20 02:54:08 +0000 |
---|---|---|
committer | Android Build Coastguard Worker <android-build-coastguard-worker@google.com> | 2022-04-20 02:54:08 +0000 |
commit | cef637a4fb112f4b8cd8e53abcbedbaca226ea36 (patch) | |
tree | 62f65196e54f5f914f442679e23ff2113cd0b114 | |
parent | c53d859120c1ae3355533293ef72a2db341246ea (diff) | |
parent | 68e09aa4fe3bb2448b560c30d3dc33e0982013a7 (diff) | |
download | core-android-platform-11.0.0_r24.tar.gz |
Merge cherrypicks of [17605899] into rvc-platform-release.android-platform-11.0.0_r38android-platform-11.0.0_r37android-platform-11.0.0_r36android-platform-11.0.0_r35android-platform-11.0.0_r34android-platform-11.0.0_r33android-platform-11.0.0_r32android-platform-11.0.0_r31android-platform-11.0.0_r30android-platform-11.0.0_r29android-platform-11.0.0_r28android-platform-11.0.0_r27android-platform-11.0.0_r26android-platform-11.0.0_r25android-platform-11.0.0_r24android-platform-11.0.0_r23android-platform-11.0.0_r22android-platform-11.0.0_r21android-platform-11.0.0_r20android-platform-11.0.0_r19
Change-Id: I6ff19cc9220deee8a506e9ed4e64e1e644244537
-rw-r--r-- | adb/client/file_sync_client.cpp | 11 |
1 files changed, 11 insertions, 0 deletions
diff --git a/adb/client/file_sync_client.cpp b/adb/client/file_sync_client.cpp index e686973db..3374812d5 100644 --- a/adb/client/file_sync_client.cpp +++ b/adb/client/file_sync_client.cpp @@ -477,6 +477,17 @@ class SyncConnection { if (!ReadFdExactly(fd, buf, len)) return false; buf[len] = 0; + // Address the unlikely scenario wherein a + // compromised device/service might be able to + // traverse across directories on the host. Let's + // shut that door! + if (strchr(buf, '/') +#if defined(_WIN32) + || strchr(buf, '\\') +#endif + ) { + return false; + } callback(dent.mode, dent.size, dent.mtime, buf); } } |