diff options
| -rw-r--r-- | adb/client/file_sync_client.cpp | 11 |
1 files changed, 11 insertions, 0 deletions
diff --git a/adb/client/file_sync_client.cpp b/adb/client/file_sync_client.cpp index e686973db..3374812d5 100644 --- a/adb/client/file_sync_client.cpp +++ b/adb/client/file_sync_client.cpp @@ -477,6 +477,17 @@ class SyncConnection { if (!ReadFdExactly(fd, buf, len)) return false; buf[len] = 0; + // Address the unlikely scenario wherein a + // compromised device/service might be able to + // traverse across directories on the host. Let's + // shut that door! + if (strchr(buf, '/') +#if defined(_WIN32) + || strchr(buf, '\\') +#endif + ) { + return false; + } callback(dent.mode, dent.size, dent.mtime, buf); } } |