Android/frameworks_base
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

am 13d7d40c: am 83c23dda: am c8db4536: am 7e51102c: Merge "Validate MTP path" into lmp-dev

Browse Source 
* commit '13d7d40c1106a89b90ed39029e19e8871c36adbd':
  Validate MTP path
This commit is contained in:
Marco Nelissen
2014-09-27 06:16:56 +00:00
committed by Android Git Automerger
parent 96117a7176 f7d54c11b3
commit fa1f03801e
1 changed files with 20 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

20
media/java/android/mtp/MtpDatabase.java
View File

@@ -39,6 +39,7 @@ import android.view.Display;
import android.view.WindowManager; import android.view.WindowManager;
import java.io.File; import java.io.File;
import java.io.IOException;
import java.util.HashMap; import java.util.HashMap;
import java.util.Locale; import java.util.Locale;
@@ -300,8 +301,27 @@ public class MtpDatabase {
return false; return false;
} }
// returns true if the path is in the storage root
private boolean inStorageRoot(String path) {
try {
File f = new File(path);
String canonical = f.getCanonicalPath();
if (canonical.startsWith(mMediaStoragePath)) {
return true;
}
} catch (IOException e) {
// ignore
}
return false;
}
private int beginSendObject(String path, int format, int parent, private int beginSendObject(String path, int format, int parent,
int storageId, long size, long modified) { int storageId, long size, long modified) {
// if the path is outside of the storage root, do not allow access
if (!inStorageRoot(path)) {
Log.e(TAG, "attempt to put file outside of storage area: " + path);
return -1;
}
// if mSubDirectories is not null, do not allow copying files to any other locations // if mSubDirectories is not null, do not allow copying files to any other locations
if (!inStorageSubDirectory(path)) return -1; if (!inStorageSubDirectory(path)) return -1;