summaryrefslogtreecommitdiffstats
path: root/src/com/android/providers/downloads
diff options
context:
space:
mode:
authorJeff Sharkey <jsharkey@android.com>2016-01-07 14:15:59 -0700
committerJeff Sharkey <jsharkey@android.com>2016-01-14 14:19:04 -0700
commit5c08fb8cbeb045b9ce447443208e87f42604d168 (patch)
tree46755097ef07e038808a6a7bc1ece06753bc7322 /src/com/android/providers/downloads
parent7460b6e0abad953fc8946296fa3f11bc4b1b60c6 (diff)
downloadandroid_packages_providers_DownloadProvider-5c08fb8cbeb045b9ce447443208e87f42604d168.tar.gz
android_packages_providers_DownloadProvider-5c08fb8cbeb045b9ce447443208e87f42604d168.tar.bz2
android_packages_providers_DownloadProvider-5c08fb8cbeb045b9ce447443208e87f42604d168.zip
Use resolved path for both checking and opening.
This avoids a race condition where someone can change a symlink target after the security checks have passed. Bug: 26211054 Change-Id: I5842aaecc7b7d417a3b1902957b59b8a1f3c1ccb
Diffstat (limited to 'src/com/android/providers/downloads')
-rw-r--r--src/com/android/providers/downloads/DownloadProvider.java10
-rw-r--r--src/com/android/providers/downloads/Helpers.java1
2 files changed, 8 insertions, 3 deletions
diff --git a/src/com/android/providers/downloads/DownloadProvider.java b/src/com/android/providers/downloads/DownloadProvider.java
index 4b23024f..2d914c41 100644
--- a/src/com/android/providers/downloads/DownloadProvider.java
+++ b/src/com/android/providers/downloads/DownloadProvider.java
@@ -1230,9 +1230,15 @@ public final class DownloadProvider extends ContentProvider {
throw new FileNotFoundException("No filename found.");
}
- final File file = new File(path);
+ final File file;
+ try {
+ file = new File(path).getCanonicalFile();
+ } catch (IOException e) {
+ throw new FileNotFoundException(e.getMessage());
+ }
+
if (!Helpers.isFilenameValid(getContext(), file)) {
- throw new FileNotFoundException("Invalid file: " + file);
+ throw new FileNotFoundException("Invalid file path: " + file);
}
final int pfdMode = ParcelFileDescriptor.parseMode(mode);
diff --git a/src/com/android/providers/downloads/Helpers.java b/src/com/android/providers/downloads/Helpers.java
index eb071395..7ca50bb1 100644
--- a/src/com/android/providers/downloads/Helpers.java
+++ b/src/com/android/providers/downloads/Helpers.java
@@ -341,7 +341,6 @@ public class Helpers {
static boolean isFilenameValid(Context context, File file) {
final File[] whitelist;
try {
- file = file.getCanonicalFile();
whitelist = new File[] {
context.getFilesDir().getCanonicalFile(),
context.getCacheDir().getCanonicalFile(),