diff options
| author | TreeHugger Robot <treehugger-gerrit@google.com> | 2020-03-23 03:10:29 +0000 |
|---|---|---|
| committer | Android (Google) Code Review <android-gerrit@google.com> | 2020-03-23 03:10:29 +0000 |
| commit | 2d3c39c7ecfe6a34b013102496979a6f02649d4a (patch) | |
| tree | 42728d14fd57c4c8f686188c1cda63ece586eb96 | |
| parent | 40e794335b92f2f5237bcfddab454758cc4ad246 (diff) | |
| parent | 6111b2b92a1844f5796c718bf0736102b876c2b9 (diff) | |
| download | frameworks_av-2d3c39c7ecfe6a34b013102496979a6f02649d4a.tar.gz frameworks_av-2d3c39c7ecfe6a34b013102496979a6f02649d4a.tar.bz2 frameworks_av-2d3c39c7ecfe6a34b013102496979a6f02649d4a.zip | |
Merge "MTP: Sanitize filename provided from MTP host" into qt-qpr1-dev
| -rw-r--r-- | media/mtp/MtpServer.cpp | 12 |
1 files changed, 12 insertions, 0 deletions
diff --git a/media/mtp/MtpServer.cpp b/media/mtp/MtpServer.cpp index ca8cb785e9..dd69496160 100644 --- a/media/mtp/MtpServer.cpp +++ b/media/mtp/MtpServer.cpp @@ -44,6 +44,7 @@ #include "MtpStringBuffer.h" namespace android { +static const int SN_EVENT_LOG_ID = 0x534e4554; static const MtpOperationCode kSupportedOperationCodes[] = { MTP_OPERATION_GET_DEVICE_INFO, @@ -961,6 +962,17 @@ MtpResponseCode MtpServer::doSendObjectInfo() { if (!parseDateTime(modified, modifiedTime)) modifiedTime = 0; + if ((strcmp(name, ".") == 0) || (strcmp(name, "..") == 0) || + (strchr(name, '/') != NULL)) { + char errMsg[80]; + + snprintf(errMsg, sizeof(errMsg), "Invalid name: %s", (const char *) name); + ALOGE("%s (b/130656917)", errMsg); + android_errorWriteWithInfoLog(SN_EVENT_LOG_ID, "130656917", -1, errMsg, + strlen(errMsg)); + + return MTP_RESPONSE_INVALID_PARAMETER; + } if (path[path.size() - 1] != '/') path.append("/"); path.append(name); |