48 lines
1.6 KiB
Diff
48 lines
1.6 KiB
Diff
From a547c7001ce5a3f5ff6611086d0c9e2d6b52c6d9 Mon Sep 17 00:00:00 2001
|
|
From: Shaju Mathew <shaju@google.com>
|
|
Date: Mon, 17 Jan 2022 17:42:05 -0800
|
|
Subject: [PATCH] Now suppressing ability for a potentially rogue device to
|
|
engage in directory traversal on host.
|
|
|
|
Bug:209438553
|
|
|
|
Ignore-AOSP-First: Resolution for (potential) security exploit if the device daemon
|
|
happens to be compromised.
|
|
|
|
Test: - Manual/cursory test against poc daemon (py script).
|
|
- For addressing flake: $aosp-master-with-phones/tools/asuite/atest$ atest atest_unittests
|
|
<snip>
|
|
Summary
|
|
-------
|
|
arm64-v8a atest_unittests: Passed: 288, Failed: 0, Ignored: 0, Assumption Failed: 0 <snip>
|
|
All tests passed!
|
|
|
|
Signed-off-by: Shaju Mathew <shaju@google.com>
|
|
Change-Id: I3e28b8882a0741a734422c52057d5ad1e608d8a8
|
|
---
|
|
client/file_sync_client.cpp | 8 ++++++++
|
|
1 file changed, 8 insertions(+)
|
|
|
|
diff --git a/client/file_sync_client.cpp b/client/file_sync_client.cpp
|
|
index af1deba1..1b1dfa89 100644
|
|
--- a/client/file_sync_client.cpp
|
|
+++ b/vendor/adb/client/file_sync_client.cpp
|
|
@@ -545,6 +545,14 @@ class SyncConnection {
|
|
if (!ReadFdExactly(fd, buf, len)) return false;
|
|
buf[len] = 0;
|
|
|
|
+ // Address the highly unlikely scenario wherein a
|
|
+ // compromised device/service might be able to
|
|
+ // traverse across directories on the host. Let's
|
|
+ // shut that door!
|
|
+ if (strchr(buf, '/')) {
|
|
+ return false;
|
|
+ }
|
|
+
|
|
callback(dent.mode, dent.size, dent.mtime, buf);
|
|
}
|
|
}
|
|
--
|
|
2.38.0
|
|
|