Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 63d0950f authored by William Loh's avatar William Loh Committed by Automerger Merge Worker
Browse files

Merge "validate_path should only reject sudirs named ".."" into main am: a5588976 

Original change: https://android-review.googlesource.com/c/platform/frameworks/native/+/3242446



Change-Id: Ie0fa030a21ee25028cd55c9908fb15cd25ca7170
Signed-off-by: default avatarAutomerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
parents 3a4f895b a5588976

cmds/installd/tests/installd_utils_test.cpp

+3 −0
Original line number Diff line number Diff line
@@ -101,6 +101,9 @@ TEST_F(UtilsTest, IsValidApkPath_Internal) { 
    EXPECT_EQ(0, validate_apk_path(path2))

            << path2 << " should be allowed as a valid path";



    const char* path3 = TEST_APP_DIR "..example..com../example.apk";

    EXPECT_EQ(0, validate_apk_path(path3)) << path3 << " should be allowed as a valid path";



    const char *badint1 = TEST_APP_DIR "../example.apk";

    EXPECT_EQ(-1, validate_apk_path(badint1))

            << badint1 << " should be rejected as a invalid path";

cmds/installd/utils.cpp

+14 −9
Original line number Diff line number Diff line
@@ -1040,25 +1040,30 @@ static int validate_path(const std::string& dir, const std::string& path, int ma 
        LOG(ERROR) << "Invalid directory " << dir;

        return -1;

    }

    if (path.find("..") != std::string::npos) {

        LOG(ERROR) << "Invalid path " << path;

        return -1;

    }



    if (path.compare(0, dir.size(), dir) != 0) {

        // Common case, path isn't under directory

        return -1;

    }



    // Count number of subdirectories

    auto pos = path.find('/', dir.size());

    // Count number of subdirectories and invalidate ".." subdirectories

    auto last = dir.size();

    auto pos = path.find('/', last);

    int count = 0;

    while (pos != std::string::npos) {

        auto next = path.find('/', pos + 1);

        if (next > pos + 1) {

        if (pos > last + 1) {

            count++;

        }

        pos = next;

        if (path.substr(last, pos - last) == "..") {

            LOG(ERROR) << "Invalid path " << path;

            return -1;

        }

        last = pos + 1;

        pos = path.find('/', last);

    }

    if (path.substr(last, path.size() - last) == "..") {

        LOG(ERROR) << "Invalid path " << path;

        return -1;

    }



    if (count > maxSubdirs) {