Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit a9dd53c2 authored by Shaju Mathew's avatar Shaju Mathew Committed by Automerger Merge Worker
Browse files

Backport of Win-specific suppression of potentially rogue construct that can engage am: a36a342e 

Original change: https://googleplex-android-review.googlesource.com/c/platform/system/core/+/17585758



Change-Id: I7ef66b9834289defd54eab9dc096f67412dbae52
Signed-off-by: default avatarAutomerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
parents 36d60929 a36a342e

adb/client/file_sync_client.cpp

+12 −0
Original line number Diff line number Diff line
@@ -629,6 +629,18 @@ static bool sync_ls(SyncConnection& sc, const char* path, 
        if (!ReadFdExactly(sc.fd, buf, len)) return false;

        buf[len] = 0;



        // Address the unlikely scenario wherein a

        // compromised device/service might be able to

        // traverse across directories on the host. Let's

        // shut that door!

        if (strchr(buf, '/')

#if defined(_WIN32)

            || strchr(buf, '\\')

#endif

           ) {

          return false;

        }



        func(msg.dent.mode, msg.dent.size, msg.dent.time, buf);

    }

}