Backport of Win-specific suppression of potentially rogue construct that can engage in directory traversal on the host. Bug:209438553 Ignore-AOSP-First: Resolution for potential security exploit. Test: Relying on presubmits for now. Will followup with a full-fledged sync and manual cursory test. Merged-In: Ie1f82db2fb14e1bdd183bf8d3d93d5e9f974be5d Change-Id: I2a5da348eba104a7d06d6c0acb3cd56b770142a1 (cherry picked from commit b5ad48db08e2087310ffd31580020eb923fe12af) Merged-In: I2a5da348eba104a7d06d6c0acb3cd56b770142a1

commit: 8f22ea4a1e59ea57be0d80c23ee327feeec71607 [log] [tgz]
author: Shaju Mathew <shaju@google.com> Tue Apr 05 14:45:28 2022 +0000
committer: android-t1 <xiaocong.gu@t2mobile.com> Thu Jul 07 17:38:16 2022 +0800
tree: afcaccb5cab0e29e31964751785beb0f9529374e
parent: 62a700e2b5f8ac84478c636cd24507a14965ac3a [diff]
diff --git a/client/file_sync_client.cpp b/client/file_sync_client.cpp
index 2e8b975..8f8601b 100644
--- a/client/file_sync_client.cpp
+++ b/client/file_sync_client.cpp

@@ -544,7 +544,17 @@
 
             if (!ReadFdExactly(fd, buf, len)) return false;
             buf[len] = 0;
-
+            // Address the unlikely scenario wherein a
+            // compromised device/service might be able to
+            // traverse across directories on the host. Let's
+            // shut that door!
+            if (strchr(buf, '/')
+#if defined(_WIN32)
+                || strchr(buf, '\\')
+#endif
+            ) {
+                return false;
+            }
             callback(dent.mode, dent.size, dent.mtime, buf);
         }
     }
commit	8f22ea4a1e59ea57be0d80c23ee327feeec71607	[log] [tgz]
author	Shaju Mathew <shaju@google.com>	Tue Apr 05 14:45:28 2022 +0000
committer	android-t1 <xiaocong.gu@t2mobile.com>	Thu Jul 07 17:38:16 2022 +0800
tree	afcaccb5cab0e29e31964751785beb0f9529374e
parent	62a700e2b5f8ac84478c636cd24507a14965ac3a [diff]