Backport of Win-specific suppression of potentially rogue construct that can engage in directory traversal on the host.
Bug:209438553
Ignore-AOSP-First: Resolution for potential security exploit.
Test: Relying on presubmits for now.
Will followup with a full-fledged sync and manual cursory test.
Merged-In: Ie1f82db2fb14e1bdd183bf8d3d93d5e9f974be5d
Change-Id: I2a5da348eba104a7d06d6c0acb3cd56b770142a1
(cherry picked from commit b5ad48db08e2087310ffd31580020eb923fe12af)
Merged-In: I2a5da348eba104a7d06d6c0acb3cd56b770142a1
diff --git a/client/file_sync_client.cpp b/client/file_sync_client.cpp
index 2e8b975..8f8601b 100644
--- a/client/file_sync_client.cpp
+++ b/client/file_sync_client.cpp
@@ -544,7 +544,17 @@
if (!ReadFdExactly(fd, buf, len)) return false;
buf[len] = 0;
-
+ // Address the unlikely scenario wherein a
+ // compromised device/service might be able to
+ // traverse across directories on the host. Let's
+ // shut that door!
+ if (strchr(buf, '/')
+#if defined(_WIN32)
+ || strchr(buf, '\\')
+#endif
+ ) {
+ return false;
+ }
callback(dent.mode, dent.size, dent.mtime, buf);
}
}