Merge branch 'dev/11/fp3/security-aosp-rvc-release' into int/11/fp3
* dev/11/fp3/security-aosp-rvc-release:
Canonicalise path before extracting relative path
Change-Id: Ic9b9583758d6d0b37eb7779dbc31bce37a1cb0ba
diff --git a/src/com/android/providers/media/util/FileUtils.java b/src/com/android/providers/media/util/FileUtils.java
index c9a0a02..7bd1e4e 100644
--- a/src/com/android/providers/media/util/FileUtils.java
+++ b/src/com/android/providers/media/util/FileUtils.java
@@ -975,7 +975,9 @@
}
public static @Nullable String extractRelativePath(@Nullable String data) {
+ data = getCanonicalPath(data);
if (data == null) return null;
+
final Matcher matcher = PATTERN_RELATIVE_PATH.matcher(data);
if (matcher.find()) {
final int lastSlash = data.lastIndexOf('/');
@@ -1378,4 +1380,16 @@
}
return status;
}
+
+ @Nullable
+ private static String getCanonicalPath(@Nullable String path) {
+ if (path == null) return null;
+
+ try {
+ return new File(path).getCanonicalPath();
+ } catch (IOException e) {
+ Log.d(TAG, "Unable to get canonical path from invalid data path: " + path, e);
+ return null;
+ }
+ }
}
diff --git a/tests/src/com/android/providers/media/util/FileUtilsTest.java b/tests/src/com/android/providers/media/util/FileUtilsTest.java
index 6b120c0..b6124e0 100644
--- a/tests/src/com/android/providers/media/util/FileUtilsTest.java
+++ b/tests/src/com/android/providers/media/util/FileUtilsTest.java
@@ -459,7 +459,15 @@
extractRelativePath(prefix + "DCIM/foo.jpg"));
assertEquals("DCIM/My Vacation/",
extractRelativePath(prefix + "DCIM/My Vacation/foo.jpg"));
+ assertEquals("Pictures/",
+ extractRelativePath(prefix + "DCIM/../Pictures/.//foo.jpg"));
+ assertEquals("/",
+ extractRelativePath(prefix + "DCIM/Pictures/./..//..////foo.jpg"));
+ assertEquals("Android/data/",
+ extractRelativePath(prefix + "DCIM/foo.jpg/.//../../Android/data/poc"));
}
+
+ assertEquals(null, extractRelativePath("/sdcard/\\\u0000"));
}
@Test