ShuriZma
/
dolphin
mirror of https://github.com/dolphin-emu/dolphin.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #10425 from JosJuice/android-import-path-traversal 

Android: Fix path traversal when importing user data
This commit is contained in:
JMC47 2022-02-01 04:18:33 -05:00 committed by GitHub
parent 44dabc6c2e 8aef3e4711
commit 5e59561637
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 8 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
Source/Android/app/src/main/java/org/dolphinemu/dolphinemu/activities/UserDataActivity.java
View File

@ -19,6 +19,7 @@ import androidx.appcompat.app.AppCompatActivity;
import org.dolphinemu.dolphinemu.R;
import org.dolphinemu.dolphinemu.utils.DirectoryInitialization;
import org.dolphinemu.dolphinemu.utils.Log;
import org.dolphinemu.dolphinemu.utils.ThreadUtil;
import java.io.File;
@ -185,6 +186,7 @@ public class UserDataActivity extends AppCompatActivity
try (ZipInputStream zis = new ZipInputStream(is))
{
File userDirectory = new File(DirectoryInitialization.getUserDirectory());
String userDirectoryCanonicalized = userDirectory.getCanonicalPath() + '/';
sMustRestartApp = true;
deleteChildrenRecursively(userDirectory);
@ -198,6 +200,12 @@ public class UserDataActivity extends AppCompatActivity
File destFile = new File(userDirectory, ze.getName());
File destDirectory = ze.isDirectory() ? destFile : destFile.getParentFile();
if (!destFile.getCanonicalPath().startsWith(userDirectoryCanonicalized))
{
Log.error("Zip file attempted path traversal! " + ze.getName());
return R.string.user_data_import_failure;
}
if (!destDirectory.isDirectory() && !destDirectory.mkdirs())
{
throw new IOException("Failed to create directory " + destDirectory);