From 8aef3e4711c1c3be95be177560389a7b44773019 Mon Sep 17 00:00:00 2001 From: JosJuice Date: Mon, 31 Jan 2022 21:01:15 +0100 Subject: [PATCH] Android: Fix path traversal when importing user data --- .../dolphinemu/activities/UserDataActivity.java | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/Source/Android/app/src/main/java/org/dolphinemu/dolphinemu/activities/UserDataActivity.java b/Source/Android/app/src/main/java/org/dolphinemu/dolphinemu/activities/UserDataActivity.java index bd3561abad..4e65ec3f6c 100644 --- a/Source/Android/app/src/main/java/org/dolphinemu/dolphinemu/activities/UserDataActivity.java +++ b/Source/Android/app/src/main/java/org/dolphinemu/dolphinemu/activities/UserDataActivity.java @@ -19,6 +19,7 @@ import androidx.appcompat.app.AppCompatActivity; import org.dolphinemu.dolphinemu.R; import org.dolphinemu.dolphinemu.utils.DirectoryInitialization; +import org.dolphinemu.dolphinemu.utils.Log; import org.dolphinemu.dolphinemu.utils.ThreadUtil; import java.io.File; @@ -185,6 +186,7 @@ public class UserDataActivity extends AppCompatActivity try (ZipInputStream zis = new ZipInputStream(is)) { File userDirectory = new File(DirectoryInitialization.getUserDirectory()); + String userDirectoryCanonicalized = userDirectory.getCanonicalPath() + '/'; sMustRestartApp = true; deleteChildrenRecursively(userDirectory); @@ -198,6 +200,12 @@ public class UserDataActivity extends AppCompatActivity File destFile = new File(userDirectory, ze.getName()); File destDirectory = ze.isDirectory() ? destFile : destFile.getParentFile(); + if (!destFile.getCanonicalPath().startsWith(userDirectoryCanonicalized)) + { + Log.error("Zip file attempted path traversal! " + ze.getName()); + return R.string.user_data_import_failure; + } + if (!destDirectory.isDirectory() && !destDirectory.mkdirs()) { throw new IOException("Failed to create directory " + destDirectory);