Android: Fix path traversal when importing user data

This commit is contained in:
JosJuice 2022-01-31 21:01:15 +01:00
parent d3742c1555
commit 8aef3e4711
1 changed files with 8 additions and 0 deletions

View File

@ -19,6 +19,7 @@ import androidx.appcompat.app.AppCompatActivity;
import org.dolphinemu.dolphinemu.R;
import org.dolphinemu.dolphinemu.utils.DirectoryInitialization;
import org.dolphinemu.dolphinemu.utils.Log;
import org.dolphinemu.dolphinemu.utils.ThreadUtil;
import java.io.File;
@ -185,6 +186,7 @@ public class UserDataActivity extends AppCompatActivity
try (ZipInputStream zis = new ZipInputStream(is))
{
File userDirectory = new File(DirectoryInitialization.getUserDirectory());
String userDirectoryCanonicalized = userDirectory.getCanonicalPath() + '/';
sMustRestartApp = true;
deleteChildrenRecursively(userDirectory);
@ -198,6 +200,12 @@ public class UserDataActivity extends AppCompatActivity
File destFile = new File(userDirectory, ze.getName());
File destDirectory = ze.isDirectory() ? destFile : destFile.getParentFile();
if (!destFile.getCanonicalPath().startsWith(userDirectoryCanonicalized))
{
Log.error("Zip file attempted path traversal! " + ze.getName());
return R.string.user_data_import_failure;
}
if (!destDirectory.isDirectory() && !destDirectory.mkdirs())
{
throw new IOException("Failed to create directory " + destDirectory);