Skip to content

Commit dcd1ede

Browse files
committed
add back missing asset; handle path-travesal issue
1 parent 6c7c386 commit dcd1ede

3 files changed

Lines changed: 14 additions & 2 deletions

File tree

21.1 KB
Binary file not shown.

ContentProvider/Files/app/src/main/java/com/commonsware/android/cp/files/FileProvider.java

Lines changed: 7 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -49,7 +49,13 @@ public boolean onCreate() {
4949
@Override
5050
public ParcelFileDescriptor openFile(Uri uri, String mode)
5151
throws FileNotFoundException {
52-
File f=new File(getContext().getFilesDir(), uri.getPath());
52+
File root=getContext().getFilesDir();
53+
File f=new File(root, uri.getPath()).getAbsoluteFile();
54+
55+
if (!f.getPath().startsWith(root.getPath())) {
56+
throw new
57+
SecurityException("Resolved path jumped beyond root");
58+
}
5359

5460
if (f.exists()) {
5561
return(ParcelFileDescriptor.open(f, parseMode(mode)));

ContentProvider/GrantUriPermissions/app/src/main/java/com/commonsware/android/cp/perms/FileProvider.java

Lines changed: 7 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -49,7 +49,13 @@ public boolean onCreate() {
4949
@Override
5050
public ParcelFileDescriptor openFile(Uri uri, String mode)
5151
throws FileNotFoundException {
52-
File f=new File(getContext().getFilesDir(), uri.getPath());
52+
File root=getContext().getFilesDir();
53+
File f=new File(root, uri.getPath()).getAbsoluteFile();
54+
55+
if (!f.getPath().startsWith(root.getPath())) {
56+
throw new
57+
SecurityException("Resolved path jumped beyond root");
58+
}
5359

5460
if (f.exists()) {
5561
return(ParcelFileDescriptor.open(f, parseMode(mode)));

0 commit comments

Comments
 (0)