am bba79795: am 25c866a8: am e2adb1ff: Merge "Sanity-check paths of files to be resto...

author Jeff Vander Stoep <jeffv@google.com>

Tue, 23 Sep 2014 16:50:29 +0000 (16:50 +0000)

committer Android Git Automerger <android-git-automerger@android.com>

Tue, 23 Sep 2014 16:50:29 +0000 (16:50 +0000)
author Jeff Vander Stoep <jeffv@google.com>
Tue, 23 Sep 2014 16:50:29 +0000 (16:50 +0000)
committer Android Git Automerger <android-git-automerger@android.com>
Tue, 23 Sep 2014 16:50:29 +0000 (16:50 +0000)
diff --git a/services/java/com/android/server/BackupManagerService.java b/services/java/com/android/server/BackupManagerService.java

index 6d65a70..1c88a46 100644 (file)
--- a/services/java/com/android/server/BackupManagerService.java
+++ b/services/java/com/android/server/BackupManagerService.java
@@ -3578,6 +3578,14 @@ class BackupManagerService extends IBackupManager.Stub {
                                  break;
                          }
  
+                        // The path needs to be canonical
+                        if (info.path.contains("..") || info.path.contains("//")) {
+                            if (MORE_DEBUG) {
+                                Slog.w(TAG, "Dropping invalid path " + info.path);
+                            }
+                            okay = false;
+                        }
+
                          // If the policy is satisfied, go ahead and set up to pipe the
                          // data to the agent.
                          if (DEBUG && okay && mAgent != null) {
author	Jeff Vander Stoep <jeffv@google.com>
	Tue, 23 Sep 2014 16:50:29 +0000 (16:50 +0000)
committer	Android Git Automerger <android-git-automerger@android.com>
	Tue, 23 Sep 2014 16:50:29 +0000 (16:50 +0000)