Snap for 9170954 from a9dd53c25fa24a159471fb0ebc41a4cdf90f5bf8 to qt-aml-tzdata-release
Change-Id: I331251370334fa29c2fc033bff81d5071f426d42
diff --git a/adb/client/file_sync_client.cpp b/adb/client/file_sync_client.cpp
index 5d10238..9b59096 100644
--- a/adb/client/file_sync_client.cpp
+++ b/adb/client/file_sync_client.cpp
@@ -629,6 +629,18 @@
if (!ReadFdExactly(sc.fd, buf, len)) return false;
buf[len] = 0;
+ // Address the unlikely scenario wherein a
+ // compromised device/service might be able to
+ // traverse across directories on the host. Let's
+ // shut that door!
+ if (strchr(buf, '/')
+#if defined(_WIN32)
+ || strchr(buf, '\\')
+#endif
+ ) {
+ return false;
+ }
+
func(msg.dent.mode, msg.dent.size, msg.dent.time, buf);
}
}