From: Shaju Mathew <shaju@google.com>
Date: Tue, 5 Apr 2022 14:45:28 +0000 (+0000)
Subject: Backport of Win-specific suppression of potentially rogue construct that can engage... 
X-Git-Tag: archive/raspbian/29.0.6-23+rpi1^2~2
X-Git-Url: https://dgit.raspbian.org/?a=commitdiff_plain;h=c87bb53a5454b95c61a75adb83eb3135288898b8;p=android-platform-tools.git

Backport of Win-specific suppression of potentially rogue construct that can engage in directory traversal on the host.

Bug:209438553

Ignore-AOSP-First: Resolution for potential security exploit.

Test: Relying on presubmits for now.
Will followup with a full-fledged sync and manual cursory test.

Merged-In: Ie1f82db2fb14e1bdd183bf8d3d93d5e9f974be5d
Change-Id: I2a5da348eba104a7d06d6c0acb3cd56b770142a1

Gbp-Pq: Topic cve
Gbp-Pq: Name CVE-2022-20128.patch
---

diff --git a/system/core/adb/client/file_sync_client.cpp b/system/core/adb/client/file_sync_client.cpp
index 922f2ba4..a5207c7b 100644
--- a/system/core/adb/client/file_sync_client.cpp
+++ b/system/core/adb/client/file_sync_client.cpp
@@ -399,7 +399,17 @@ class SyncConnection {
 
             if (!ReadFdExactly(fd, buf, len)) return false;
             buf[len] = 0;
-
+            // Address the unlikely scenario wherein a
+            // compromised device/service might be able to
+            // traverse across directories on the host. Let's
+            // shut that door!
+            if (strchr(buf, '/')
+#if defined(_WIN32)
+                || strchr(buf, '\\')
+#endif
+            ) {
+                return false;
+            }
             callback(dent.mode, dent.size, dent.mtime, buf);
         }
     }