Merge pull request #10425 from JosJuice/android-import-path-traversal

Android: Fix path traversal when importing user data
dolphin-emu · Feb 1, 2022 · 5e59561 · 5e59561
2 parents 44dabc6 + 8aef3e4
commit 5e59561
Showing 1 changed file with 8 additions and 0 deletions.
diff --git a/Source/Android/app/src/main/java/org/dolphinemu/dolphinemu/activities/UserDataActivity.java b/Source/Android/app/src/main/java/org/dolphinemu/dolphinemu/activities/UserDataActivity.java
@@ -19,6 +19,7 @@
 
 import org.dolphinemu.dolphinemu.R;
 import org.dolphinemu.dolphinemu.utils.DirectoryInitialization;
+import org.dolphinemu.dolphinemu.utils.Log;
 import org.dolphinemu.dolphinemu.utils.ThreadUtil;
 
 import java.io.File;
@@ -185,6 +186,7 @@ private int importUserData(Uri source)
         try (ZipInputStream zis = new ZipInputStream(is))
         {
           File userDirectory = new File(DirectoryInitialization.getUserDirectory());
+          String userDirectoryCanonicalized = userDirectory.getCanonicalPath() + '/';
 
           sMustRestartApp = true;
           deleteChildrenRecursively(userDirectory);
@@ -198,6 +200,12 @@ private int importUserData(Uri source)
             File destFile = new File(userDirectory, ze.getName());
             File destDirectory = ze.isDirectory() ? destFile : destFile.getParentFile();
 
+            if (!destFile.getCanonicalPath().startsWith(userDirectoryCanonicalized))
+            {
+              Log.error("Zip file attempted path traversal! " + ze.getName());
+              return R.string.user_data_import_failure;
+            }
+
             if (!destDirectory.isDirectory() && !destDirectory.mkdirs())
             {
               throw new IOException("Failed to create directory " + destDirectory);