Skip to content
Permalink
Browse files Browse the repository at this point in the history
Bugfix Path Traversal Vulnerability - see https://support.google.com/…
  • Loading branch information
hgzojer committed Oct 1, 2017
1 parent 89b97f5 commit accf683
Show file tree
Hide file tree
Showing 2 changed files with 15 additions and 6 deletions.
4 changes: 2 additions & 2 deletions AndroidManifest.xml
@@ -1,8 +1,8 @@
<?xml version="1.0" encoding="utf-8"?>
<manifest xmlns:android="http://schemas.android.com/apk/res/android"
package="at.hgz.vocabletrainer"
android:versionCode="9"
android:versionName="1.3.0" >
android:versionCode="10"
android:versionName="1.3.1" >

<uses-sdk
android:minSdkVersion="14"
Expand Down
17 changes: 13 additions & 4 deletions src/at/hgz/vocabletrainer/VocableTrainerProvider.java
Expand Up @@ -2,6 +2,7 @@

import java.io.File;
import java.io.FileNotFoundException;
import java.io.IOException;

import android.content.ContentProvider;
import android.content.ContentValues;
Expand All @@ -13,11 +14,19 @@
public class VocableTrainerProvider extends ContentProvider {

@Override
public ParcelFileDescriptor openFile(Uri uri, String mode) throws FileNotFoundException {
File cacheDir = getContext().getCacheDir();
File privateFile = new File(cacheDir, uri.getLastPathSegment());
public ParcelFileDescriptor openFile(Uri uri, String mode) throws FileNotFoundException {
try {
String cacheDir = getContext().getCacheDir().toString();
File privateFile = new File(cacheDir, uri.getLastPathSegment());

return ParcelFileDescriptor.open(privateFile, ParcelFileDescriptor.MODE_READ_ONLY);
if (!privateFile.getCanonicalPath().startsWith(cacheDir)) {
throw new IllegalArgumentException();
}

return ParcelFileDescriptor.open(privateFile, ParcelFileDescriptor.MODE_READ_ONLY);
} catch (IOException e) {
throw new RuntimeException(e.getMessage(), e);
}
}

@Override
Expand Down

0 comments on commit accf683

Please sign in to comment.