dahjah/Lime3DS
1
0
Fork 0
mirror of https://github.com/Lime3DS/Lime3DS.git synced 2026-06-01 20:45:00 -06:00
Code Issues Packages Projects Releases Wiki Activity

DocumentsTree: Put resolvePath under a strict directory whitelist

Browse Source
This commit is contained in:
OpenSauce04 2026-03-05 22:09:54 +00:00 committed by OpenSauce
parent fac63ce6b1
commit a8ebd0f551
1 changed files with 18 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
src/android/app/src/main/java/org/citra/citra_emu/utils/DocumentsTree.kt
View File

@ -10,6 +10,8 @@ import androidx.core.net.toUri
import androidx.documentfile.provider.DocumentFile import androidx.documentfile.provider.DocumentFile
import org.citra.citra_emu.CitraApplication import org.citra.citra_emu.CitraApplication
import org.citra.citra_emu.model.CheapDocument import org.citra.citra_emu.model.CheapDocument
import org.citra.citra_emu.utils.BuildUtil
import java.io.IOException
import java.net.URLDecoder import java.net.URLDecoder
import java.nio.file.Paths import java.nio.file.Paths
import java.util.StringTokenizer import java.util.StringTokenizer
@ -261,6 +263,17 @@ class DocumentsTree {
@Synchronized @Synchronized
private fun resolvePath(filepath: String): DocumentsNode? { private fun resolvePath(filepath: String): DocumentsNode? {
if (!BuildUtil.isGooglePlayBuild) {
var isLegalPath = false
kotlinDirectoryAccessWhitelist.forEach {
if (filepath.startsWith(it)) {
isLegalPath = true
}
}
if (!isLegalPath) {
throw IOException("Attempted to resolve forbidden path: " + filepath)
}
}
root ?: return null root ?: return null
val tokens = StringTokenizer(filepath, DELIMITER, false) val tokens = StringTokenizer(filepath, DELIMITER, false)
var iterator = root var iterator = root
@ -352,5 +365,10 @@ class DocumentsTree {
companion object { companion object {
const val DELIMITER = "/" const val DELIMITER = "/"
val kotlinDirectoryAccessWhitelist = arrayOf(
"/config/",
"/log/",
"/gpu_drivers/",
)
} }
} }