diff options
author | Vincent Breitmoser <valodim@mugenguild.com> | 2015-09-28 18:27:29 +0200 |
---|---|---|
committer | Vincent Breitmoser <valodim@mugenguild.com> | 2015-09-28 18:27:29 +0200 |
commit | 0e613aff2e617ca12c1b2e1032b21334c2ca674a (patch) | |
tree | 4e16d6a086cbe12875454fba520241ac84e277c7 /OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/PgpDecryptVerifyOperation.java | |
parent | b65a23f2d46f905160b47e044de12cf9177dfd51 (diff) | |
parent | 3df9bea4554c0edddce57aa6a2e32cfe5250ed72 (diff) | |
download | open-keychain-0e613aff2e617ca12c1b2e1032b21334c2ca674a.tar.gz open-keychain-0e613aff2e617ca12c1b2e1032b21334c2ca674a.tar.bz2 open-keychain-0e613aff2e617ca12c1b2e1032b21334c2ca674a.zip |
Merge remote-tracking branch 'origin/master' into encrypted-export
Diffstat (limited to 'OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/PgpDecryptVerifyOperation.java')
-rw-r--r-- | OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/PgpDecryptVerifyOperation.java | 9 |
1 files changed, 5 insertions, 4 deletions
diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/PgpDecryptVerifyOperation.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/PgpDecryptVerifyOperation.java index 007f686e8..36b4f5e1e 100644 --- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/PgpDecryptVerifyOperation.java +++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/PgpDecryptVerifyOperation.java @@ -52,13 +52,13 @@ import org.sufficientlysecure.keychain.Constants; import org.sufficientlysecure.keychain.Constants.key; import org.sufficientlysecure.keychain.R; import org.sufficientlysecure.keychain.operations.BaseOperation; +import org.sufficientlysecure.keychain.operations.results.DecryptVerifyResult; +import org.sufficientlysecure.keychain.operations.results.OperationResult.LogType; +import org.sufficientlysecure.keychain.operations.results.OperationResult.OperationLog; import org.sufficientlysecure.keychain.pgp.CanonicalizedSecretKey.SecretKeyType; import org.sufficientlysecure.keychain.pgp.exception.PgpGeneralException; import org.sufficientlysecure.keychain.provider.KeychainContract.KeyRings; import org.sufficientlysecure.keychain.provider.ProviderHelper; -import org.sufficientlysecure.keychain.operations.results.DecryptVerifyResult; -import org.sufficientlysecure.keychain.operations.results.OperationResult.LogType; -import org.sufficientlysecure.keychain.operations.results.OperationResult.OperationLog; import org.sufficientlysecure.keychain.service.input.CryptoInputParcel; import org.sufficientlysecure.keychain.service.input.RequiredInputParcel; import org.sufficientlysecure.keychain.ui.util.KeyFormattingUtils; @@ -512,8 +512,9 @@ public class PgpDecryptVerifyOperation extends BaseOperation<PgpDecryptVerifyInp PGPLiteralData literalData = (PGPLiteralData) dataChunk; String originalFilename = literalData.getFileName(); + // reject filenames with slashes completely (path traversal issue) if (originalFilename.contains("/")) { - originalFilename = originalFilename.substring(originalFilename.lastIndexOf('/')); + originalFilename = ""; } String mimeType = null; if (literalData.getFormat() == PGPLiteralData.TEXT |