diff options
author | Dominik Schürmann <dominik@dominikschuermann.de> | 2015-09-24 23:32:51 +0200 |
---|---|---|
committer | Dominik Schürmann <dominik@dominikschuermann.de> | 2015-09-24 23:32:51 +0200 |
commit | 21b83d8fa483eb3d911e7475663a7cb36e4170a0 (patch) | |
tree | abf4676f709f0419b3f7a84a8217aa660b5616e5 /OpenKeychain | |
parent | 756ee28fb0bfb63f1d013d6b82bedc13c811b32f (diff) | |
download | open-keychain-21b83d8fa483eb3d911e7475663a7cb36e4170a0.tar.gz open-keychain-21b83d8fa483eb3d911e7475663a7cb36e4170a0.tar.bz2 open-keychain-21b83d8fa483eb3d911e7475663a7cb36e4170a0.zip |
Reject filenames with slashes completly
Diffstat (limited to 'OpenKeychain')
-rw-r--r-- | OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/PgpDecryptVerifyOperation.java | 9 |
1 files changed, 5 insertions, 4 deletions
diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/PgpDecryptVerifyOperation.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/PgpDecryptVerifyOperation.java index 007f686e8..36b4f5e1e 100644 --- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/PgpDecryptVerifyOperation.java +++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/PgpDecryptVerifyOperation.java @@ -52,13 +52,13 @@ import org.sufficientlysecure.keychain.Constants; import org.sufficientlysecure.keychain.Constants.key; import org.sufficientlysecure.keychain.R; import org.sufficientlysecure.keychain.operations.BaseOperation; +import org.sufficientlysecure.keychain.operations.results.DecryptVerifyResult; +import org.sufficientlysecure.keychain.operations.results.OperationResult.LogType; +import org.sufficientlysecure.keychain.operations.results.OperationResult.OperationLog; import org.sufficientlysecure.keychain.pgp.CanonicalizedSecretKey.SecretKeyType; import org.sufficientlysecure.keychain.pgp.exception.PgpGeneralException; import org.sufficientlysecure.keychain.provider.KeychainContract.KeyRings; import org.sufficientlysecure.keychain.provider.ProviderHelper; -import org.sufficientlysecure.keychain.operations.results.DecryptVerifyResult; -import org.sufficientlysecure.keychain.operations.results.OperationResult.LogType; -import org.sufficientlysecure.keychain.operations.results.OperationResult.OperationLog; import org.sufficientlysecure.keychain.service.input.CryptoInputParcel; import org.sufficientlysecure.keychain.service.input.RequiredInputParcel; import org.sufficientlysecure.keychain.ui.util.KeyFormattingUtils; @@ -512,8 +512,9 @@ public class PgpDecryptVerifyOperation extends BaseOperation<PgpDecryptVerifyInp PGPLiteralData literalData = (PGPLiteralData) dataChunk; String originalFilename = literalData.getFileName(); + // reject filenames with slashes completely (path traversal issue) if (originalFilename.contains("/")) { - originalFilename = originalFilename.substring(originalFilename.lastIndexOf('/')); + originalFilename = ""; } String mimeType = null; if (literalData.getFormat() == PGPLiteralData.TEXT |