From d49441e036b4615b81e0a45415d4da00e92c23bf Mon Sep 17 00:00:00 2001 From: Marcel Hibbe Date: Wed, 31 May 2023 17:11:10 +0200 Subject: [PATCH 1/2] get last part after "/" also for content uris note that this doesn't prevent path traversal as uris can be decoded Signed-off-by: Marcel Hibbe --- .../main/java/com/nextcloud/talk/utils/FileUtils.kt | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/app/src/main/java/com/nextcloud/talk/utils/FileUtils.kt b/app/src/main/java/com/nextcloud/talk/utils/FileUtils.kt index 5c84ba849..7090564e2 100644 --- a/app/src/main/java/com/nextcloud/talk/utils/FileUtils.kt +++ b/app/src/main/java/com/nextcloud/talk/utils/FileUtils.kt @@ -149,11 +149,13 @@ object FileUtils { // if it was no content uri, read filename from path if (filename == null) { filename = uri.path - val lastIndexOfSlash = filename!!.lastIndexOf('/') - if (lastIndexOfSlash != -1) { - filename = filename.substring(lastIndexOfSlash + 1) - } } + + val lastIndexOfSlash = filename!!.lastIndexOf('/') + if (lastIndexOfSlash != -1) { + filename = filename.substring(lastIndexOfSlash + 1) + } + return filename } From bd23edc9a57266a3a306fc33efbb4f514fd5a9e4 Mon Sep 17 00:00:00 2001 From: Marcel Hibbe Date: Wed, 31 May 2023 17:26:37 +0200 Subject: [PATCH 2/2] check if location of cached file makes sense Signed-off-by: Marcel Hibbe --- .../com/nextcloud/talk/jobs/UploadAndShareFilesWorker.kt | 4 +++- app/src/main/java/com/nextcloud/talk/utils/FileUtils.kt | 8 +++++++- 2 files changed, 10 insertions(+), 2 deletions(-) diff --git a/app/src/main/java/com/nextcloud/talk/jobs/UploadAndShareFilesWorker.kt b/app/src/main/java/com/nextcloud/talk/jobs/UploadAndShareFilesWorker.kt index 7eb57005c..d5f97b3ae 100644 --- a/app/src/main/java/com/nextcloud/talk/jobs/UploadAndShareFilesWorker.kt +++ b/app/src/main/java/com/nextcloud/talk/jobs/UploadAndShareFilesWorker.kt @@ -126,7 +126,9 @@ class UploadAndShareFilesWorker(val context: Context, workerParameters: WorkerPa initNotificationSetup() - if (file != null && file.length() > CHUNK_UPLOAD_THRESHOLD_SIZE) { + if (file == null) { + uploadSuccess = false + } else if (file.length() > CHUNK_UPLOAD_THRESHOLD_SIZE) { Log.d(TAG, "starting chunked upload because size is " + file.length()) initNotificationWithPercentage() diff --git a/app/src/main/java/com/nextcloud/talk/utils/FileUtils.kt b/app/src/main/java/com/nextcloud/talk/utils/FileUtils.kt index 7090564e2..aeff10873 100644 --- a/app/src/main/java/com/nextcloud/talk/utils/FileUtils.kt +++ b/app/src/main/java/com/nextcloud/talk/utils/FileUtils.kt @@ -112,9 +112,15 @@ object FileUtils { } @Suppress("NestedBlockDepth") - fun copyFileToCache(context: Context, sourceFileUri: Uri, filename: String): File { + fun copyFileToCache(context: Context, sourceFileUri: Uri, filename: String): File? { val cachedFile = File(context.cacheDir, filename) + if (!cachedFile.canonicalPath.startsWith(context.cacheDir.canonicalPath, true)) { + Log.w(TAG, "cachedFile was not created in cacheDir. Aborting for security reasons.") + cachedFile.delete() + return null + } + if (cachedFile.exists()) { Log.d(TAG, "file is already in cache") } else {