Bug 1212729 - Handle illegal PBAP virtual folders path properly. r=btian

2025-02-27 04:38:02 +00:00 · 2015-10-12 15:00:21 +08:00 · 2015-10-12 15:00:21 +08:00 · a7f6bfabe9
commit a7f6bfabe9
parent fa3acf9dcb
2 changed files with 58 additions and 16 deletions
--- a/dom/bluetooth/bluedroid/BluetoothPbapManager.cpp
+++ b/dom/bluetooth/bluedroid/BluetoothPbapManager.cpp
@ -386,7 +386,13 @@ BluetoothPbapManager::SetPhoneBookPath(uint8_t flags,
  if (flags & 1) {
    // Go up 1 level
    if (!newPath.IsEmpty()) {
-      newPath = StringHead(newPath, newPath.RFindChar('/'));
+      int32_t lastSlashIdx = newPath.RFindChar('/');
+      if (lastSlashIdx != -1) {
+        newPath = StringHead(newPath, lastSlashIdx);
+      } else {
+        // The parent folder is root.
+        newPath.AssignLiteral("");
+      }
    }
  } else {
    MOZ_ASSERT(aHeader.Has(ObexHeaderId::Name));
@ -398,7 +404,9 @@ BluetoothPbapManager::SetPhoneBookPath(uint8_t flags,
      newPath.AssignLiteral("");
    } else {
      // Go down 1 level
-      newPath.AppendLiteral("/");
+      if (!newPath.IsEmpty()) {
+        newPath.AppendLiteral("/");
+      }
      newPath.Append(childFolderName);
    }
  }
@ -430,6 +438,14 @@ BluetoothPbapManager::PullPhonebook(const ObexHeaderSet& aHeader)

  nsString name;
  aHeader.GetName(name);
+
+  // Ensure the name of phonebook object is legal
+  if (!IsLegalPhonebookName(name)) {
+    BT_LOGR("Illegal phone book object name [%s]",
+            NS_ConvertUTF16toUTF8(name).get());
+    return ObexResponseCode::NotFound;
+  }
+
  AppendNamedValue(data, "name", name);

  AppendNamedValueByTagId(aHeader, data, AppParameterTag::Format);
@ -608,19 +624,19 @@ BluetoothPbapManager::IsLegalPath(const nsAString& aPath)
 {
  static const char* sLegalPaths[] = {
    "", // root
-    "/telecom",
-    "/telecom/pb",
-    "/telecom/ich",
-    "/telecom/och",
-    "/telecom/mch",
-    "/telecom/cch",
-    "/SIM1",
-    "/SIM1/telecom",
-    "/SIM1/telecom/pb",
-    "/SIM1/telecom/ich",
-    "/SIM1/telecom/och",
-    "/SIM1/telecom/mch",
-    "/SIM1/telecom/cch"
+    "telecom",
+    "telecom/pb",
+    "telecom/ich",
+    "telecom/och",
+    "telecom/mch",
+    "telecom/cch",
+    "SIM1",
+    "SIM1/telecom",
+    "SIM1/telecom/pb",
+    "SIM1/telecom/ich",
+    "SIM1/telecom/och",
+    "SIM1/telecom/mch",
+    "SIM1/telecom/cch"
  };

  NS_ConvertUTF16toUTF8 path(aPath);
@ -633,6 +649,32 @@ BluetoothPbapManager::IsLegalPath(const nsAString& aPath)
  return false;
 }

+bool
+BluetoothPbapManager::IsLegalPhonebookName(const nsAString& aName)
+{
+  static const char* sLegalNames[] = {
+    "telecom/pb.vcf",
+    "telecom/ich.vcf",
+    "telecom/och.vcf",
+    "telecom/mch.vcf",
+    "telecom/cch.vcf",
+    "SIM1/telecom/pb.vcf",
+    "SIM1/telecom/ich.vcf",
+    "SIM1/telecom/och.vcf",
+    "SIM1/telecom/mch.vcf",
+    "SIM1/telecom/cch.vcf"
+  };
+
+  NS_ConvertUTF16toUTF8 name(aName);
+  for (uint8_t i = 0; i < MOZ_ARRAY_LENGTH(sLegalNames); i++) {
+    if (!strcmp(name.get(), sLegalNames[i])) {
+      return true;
+    }
+  }
+
+  return false;
+}
+
 void
 BluetoothPbapManager::AfterPbapConnected()
 {
--- a/dom/bluetooth/bluedroid/BluetoothPbapManager.h
+++ b/dom/bluetooth/bluedroid/BluetoothPbapManager.h
@ -157,11 +157,11 @@ private:
  InfallibleTArray<uint32_t>  PackPropertiesMask(uint8_t* aData, int aSize);
  bool CompareHeaderTarget(const ObexHeaderSet& aHeader);
  bool IsLegalPath(const nsAString& aPath);
+  bool IsLegalPhonebookName(const nsAString& aName);
  bool GetInputStreamFromBlob(Blob* aBlob);
  void AfterPbapConnected();
  void AfterPbapDisconnected();

-
  /**
   * Whether 'PhonebookSize' is required for the OBEX response
   */