Validate partition name when searching for physical partitions. Bug: 117274137 Test: fastboot getvar has-slot:../by-name/system Change-Id: Ibc74a12f836a30bdf1fd7f6b2a1e941de2430c70

commit: 0d80474b1ab8b41a3f3be3f28c0630f2d0d12d79 [log] [tgz]
author: Hridya Valsaraju <hridya@google.com> Mon Oct 08 11:06:38 2018 -0700
committer: Hridya Valsaraju <hridya@google.com> Mon Oct 08 11:59:07 2018 -0700
tree: 9355b8f5645c3099d982410017fda94b7ed731ad
parent: af4a6cdc3a888d5b2c833d4f9445488d0fae8afd [diff]
diff --git a/fastboot/device/utility.cpp b/fastboot/device/utility.cpp
index 528abec..30c5960 100644
--- a/fastboot/device/utility.cpp
+++ b/fastboot/device/utility.cpp

@@ -23,6 +23,7 @@
 
 #include <android-base/file.h>
 #include <android-base/logging.h>
+#include <android-base/strings.h>
 #include <fs_mgr.h>
 #include <fs_mgr_dm_linear.h>
 #include <liblp/liblp.h>
@@ -82,6 +83,10 @@
 }
 
 std::optional<std::string> FindPhysicalPartition(const std::string& name) {
+    // Check for an invalid file name
+    if (android::base::StartsWith(name, "../") || name.find("/../") != std::string::npos) {
+        return {};
+    }
     std::string path = "/dev/block/by-name/" + name;
     if (access(path.c_str(), W_OK) < 0) {
         return {};
commit	0d80474b1ab8b41a3f3be3f28c0630f2d0d12d79	[log] [tgz]
author	Hridya Valsaraju <hridya@google.com>	Mon Oct 08 11:06:38 2018 -0700
committer	Hridya Valsaraju <hridya@google.com>	Mon Oct 08 11:59:07 2018 -0700
tree	9355b8f5645c3099d982410017fda94b7ed731ad
parent	af4a6cdc3a888d5b2c833d4f9445488d0fae8afd [diff]