diff --git a/frameworks/native/backup_ext/src/ext_extension.cpp b/frameworks/native/backup_ext/src/ext_extension.cpp index cae67913b999a54ac94005c01243878eb2204b90..3bb40c76963c0765c6c7110d685327254b3a0504 100644 --- a/frameworks/native/backup_ext/src/ext_extension.cpp +++ b/frameworks/native/backup_ext/src/ext_extension.cpp @@ -17,6 +17,7 @@ #include #include +#include #include #include #include @@ -69,6 +70,10 @@ UniqueFd BackupExtExtension::GetFileHandle(const string &fileName) VerifyCaller(); + if (!regex_match(fileName, regex("^[0-9a-zA-Z_.]+$"))) { + throw BError(BError::Codes::EXT_INVAL_ARG, "Filename is not alphanumeric"); + } + string path = string(BConstants::PATH_BUNDLE_BACKUP_HOME).append(BConstants::SA_BUNDLE_BACKUP_RESTORE); if (mkdir(path.data(), S_IRWXU) && errno != EEXIST) { stringstream ss; @@ -78,6 +83,9 @@ UniqueFd BackupExtExtension::GetFileHandle(const string &fileName) } string tarName = path + fileName; + if (access(tarName.c_str(), F_OK) == 0) { + throw BError(BError::Codes::EXT_INVAL_ARG, string("The file already exists")); + } return UniqueFd(open(tarName.data(), O_RDWR | O_CREAT | O_TRUNC, S_IRUSR | S_IWUSR)); } diff --git a/services/backup_sa/src/module_ipc/service.cpp b/services/backup_sa/src/module_ipc/service.cpp index b6debaa69b1b7b8d0ae0df88cfa02b331ec4bdff..1cf06c64049f3bf90622467a73e3ac806052e8ee 100644 --- a/services/backup_sa/src/module_ipc/service.cpp +++ b/services/backup_sa/src/module_ipc/service.cpp @@ -389,6 +389,9 @@ ErrCode Service::GetExtFileName(string &bundleName, string &fileName) try { HILOGE("begin"); VerifyCaller(IServiceReverse::Scenario::RESTORE); + if (!regex_match(fileName, regex("^[0-9a-zA-Z_.]+$"))) { + throw BError(BError::Codes::SA_INVAL_ARG, "Filename is not alphanumeric"); + } session_->SetExtFileNameRequest(bundleName, fileName); return BError(BError::Codes::OK); } catch (const BError &e) {