commit a30d8baff4857ff8daa4da6925e4e7f12a90f41d
author Iurii Makhno <iuriimak@google.com> Mon Feb 27 16:27:26 2023 +0000
committer Iurii Makhno <iuriimak@google.com> Tue Feb 28 17:59:16 2023 +0000
tree 44a85dfff91e1b8979a35ea920ab72cb37659b56
parent ca75b3cdb7964d45a9e4970e11998b99e7f34ca6

Ensure library file starts with 'lib/' prefix.

Test: ApkParsing_test.cpp
Change-Id: I3a1ac8c10b315e49ec668ff357aafe861cd2d0fe

libs/androidfw/ApkParsing.cpp

diff --git a/libs/androidfw/ApkParsing.cpp b/libs/androidfw/ApkParsing.cpp
index 32d2c5b..7eedfdb 100644
--- a/libs/androidfw/ApkParsing.cpp
+++ b/libs/androidfw/ApkParsing.cpp
@@ -56,6 +56,11 @@
         return nullptr;
     }
 
+    // Make sure file starts with 'lib/' prefix.
+    if (strncmp(fileName, APK_LIB.data(), APK_LIB_LEN) != 0) {
+        return nullptr;
+    }
+
     // Make sure there aren't subdirectories by checking if the next / after lib/ is the last slash
     if (memchr(fileName + APK_LIB_LEN, '/', fileNameLen - APK_LIB_LEN) != lastSlash) {
         return nullptr;

libs/androidfw/tests/ApkParsing_test.cpp

diff --git a/libs/androidfw/tests/ApkParsing_test.cpp b/libs/androidfw/tests/ApkParsing_test.cpp
index 62e88c6..ac1dc9b 100644
--- a/libs/androidfw/tests/ApkParsing_test.cpp
+++ b/libs/androidfw/tests/ApkParsing_test.cpp
@@ -74,4 +74,10 @@
   auto lastSlash = util::ValidLibraryPathLastSlash(path, false, false);
   ASSERT_THAT(lastSlash, IsNull());
 }
+
+TEST(ApkParsingTest, InvalidPrefix) {
+  const char* path = "assets/libhello.so";
+  auto lastSlash = util::ValidLibraryPathLastSlash(path, false, false);
+  ASSERT_THAT(lastSlash, IsNull());
+}
 }
\ No newline at end of file