From 97fbc18ceaae2ac6308ffe55fc98621cc0b54df4 Mon Sep 17 00:00:00 2001
From: Andrea Marchesini <amarchesini@mozilla.com>
Date: Mon, 27 Mar 2017 09:48:41 +0200
Subject: [PATCH] Bug 1349276 - Paths received by FileSystemRequestParent need
 to be sanitized before passed to IsDescendantPath, r=haik

---
 dom/filesystem/FileSystemSecurity.cpp | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/dom/filesystem/FileSystemSecurity.cpp b/dom/filesystem/FileSystemSecurity.cpp
index 56f8a74e8013..d7e7778a63a8 100644
--- a/dom/filesystem/FileSystemSecurity.cpp
+++ b/dom/filesystem/FileSystemSecurity.cpp
@@ -89,6 +89,10 @@ FileSystemSecurity::ContentProcessHasAccessTo(ContentParentId aId,
   MOZ_ASSERT(NS_IsMainThread());
   AssertIsInMainProcess();
 
+  if (FindInReadable(NS_LITERAL_STRING(".."), aPath)) {
+    return false;
+  }
+
   nsTArray<nsString>* paths;
   if (!mPaths.Get(aId, &paths)) {
     return false;