Check SQLite3 magic bytes before import

author: Joe Stein <joeaarons@gmail.com> 2019-05-18 14:22:37 +0200
committer: Joe Stein <joeaarons@gmail.com> 2019-05-20 17:41:20 -0400
commit: 09e138b51f36deeabaafbc7bf72144d8ca458aaa (patch)
tree: 24859ff3eba0e47dc38e5e4289df1ec6c5f5acf0 /app/src/main/java/de/danoeh
parent: b89271329bb2422ddab1efa990b97304c82512f0 (diff)
download: AntennaPod-09e138b51f36deeabaafbc7bf72144d8ca458aaa.zip
1 files changed, 29 insertions, 1 deletions
diff --git a/app/src/main/java/de/danoeh/antennapod/activity/ImportExportActivity.java b/app/src/main/java/de/danoeh/antennapod/activity/ImportExportActivity.java
index e6c9c37cc..9795c1240 100644
--- a/app/src/main/java/de/danoeh/antennapod/activity/ImportExportActivity.java
+++ b/app/src/main/java/de/danoeh/antennapod/activity/ImportExportActivity.java
@@ -23,6 +23,7 @@ import java.io.FileOutputStream;
 import java.io.IOException;
 import java.io.InputStream;
 import java.nio.channels.FileChannel;
+import java.util.Arrays;
 
 import de.danoeh.antennapod.R;
 import de.danoeh.antennapod.core.preferences.UserPreferences;
@@ -109,9 +110,14 @@ public class ImportExportActivity extends AppCompatActivity {
     }
 
     private void restoreFrom(Uri inputUri) {
-        File currentDB = getDatabasePath(PodDBAdapter.DATABASE_NAME);
         InputStream inputStream = null;
         try {
+            if (!validateDB(inputUri)) {
+                displayBadFileDialog();
+                return;
+            }
+
+            File currentDB = getDatabasePath(PodDBAdapter.DATABASE_NAME);
             inputStream = getContentResolver().openInputStream(inputUri);
             FileUtils.copyInputStreamToFile(inputStream, currentDB);
             displayImportSuccessDialog();
@@ -123,6 +129,28 @@ public class ImportExportActivity extends AppCompatActivity {
         }
     }
 
+    private static final byte[] SQLITE3_MAGIC = "SQLite format 3\0".getBytes();
+    private boolean validateDB(Uri inputUri) throws IOException {
+        try (InputStream inputStream = getContentResolver().openInputStream(inputUri)) {
+            byte[] magicBuf = new byte[SQLITE3_MAGIC.length];
+            if (inputStream.read(magicBuf) == magicBuf.length) {
+                return Arrays.equals(SQLITE3_MAGIC, magicBuf);
+            }
+        }
+
+        return false;
+    }
+
+    private void displayBadFileDialog() {
+        AlertDialog.Builder d = new AlertDialog.Builder(ImportExportActivity.this);
+        d.setMessage(R.string.import_bad_file)
+                .setCancelable(false)
+                .setPositiveButton(android.R.string.ok, ((dialogInterface, i) -> {
+                    // do nothing
+                }))
+                .show();
+    }
+
     private void displayImportSuccessDialog() {
         AlertDialog.Builder d = new AlertDialog.Builder(ImportExportActivity.this);
         d.setMessage(R.string.import_ok);
author	Joe Stein <joeaarons@gmail.com>	2019-05-18 14:22:37 +0200
committer	Joe Stein <joeaarons@gmail.com>	2019-05-20 17:41:20 -0400
commit	09e138b51f36deeabaafbc7bf72144d8ca458aaa (patch)
tree	24859ff3eba0e47dc38e5e4289df1ec6c5f5acf0 /app/src/main/java/de/danoeh
parent	b89271329bb2422ddab1efa990b97304c82512f0 (diff)
download	AntennaPod-09e138b51f36deeabaafbc7bf72144d8ca458aaa.zip