drgreen/android_frameworks_base
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Verify inputs to PAC resolving.

Browse Source 
This verifies both the URL and host are valid before they are passed to the
javascript for PAC.  This is to protect against injection attacks.

Bug: 10230771
Change-Id: Ib1996181971a49ccd390f181ec3848124801e4d5
This commit is contained in:
Jason Monk
2013-08-21 14:08:52 -04:00
parent 0125ba70bb
commit 7a6af1c093
1 changed files with 15 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

16
packages/services/PacProcessor/src/com/android/pacprocessor/PacService.java
View File

@ -25,6 +25,9 @@ import android.util.Log;
import com.android.net.IProxyService;
import java.net.MalformedURLException;
import java.net.URL;
public class PacService extends Service {
private static final String TAG = "PacService";
@ -68,7 +71,18 @@ public class PacService extends Service {
@Override
public String resolvePacFile(String host, String url) throws RemoteException {
return mPacNative.makeProxyRequest(url, host);
try {
// Check for characters that could be used for an injection attack.
new URL(url);
for (char c : host.toCharArray()) {
if (!Character.isLetterOrDigit(c) && (c != '.') && (c != '-')) {
throw new RemoteException("Invalid host was passed");
}
}
return mPacNative.makeProxyRequest(url, host);
} catch (MalformedURLException e) {
throw new RemoteException("Invalid URL was passed");
}
}
@Override