Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 7a6af1c0 authored by Jason Monk's avatar Jason Monk
Browse files

Verify inputs to PAC resolving. 

This verifies both the URL and host are valid before they are passed to the
javascript for PAC.  This is to protect against injection attacks.

Bug: 10230771
Change-Id: Ib1996181971a49ccd390f181ec3848124801e4d5
parent 0125ba70

packages/services/PacProcessor/src/com/android/pacprocessor/PacService.java

+15 −1
Original line number Diff line number Diff line
@@ -25,6 +25,9 @@ import android.util.Log; 


import com.android.net.IProxyService;



import java.net.MalformedURLException;

import java.net.URL;



public class PacService extends Service {

    private static final String TAG = "PacService";
@@ -68,7 +71,18 @@ public class PacService extends Service { 


        @Override

        public String resolvePacFile(String host, String url) throws RemoteException {

            try {

                // Check for characters that could be used for an injection attack.

                new URL(url);

                for (char c : host.toCharArray()) {

                    if (!Character.isLetterOrDigit(c) && (c != '.') && (c != '-')) {

                        throw new RemoteException("Invalid host was passed");

                    }

                }

                return mPacNative.makeProxyRequest(url, host);

            } catch (MalformedURLException e) {

                throw new RemoteException("Invalid URL was passed");

            }

        }



        @Override