Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Skip to content
Unverified Commit a7c40fad authored by Tetiana Meronyk's avatar Tetiana Meronyk Committed by Kevin F. Haggerty
Browse files

Truncate user data to a limit of 500 characters 

Fix vulnerability that allows creating users with no restrictions. This is done by creating an intent to create a user and putting extras that are too long to be serialized. It causes IOException and the restrictions are not written in the file.

By truncating the string values when writing them to the file, we ensure that the exception does not happen and it can be recorded correctly.

Bug: 293602317
Test: install app provided in the bug, open app and click add. Check logcat to see there is no more IOException. Reboot the device by either opening User details page or running adb shell dumpsys user | grep -A12 heen and see that the restrictions are in place.
(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:46caac641941f2e8865a8d53400f959b3bd98d88)
Merged-In: Ia71477601d036a3ca55e73cdc9698ae268a30f20
Change-Id: Ia71477601d036a3ca55e73cdc9698ae268a30f20
parent 10e9c09c
Hide whitespace changes
Inline Side-by-side
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment