DO NOT MERGE: Fix vulnerability where large GPS XTRA data can be (b472eb3d) · Commits · e / os / android_frameworks_base

services/core/java/com/android/server/location/GpsXtraDownloader.java

+21 −1

Original line number	Diff line number	Diff line
		@@ -22,6 +22,12 @@ import android.util.Log;
		import java.io.IOException;
		import java.net.HttpURLConnection;
		import java.net.URL;

		import libcore.io.IoUtils;

		import java.io.ByteArrayOutputStream;
		import java.io.InputStream;
		import java.io.IOException;
		import java.util.Properties;
		import java.util.Random;
		import java.util.concurrent.TimeUnit;
		@@ -37,6 +43,7 @@ public class GpsXtraDownloader {

		private static final String TAG = "GpsXtraDownloader";
		private static final boolean DEBUG = Log.isLoggable(TAG, Log.DEBUG);
		private static final long MAXIMUM_CONTENT_LENGTH_BYTES = 1000000; // 1MB.
		private static final String DEFAULT_USER_AGENT = "Android";
		private static final int CONNECTION_TIMEOUT_MS = (int) TimeUnit.SECONDS.toMillis(30);

		@@ -124,7 +131,19 @@ public class GpsXtraDownloader {
		return null;
		}

		return Streams.readFully(connection.getInputStream());
		try (InputStream in = connection.getInputStream()) {
		ByteArrayOutputStream bytes = new ByteArrayOutputStream();
		byte[] buffer = new byte[1024];
		int count;
		while ((count = in.read(buffer)) != -1) {
		bytes.write(buffer, 0, count);
		if (bytes.size() > MAXIMUM_CONTENT_LENGTH_BYTES) {
		if (DEBUG) Log.d(TAG, "XTRA file too large");
		return null;
		}
		}
		return bytes.toByteArray();
		}
		} catch (IOException ioe) {
		if (DEBUG) Log.d(TAG, "Error downloading gps XTRA: ", ioe);
		} finally {
		@@ -136,3 +155,4 @@ public class GpsXtraDownloader {
		}

		}