Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit b4a56154 authored by David Christie's avatar David Christie Committed by android-build-merger
Browse files

Fix vulnerability where large GPS XTRA data can be injected. -Can potentially... 

Fix vulnerability where large GPS XTRA data can be injected. -Can potentially crash system with OOM. Bug: 29555864 am: dde12c69
am: 3462e526

Change-Id: I45779f683b417fe2d3cd4f7702d07a9cd13bd6f0
parents f6450100 3462e526

services/core/java/com/android/server/location/GpsXtraDownloader.java

+4 −2
Original line number Diff line number Diff line
@@ -44,6 +44,7 @@ public class GpsXtraDownloader { 


    private static final String TAG = "GpsXtraDownloader";

    static final boolean DEBUG = false;

    private static final long MAXIMUM_CONTENT_LENGTH_BYTES = 1000000;  // 1MB.

    

    private Context mContext;

    private String[] mXtraServers;
@@ -138,8 +139,9 @@ public class GpsXtraDownloader { 
            byte[] body = null;

            if (entity != null) {

                try {

                    if (entity.getContentLength() > 0) {

                        body = new byte[(int) entity.getContentLength()];

                    long contentLength = entity.getContentLength();

                    if (contentLength > 0 && contentLength <= MAXIMUM_CONTENT_LENGTH_BYTES) {

                        body = new byte[(int) contentLength];

                        DataInputStream dis = new DataInputStream(entity.getContent());

                        try {

                            dis.readFully(body);