Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit dde12c69 authored by David Christie's avatar David Christie
Browse files

Fix vulnerability where large GPS XTRA data can be injected. 

-Can potentially crash system with OOM.
Bug: 29555864

Change-Id: I7157f48dddf148a9bcab029cf12e26a58d8054f4
parent 77b55262

services/java/com/android/server/location/GpsXtraDownloader.java

+4 −2
Original line number Diff line number Diff line
@@ -44,6 +44,7 @@ public class GpsXtraDownloader { 


    private static final String TAG = "GpsXtraDownloader";

    static final boolean DEBUG = false;

    private static final long MAXIMUM_CONTENT_LENGTH_BYTES = 1000000;  // 1MB.

    

    private Context mContext;

    private String[] mXtraServers;
@@ -138,8 +139,9 @@ public class GpsXtraDownloader { 
            byte[] body = null;

            if (entity != null) {

                try {

                    if (entity.getContentLength() > 0) {

                        body = new byte[(int) entity.getContentLength()];

                    long contentLength = entity.getContentLength();

                    if (contentLength > 0 && contentLength <= MAXIMUM_CONTENT_LENGTH_BYTES) {

                        body = new byte[(int) contentLength];

                        DataInputStream dis = new DataInputStream(entity.getContent());

                        try {

                            dis.readFully(body);