Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit df7bd91d authored by David Christie's avatar David Christie Committed by Android (Google) Code Review
Browse files

Merge "Fix vulnerability where large GPS XTRA data can be injected. -Can... 

Merge "Fix vulnerability where large GPS XTRA data can be injected. -Can potentially crash system with OOM. Bug: 29555864" into klp-dev
parents df17644d dde12c69

services/java/com/android/server/location/GpsXtraDownloader.java

+4 −2
Original line number Diff line number Diff line
@@ -44,6 +44,7 @@ public class GpsXtraDownloader { 


    private static final String TAG = "GpsXtraDownloader";

    static final boolean DEBUG = false;

    private static final long MAXIMUM_CONTENT_LENGTH_BYTES = 1000000;  // 1MB.

    

    private Context mContext;

    private String[] mXtraServers;
@@ -138,8 +139,9 @@ public class GpsXtraDownloader { 
            byte[] body = null;

            if (entity != null) {

                try {

                    if (entity.getContentLength() > 0) {

                        body = new byte[(int) entity.getContentLength()];

                    long contentLength = entity.getContentLength();

                    if (contentLength > 0 && contentLength <= MAXIMUM_CONTENT_LENGTH_BYTES) {

                        body = new byte[(int) contentLength];

                        DataInputStream dis = new DataInputStream(entity.getContent());

                        try {

                            dis.readFully(body);