DO NOT MERGE: Fix vulnerability where large GPS XTRA data can be injected.... (e0082aca) · Commits · e / os / android_frameworks_base

services/core/java/com/android/server/location/GpsXtraDownloader.java

+19 −2

Original line number	Diff line number	Diff line
		@@ -21,8 +21,11 @@ import android.util.Log;

		import java.net.HttpURLConnection;
		import java.net.URL;
		import libcore.io.Streams;

		import libcore.io.IoUtils;

		import java.io.ByteArrayOutputStream;
		import java.io.InputStream;
		import java.io.IOException;
		import java.util.Properties;
		import java.util.Random;
		@@ -36,6 +39,7 @@ public class GpsXtraDownloader {

		private static final String TAG = "GpsXtraDownloader";
		private static final boolean DEBUG = Log.isLoggable(TAG, Log.DEBUG);
		private static final long MAXIMUM_CONTENT_LENGTH_BYTES = 1000000; // 1MB.
		private static final String DEFAULT_USER_AGENT = "Android";

		private final String[] mXtraServers;
		@@ -121,7 +125,19 @@ public class GpsXtraDownloader {
		return null;
		}

		return Streams.readFully(connection.getInputStream());
		try (InputStream in = connection.getInputStream()) {
		ByteArrayOutputStream bytes = new ByteArrayOutputStream();
		byte[] buffer = new byte[1024];
		int count;
		while ((count = in.read(buffer)) != -1) {
		bytes.write(buffer, 0, count);
		if (bytes.size() > MAXIMUM_CONTENT_LENGTH_BYTES) {
		if (DEBUG) Log.d(TAG, "XTRA file too large");
		return null;
		}
		}
		return bytes.toByteArray();
		}
		} catch (IOException ioe) {
		if (DEBUG) Log.d(TAG, "Error downloading gps XTRA: ", ioe);
		} finally {
		@@ -133,3 +149,4 @@ public class GpsXtraDownloader {
		}

		}