commit | e83b3b9663310b7985edc8301be9b981c16349b5 | [log] [tgz] |
---|---|---|
author | Aishwarya Mallampati <amallampati@google.com> | Wed Aug 10 17:31:13 2022 +0000 |
committer | Aishwarya Mallampati <amallampati@google.com> | Fri Aug 19 22:13:20 2022 +0000 |
tree | 7f365c4ba082bbd4299d808f9eb1905d925383f7 | |
parent | c3d65cab73b81e22900164843d700fb37d99a885 [diff] |
Check msg_id and thread_type value before concatenating. msg_id and thread_type parameters are used for sql injection in MmsSmsProvider#query. This is solved by checking the value of msg_id and thread_type before concetenating it to extraSelection. Bug: 224770183, 224770203 Test: atest android.telephonyprovider.cts.SmsTest atest CtsTelephonyTestCases Sanity check - sending and receiving sms and mms manually Change-Id: Id3fd2bc00bdfff95fc922418d8faedcc8d10618e