Google Git
Sign in
android / platform / cts / e83b3b96633
commite83b3b9663310b7985edc8301be9b981c16349b5[log] [tgz]
authorAishwarya Mallampati <amallampati@google.com>Wed Aug 10 17:31:13 2022 +0000
committerAishwarya Mallampati <amallampati@google.com>Fri Aug 19 22:13:20 2022 +0000
tree7f365c4ba082bbd4299d808f9eb1905d925383f7
parentc3d65cab73b81e22900164843d700fb37d99a885 [diff]
Check msg_id and thread_type value before
concatenating.

msg_id and thread_type parameters are used for sql injection in MmsSmsProvider#query.
This is solved by checking the value of msg_id and thread_type before concetenating it
to extraSelection.

Bug: 224770183, 224770203
Test: atest android.telephonyprovider.cts.SmsTest
      atest CtsTelephonyTestCases
      Sanity check - sending and receiving sms and mms manually
Change-Id: Id3fd2bc00bdfff95fc922418d8faedcc8d10618e
1 file changed
tree: 7f365c4ba082bbd4299d808f9eb1905d925383f7
  1. .prebuilt_info/
  2. apps/
  3. build/
  4. common/
  5. development/
  6. helpers/
  7. hostsidetests/
  8. libs/
  9. suite/
  10. tests/
  11. tools/
  12. .clang-format
  13. .gitignore
  14. Android.bp
  15. CleanSpec.mk
  16. error_prone_rules.mk
  17. error_prone_rules_tests.mk
  18. PREUPLOAD.cfg
  19. run_unit_tests.sh
  20. test_defs.sh