tag | eb4f354e5472d83eeb7e73373edc7c8a3bfdf8bd | |
---|---|---|
tagger | The Android Open Source Project <initial-contribution@android.com> | Tue Nov 19 15:39:30 2019 -0800 |
object | 97363531d7a81e09dace3f0875d42acd049994bd |
Android CTS 7.1 Release 29 (5932587)
commit | 97363531d7a81e09dace3f0875d42acd049994bd | [log] [tgz] |
---|---|---|
author | Rohan Shah <shahrk@google.com> | Wed Aug 17 11:23:26 2016 -0700 |
committer | gitbuildkicker <android-build@google.com> | Fri Aug 19 13:39:23 2016 -0700 |
tree | dded6d8c72567358e3e23bbcc3dc2e630e8e0a01 | |
parent | 5b7e3ee881371b0d0492efbb7dd7c9fbc199ef7e [diff] |
Limit account id and id to longs The security issue occurs because id is allowed to be an arbitrary path instead of being limited to what it is -- a long. Both id and account id are now parsed into longs (and if either fails, an error will be logged and null will be returned). Tested/verified error is logged using the reported attack. BUG=30745403 Change-Id: Ia21418545bbaeb96fb5ab6c3f4e71858e57b8684