Android 7.1.1 Release 41 (N4F27E)
-----BEGIN PGP SIGNATURE-----
-----END PGP SIGNATURE-----
Limit account id and id to longs
The security issue occurs because id is allowed to be an arbitrary
path instead of being limited to what it is -- a long. Both id
and account id are now parsed into longs (and if either fails, an
error will be logged and null will be returned).
Tested/verified error is logged using the reported attack.
1 file changed