Google Git
Sign in
android / platform / packages / apps / Email / android-cts-7.0_r9
tag45b5c43afe93d628f18841895093451634158a41
taggerThe Android Open Source Project <initial-contribution@android.com>Tue May 02 16:16:21 2017 -0700
object6b2b0bd7c771c698f11d7be89c2c57c8722c7454 
Android CTS 7.0 Release 9 (3943095)
commit6b2b0bd7c771c698f11d7be89c2c57c8722c7454[log] [tgz]
authorRohan Shah <shahrk@google.com>Wed Aug 17 11:23:26 2016 -0700
committergitbuildkicker <android-build@google.com>Fri Aug 26 10:41:00 2016 -0700
treeca0ddef78980f66a5266276dd8fbfbf9ff75ce2d
parent05ddb0c52e9080c7e2b77bfd94c155701544af71 [diff]
Limit account id and id to longs

The security issue occurs because id is allowed to be an arbitrary
path instead of being limited to what it is -- a long. Both id
and account id are now parsed into longs (and if either fails, an
error will be logged and null will be returned).

Tested/verified error is logged using the reported attack.

BUG=30745403

Change-Id: Ia21418545bbaeb96fb5ab6c3f4e71858e57b8684
(cherry picked from commit 9794d7e8216138adf143a3b6faf3d5683316a662)
1 file changed
tree: ca0ddef78980f66a5266276dd8fbfbf9ff75ce2d
  1. assets/
  2. emailcommon/
  3. provider_src/
  4. res/
  5. src/
  6. tests/
  7. .classpath
  8. .project
  9. Android.mk
  10. AndroidManifest.xml
  11. CleanSpec.mk
  12. MODULE_LICENSE_APACHE2
  13. NOTICE
  14. proguard-test.flags
  15. proguard.flags