CRLF Injection in Nfc ConfirmConnectActivity
CRLF Injection in Nfc ConfirmConnectActivity to Trick User Into Pairing
via Bluetooth Name in NDEF Message
Bug: 176445224
Test: build ok
Change-Id: I6fbe5024de40c240f45a8a0c1c8ede13e8ee259f
(cherry picked from commit ff1fcc3edd8c01cc3f258e1ed7580af45df2f3ec)
diff --git a/src/com/android/nfc/handover/ConfirmConnectActivity.java b/src/com/android/nfc/handover/ConfirmConnectActivity.java
index 5574469..159eee0 100644
--- a/src/com/android/nfc/handover/ConfirmConnectActivity.java
+++ b/src/com/android/nfc/handover/ConfirmConnectActivity.java
@@ -44,8 +44,9 @@
mDevice = launchIntent.getParcelableExtra(BluetoothDevice.EXTRA_DEVICE);
if (mDevice == null) finish();
Resources res = getResources();
+ String btExtraName = launchIntent.getStringExtra(BluetoothDevice.EXTRA_NAME);
String confirmString = String.format(res.getString(R.string.confirm_pairing),
- launchIntent.getStringExtra(BluetoothDevice.EXTRA_NAME));
+ "\"" + btExtraName.replaceAll("\\r|\\n", "") + "\"");
builder.setMessage(confirmString)
.setCancelable(false)
.setPositiveButton(res.getString(R.string.pair_yes),