CRLF Injection in Nfc ConfirmConnectActivity CRLF Injection in Nfc ConfirmConnectActivity to Trick User Into Pairing via Bluetooth Name in NDEF Message Bug: 176445224 Test: build ok Change-Id: I6fbe5024de40c240f45a8a0c1c8ede13e8ee259f (cherry picked from commit ff1fcc3edd8c01cc3f258e1ed7580af45df2f3ec)

commit: 93068b048d0cab72805ec7dd2020b433c82e5f45 [log] [tgz]
author: Alisher Alikhodjaev <alisher@google.com> Tue Apr 20 16:38:46 2021 -0700
committer: android-build-team Robot <android-build-team-robot@google.com> Thu May 20 00:01:21 2021 +0000
tree: 58fcc58164a5559aec7c0ee47064e2a612f2bbb2
parent: 61750f1181ace3ca390489599e36f0e3b725afb0 [diff]
diff --git a/src/com/android/nfc/handover/ConfirmConnectActivity.java b/src/com/android/nfc/handover/ConfirmConnectActivity.java
index 5574469..159eee0 100644
--- a/src/com/android/nfc/handover/ConfirmConnectActivity.java
+++ b/src/com/android/nfc/handover/ConfirmConnectActivity.java

@@ -44,8 +44,9 @@
         mDevice = launchIntent.getParcelableExtra(BluetoothDevice.EXTRA_DEVICE);
         if (mDevice == null) finish();
         Resources res = getResources();
+        String btExtraName = launchIntent.getStringExtra(BluetoothDevice.EXTRA_NAME);
         String confirmString = String.format(res.getString(R.string.confirm_pairing),
-                launchIntent.getStringExtra(BluetoothDevice.EXTRA_NAME));
+                "\"" + btExtraName.replaceAll("\\r|\\n", "") + "\"");
         builder.setMessage(confirmString)
                .setCancelable(false)
                .setPositiveButton(res.getString(R.string.pair_yes),
commit	93068b048d0cab72805ec7dd2020b433c82e5f45	[log] [tgz]
author	Alisher Alikhodjaev <alisher@google.com>	Tue Apr 20 16:38:46 2021 -0700
committer	android-build-team Robot <android-build-team-robot@google.com>	Thu May 20 00:01:21 2021 +0000
tree	58fcc58164a5559aec7c0ee47064e2a612f2bbb2
parent	61750f1181ace3ca390489599e36f0e3b725afb0 [diff]