android_packages_apps_Email - Unnamed repository; edit this file 'description' to name the repository.

diff options

author	Rohan Shah <shahrk@google.com>	2016-08-17 11:23:26 -0700
committer	Jessica Wagantall <jwagantall@cyngn.com>	2016-10-04 16:02:56 -0700
commit	e520d7457a5c2a0d1c841d9949fc198f339aba4d (patch)
tree	f32fe97c0b3b2831df18a3a665c9916507c61667 /NOTICE
parent	a9527a8993c806aed753c2002a4e3fe44c4205b1 (diff)
download	android_packages_apps_Email-stable/cm-13.0-ZNH2K.tar.gz android_packages_apps_Email-stable/cm-13.0-ZNH2K.tar.bz2 android_packages_apps_Email-stable/cm-13.0-ZNH2K.zip

Limit account id and id to longsstable/cm-13.0-ZNH2K

The security issue occurs because id is allowed to be an arbitrary path instead of being limited to what it is -- a long. Both id and account id are now parsed into longs (and if either fails, an error will be logged and null will be returned). Tested/verified error is logged using the reported attack. CYNGNOS-3286 BUG=30745403 Change-Id: Ia21418545bbaeb96fb5ab6c3f4e71858e57b8684 (cherry picked from commit 9794d7e8216138adf143a3b6faf3d5683316a662) (cherry picked from commit c13170a0fd063399b161c3edf824cc5e02413af1)

Diffstat (limited to 'NOTICE')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: