diff options
| author | Rohan Shah <shahrk@google.com> | 2016-08-17 11:23:26 -0700 |
|---|---|---|
| committer | Jessica Wagantall <jwagantall@cyngn.com> | 2016-10-13 12:21:48 -0700 |
| commit | 283516cea908c6676996a12ed36d5f465eb0d703 (patch) | |
| tree | d00d611a8d8dea9ebc70f9e123a04936cf0c6a95 /res/values-ky-rKG | |
| parent | 1d5c0cfbaaa90fd9aeef7ad8096d534d9a081100 (diff) | |
| download | android_packages_apps_Email-stable/cm-12.1-YOG7D.tar.gz android_packages_apps_Email-stable/cm-12.1-YOG7D.tar.bz2 android_packages_apps_Email-stable/cm-12.1-YOG7D.zip | |
Limit account id and id to longsstable/cm-12.1-YOG7D
The security issue occurs because id is allowed to be an arbitrary
path instead of being limited to what it is -- a long. Both id
and account id are now parsed into longs (and if either fails, an
error will be logged and null will be returned).
Tested/verified error is logged using the reported attack.
CYNGNOS-3286
BUG=30745403
Change-Id: Ia21418545bbaeb96fb5ab6c3f4e71858e57b8684
(cherry picked from commit 9794d7e8216138adf143a3b6faf3d5683316a662)
Diffstat (limited to 'res/values-ky-rKG')
0 files changed, 0 insertions, 0 deletions