summaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
* AOSP/Email - bug fix: do not allow composing message with hidden private ↵cm-14.1Raman Tenneti2019-12-031-17/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | data attachments - Switch intent filtering to be blacklist based rather than whitelist based. + Blacklist only EXTRA_IN_REFERENCE_TO_MESSAGE_URI. + Undoing some of the changes from https://android-review.googlesource.com/c/platform/packages/apps/Email/+/961354/ + Ported/merged this change from CL: cl/235253805 (to match the internal version - ComposeActivityGmailExternal.java) Bug: 127320867 Test: manual - Ran the following tests on Pixel phone. Tested the email UI. $ make -j 40 $ make Email -j $ make UnifiedEmailTests -j $ make EmailTests -j -rw-r--r-- 1 rtenneti primarygroup 6356400 Oct 1 12:07 out/target/product/marlin/testcases/Email/arm64/Email.apk -rw-r--r-- 1 rtenneti primarygroup 389599 Oct 1 12:11 out/target/product/marlin/testcases/EmailTests/arm64/EmailTests.apk $ adb install -r -d -g out/target/product/marlin/testcases/Email/arm64/Email.apk $ adb install -r -d -g out/target/product/marlin/testcases/EmailTests/arm64/EmailTests.apk $ adb shell am instrument -w com.android.email.tests Time: 2.739 OK (157 tests) $ atest EmailTests Summary ------- EmailTests: Passed: 157, Failed: 0, Ignored: 0, Assumption Failed: 0 All tests passed! Change-Id: I5a397b61827b82502d26da2496831011956c868a (cherry picked from commit a7637e9ad2199a02fd9c4d6aa51030344afb67a6)
* Deleted "<action android:name="android.intent.action.SEND_MULTIPLE" />" in ↵Raman Tenneti2019-12-031-28/+0
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | "com.android.email.activity.ComposeActivityEmailExternal" activity of the AndroidManifest.xml as part of cleanup. Bug: 139259734 Bug: 127320867 Test: manual - Ran the following tests on Pixel phone. Tested the email UI. $ make -j 40 $ make Email -j $ make EmailTests -j -rw-r--r-- 1 rtenneti primarygroup 6356400 Sep 16 10:59 out/target/product/marlin/testcases/Email/arm64/Email.apk -rw-r--r-- 1 rtenneti primarygroup 389599 Sep 16 10:57 out/target/product/marlin/testcases/EmailTests/arm64/EmailTests.apk $ adb install -r -d -g out/target/product/marlin/testcases/Email/arm64/Email.apk $ adb install -r -d -g out/target/product/marlin/testcases/EmailTests/arm64/EmailTests.apk $ adb shell am instrument -w com.android.email.tests Time: 10.338 OK (157 tests) $ atest EmailTests Summary ------- EmailTests: Passed: 157, Failed: 0, Ignored: 0, Assumption Failed: 0 All tests passed! Deleted "<action android:name="android.intent.action.SEND" />" in "com.android.email.activity.ComposeActivityEmailExternal" activity of the AndroidManifest.xml as part of cleanup. Bug: 139259734 Bug: 127320867 Test: manual - Ran the following tests on Pixel phone. Tested the email UI. $ make -j 40 $ make Email -j $ make EmailTests -j -rw-r--r-- 1 rtenneti primarygroup 6356400 Sep 18 15:32 out/target/product/marlin/testcases/Email/arm64/Email.apk -rw-r--r-- 1 rtenneti primarygroup 389599 Sep 18 15:32 out/target/product/marlin/testcases/EmailTests/arm64/EmailTests.apk $ adb install -r -d -g out/target/product/marlin/testcases/Email/arm64/Email.apk $ adb install -r -d -g out/target/product/marlin/testcases/EmailTests/arm64/EmailTests.apk $ adb shell am instrument -w com.android.email.tests Time: 3.38 OK (157 tests) $ atest EmailTests com.android.email.tests (157 Tests) [1/157] com.android.email.DummyFlakyTest#imNotReallyFlaky: PASSED (2ms) ... [157/157] com.android.emailcommon.utility.UtilityTest#testParseEmailDateTime: PASSED (0ms) EmailTests: Passed: 157, Failed: 0, Ignored: 0, Assumption Failed: 0 All tests passed! Change-Id: Iff7a42a3248a8b45cf128d2335624fc298c8888c (cherry picked from commit 37275ba2833057630de85bfa95c141ec55c6d304) Merged-In: Iff7a42a3248a8b45cf128d2335624fc298c8888c (cherry picked from commit 25fb2204e56f3750cec63cffbb9e2f76e7f21ca4)
* AOSP/Email - Secure UPDATE_WIDGET receiver with a new permissionRaman Tenneti2019-12-031-0/+8
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The update methods sends a broadcast with the account name, the folder, etc. This implicitly bypasses the GET_ACCOUNT permission if a third-party applications listens to this broadcast. - Introduce a new app permission - com.android.email.permission.GET_WIDGET_UPDATE - Now the com.android.email.permission.GET_WIDGET_UPDATE is required to - receive the emitted broadcast - Add this permission to our existing widgets. Ported changes from cr/106302205 - added uses-permission GET_WIDGET_UPDATE, so Gmail app has the permission to receive the intent Bug: 139803872 Test: manual - Ran the following tests on Pixel phone. Tested the email UI. $ make -j 40 $ make Email -j $ make EmailTests -j -rw-r--r-- 1 rtenneti primarygroup 6356400 Sep 16 14:10 out/target/product/marlin/testcases/Email/arm64/Email.apk -rw-r--r-- 1 rtenneti primarygroup 389599 Sep 16 14:18 out/target/product/marlin/testcases/EmailTests/arm64/EmailTests.apk $ adb install -r -d -g out/target/product/marlin/testcases/Email/arm64/Email.apk $ adb install -r -d -g out/target/product/marlin/testcases/EmailTests/arm64/EmailTests.apk $ adb shell am instrument -w com.android.email.tests Time: 34.746 OK (157 tests) $ atest EmailTests Summary ------- EmailTests: Passed: 157, Failed: 0, Ignored: 0, Assumption Failed: 0 All tests passed! $ adb install ../security_attack/bug_139803872/poc.apk Captured the logcat output at rtenneti's x20web logcat.out.0916.1503 while reproducting the steps in b/139803872#comment3 Change-Id: I6eea128c20b555b38d325e3706473bb18080bedd Merged-In: I6eea128c20b555b38d325e3706473bb18080bedd (cherry picked from commit d1be7a4fbe555a00d2c7f494e7ab5cc7a442ac87)
* AOSP/Email - Create an empty Bundle if originalExtras doesn't exit. ↵Raman Tenneti2019-09-051-0/+3
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | Backporting the fix to fix NullPointerException. + Added "originalExtras = new Bundle();" change from cl/247540041 Bug: 135889250 Bug: 127320867 Test: manual - Ran the following tests on Pixel phone. Tested the email UI. $ make -j 40 -rw-r--r-- 1 rtenneti primarygroup 6371530 Jun 25 17:23 out/target/product/marlin/system/product/app/Email/Email.apk $ make EmailTests -j -rw-r--r-- 1 rtenneti primarygroup 365023 Jun 25 17:49 out/target/product/marlin/testcases/EmailTests/arm64/EmailTests.apk $ adb install -r out/target/product/marlin/system/product/app/Email/Email.apk $ adb install -r out/target/product/marlin/testcases/EmailTests/arm64/EmailTests.apk $ adb shell am instrument -w com.android.email.tests Time: 2.986 OK (157 tests) Change-Id: Ica9eb7ad3ddd11c752a526c2b1d5f086c74da283 Merged-In: Ica9eb7ad3ddd11c752a526c2b1d5f086c74da283 (cherry picked from commit 3150b66305bea67a83ce289c42c85efc669088d3)
* AOSP/Email - bug fix: do not allow composing message with hidden private ↵Raman Tenneti2019-09-051-0/+36
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | data attachments. Ported/merged thefollowing from CL https://critique.corp.google.com/#review/247540041 original file: java/com/google/android/apps/gmail/unifiedgmail/src/com/google/android/gm/ComposeActivityGmailExternal.java aosp's version: src/com/android/email/activity/ComposeActivityEmailExternal.java Change description from the above CL: "Switch intent filtering to be whitelist based rather than blacklist based. ComposeActivityGmailExternal should whitelist what extras we allow in. This is a very belated follow up to cl/235253805 where I wrote a quick fix as a blacklist based solution." Bug: 127320867 Test: manual - Ran the following tests on Pixel phone. Tested the email UI. $ make -j 40 -rw-r--r-- 1 rtenneti primarygroup 6375626 May 5 19:49 out/target/product/marlin/system/product/app/Email/Email.apk $ make UnifiedEmailTests -j -rw-r--r-- 1 rtenneti primarygroup 311703 May 5 20:04 out/target/product/marlin/testcases/UnifiedEmailTests/arm64/UnifiedEmailTests.apk $ make EmailTests -j -rw-r--r-- 1 rtenneti primarygroup 365023 May 13 14:39 out/target/product/marlin/testcases/EmailTests/arm64/EmailTests.apk $ adb install -r out/target/product/marlin/system/product/app/Email/Email.apk $ adb install -r out/target/product/marlin/testcases/EmailTests/arm64/EmailTests.apk $ adb install -r out/target/product/marlin/testcases/UnifiedEmailTests/arm64/UnifiedEmailTests.apk $ adb shell am instrument -w com.android.mail.emailtests Time: 3.519 OK (157 tests) Change-Id: I5f6541ceb79a1a1c598d0c8207e3cab98d1a8ac5 Merged-In: I5f6541ceb79a1a1c598d0c8207e3cab98d1a8ac5 (cherry picked from commit e81f6f92bbdd43f34aa25fc2b7605aeb887af2cc)
* Automatic translation importMichael Bestas2019-08-065-20/+49
| | | | Change-Id: I70ac6d82eb7501bb39030930f3006366e4d99af2
* Automatic translation importMichael Bestas2019-03-11106-6169/+1555
| | | | Change-Id: I6bdafeef2e38c8d502d203bceffc75c8c8db4bf1
* AOSP/Email - Second part of the Security Vulnerability fix -Raman Tenneti2019-02-062-1/+46
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Email App: Malicious app is able to compose message with hidden attachments and bypass attachments path checks attaching private files from /data/data/com.android.email/* + Ported the following CLs. Code is different from gmail. Made the changes to work with Email. ++ https://critique.corp.google.com/#review/136780360 +++ Differentiating our Compose intents from other app's intent. Added ComposeActivityEmailExternal method and it always returns true. Treat body and quoted text as plaintext if intent is external. Bug: 32068883 Bug: 32502421 Bug: 32589229 Test: manual - Ran the following tests on Pixel phone. Tested the Email UI. $ adb install -r out/target/product/marlin/system/app/Email/Email.apk $ adb install -r app-debug.apk Success $ adb shell am start -n com.test.poc.poc32589229/.MainActivity -a android.intent.action.MAIN Starting: Intent { act=android.intent.action.MAIN cmp=com.test.poc.poc32589229/.MainActivity } Duplicated the steps in https://b.corp.google.com/issues/32589229#comment5 and didn't get the attachments after the fix (was getting attachments before the fix). $ adb install -r out/target/product/marlin/testcases/EmailTests/EmailTests.apk Performing Streamed Install Success $ adb shell am instrument -w com.android.email.tests The number of failures are same as before (with or without this change). Tests run: 158, Failures: 5 Change-Id: I4eda17af7f60e1c92f49ffa6025b328f6481ec76 (cherry picked from commit c87d04b8c190f52c4f7e8a22dfaa2b5e065415fe)
* Automatic translation importMichael Bestas2018-10-142-2/+97
| | | | Change-Id: Ia4ce7b4838d3047f23686764fd898c6508e46351
* Email: Remove leftover translationsTim Schumacher2018-05-241-6/+0
| | | | Change-Id: I1deb886aea64286eee5f12bccc5747ac12cd66fd
* Disallow attaching files from our own EmailAttachmentProvider.Ekin Oguz2018-04-061-0/+5
| | | | | | | | | | | | This is to backport a security fix reported in b/71814449 and b/72569023. Fix is using the same approach as b/27308057, which is to prevent Compose from accepting URIs with our own email attachment provider. Bug: b/71814449 Change-Id: Ib9df21648d00d2ef2da9fac05cc39fee253de8e2 (cherry picked from commit 7227751994624bdb2ba958714cc861b8bab41634) (cherry picked from commit c3e0aba2a604ce7c3807d65df1e6a2b848287019)
* Automatic translation importMichael Bestas2018-03-281-0/+1
| | | | Change-Id: I23bccf9f87b9532438e33fff72cdd99c43fc2ddc
* Automatic translation importMichael Bestas2018-02-045-0/+669
| | | | Change-Id: I1b50920db97252079205c7c4584ce719e0b857b8
* Automatic translation importMichael W2018-01-131-0/+14
| | | | Change-Id: I2816d769a64d4318da0a94bf38d020db55469c7c
* Automatic translation importAbhisek Devkota2017-12-164-0/+660
| | | | Change-Id: I0ffc1534fc50c21a3285988a878525b3247c1533
* Automatic translation importAbhisek Devkota2017-12-112-0/+330
| | | | Change-Id: I9c6c1a02167515d69bd0468aea01d6d98e33ed66
* Remove obsolete values-be translationsMichael Bestas2017-09-302-334/+0
| | | | | | * values-be-rBY is used now Change-Id: I44ff7b52687302236129102f76f9da5f311dddd7
* Automatic translation importAbhisek Devkota2017-09-181-5/+15
| | | | Change-Id: Ia2727dc1f9a929110749196d70e8de81cf224515
* Automatic translation importAbhisek Devkota2017-08-031-0/+10
| | | | Change-Id: If6e1190646b0a2e685c6be94dcc172da71402a98
* Automatic translation importAbhisek Devkota2017-07-271-0/+4
| | | | Change-Id: I7ec765f3f539ad2e099f5c6ccf17f6d8c687b434
* Automatic translation importAbhisek Devkota2017-07-251-1/+1
| | | | Change-Id: I0bccf995014e38dd79ef812b8799a7112ec1be82
* Adjust Email UnitTests to e353ae2ea19c9ea800d10b37e05de7b0ea1aeeb4Zennoe2017-06-083-13/+13
| | | | | | | | The mentioned commit changed the parameter type expected by getTextFromPart(Part part, boolean closeInput) to getTextFromPart(Part part, ArrayList<InputStream> outInputStreams). Instead of setting closeInput to true we now have to provide a null object, if we want new input streams to be closed after use. This commit adjusts the UnitTests to the new behaviour. Change-Id: I6e8196c73e275ff17c06e79b7ed2f64d73f8e9cf
* Fix check for deleted messages.Danny Baumann2017-05-291-22/+25
| | | | | | | | If we deleted a message locally, there won't be a local message map entry for the DELETED flag update case, so we need to remove the message from the unsynced message list before checking the local map entry. Change-Id: Ib83703dde85ce65d2f292fb37241e3be23eeb5d8
* Close body InputStreams correctly.Danny Baumann2017-05-291-13/+6
| | | | | | | The getInputStream() method returns a new stream each time, so it's not suitable for getting references to previously opened InputStreams. Change-Id: I68110810edecccdcd79a0503e210f5e7f17860d8
* Fix message duplication on flag update.Danny Baumann2017-05-241-1/+4
| | | | | | | | | | | | | | | | When updating e.g. the 'seen' flag of a message, it might happen that a duplicate for that message is created. Root cause was that the wrong local message for the remote message was put into the cache map, which later led to message lookup failure, which made the code believe the message still needs to be downloaded (again). Additionally, ghost messages could be created after deleting messages when the IDLE connection reported the 'deleted' flag being set after doing the deletion locally. In that case, the local message was supposed to not be present in the lookup map, but the remote message list was not updated correctly to reflect the deletion. Change-Id: I954ea65cfe17b11a7f9ba19020399ac8cc6c3745
* Search in folder specified via URI parameter, if possible.Danny Baumann2017-05-241-4/+20
| | | | Change-Id: Ie2e9b8f4980be593e65c8d1c57dab785aa1efb29
* Automatic translation importAbhisek Devkota2017-04-203-1/+18
| | | | Change-Id: I8bf2a91d6f0c05b0e2d30a6c38bd58fc4ed1943b
* Merge tag 'android-7.1.2_r2' into cm-14.1staging/cm-14.1_android-7.1.2_r2Dan Pasanen2017-04-050-0/+0
|\ | | | | | | | | | | | | | | Android 7.1.2 Release 2 (N2G47E) # gpg: Signature made Mon 03 Apr 2017 01:41:49 AM CDT # gpg: using DSA key E8AD3F819AB10E78 # gpg: Can't check signature: No public key
| * DO NOT MERGE Limit account id and id to longs am: 4d43d4ae1c am: 87be55a2c5 ↵Rohan Shah2016-08-220-0/+0
| |\ | | | | | | | | | | | | | | | | | | | | | am: 0f1787b8e4 -s ours am: e33dde450b -s ours am: 57aa11328a am: e411343c31 am: fe28569bf2 -s ours am: fb09c27ba3 am: b5d75c8af5 am: 8da5eddeb6 am: 956a850170 -s ours am: 42f2549716 am: 2c678233d3 am: 7b509c2890 Change-Id: Idc8c20d79d6c17eed8d299b1336dc58fbb5d6496
| | * DO NOT MERGE Limit account id and id to longs am: 4d43d4ae1c am: 87be55a2c5 ↵Rohan Shah2016-08-220-0/+0
| | |\ | | | | | | | | | | | | | | | | | | | | | | | | | | | | am: 0f1787b8e4 -s ours am: e33dde450b -s ours am: 57aa11328a am: e411343c31 am: fe28569bf2 -s ours am: fb09c27ba3 am: b5d75c8af5 am: 8da5eddeb6 am: 956a850170 -s ours am: 42f2549716 am: 2c678233d3 Change-Id: I9492da0fd8f2c12571e9a183e6491de5c2f46c3f
| | | * DO NOT MERGE Limit account id and id to longs am: 4d43d4ae1c am: 87be55a2c5 ↵Rohan Shah2016-08-220-0/+0
| | | |\ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | am: 0f1787b8e4 -s ours am: e33dde450b -s ours am: 57aa11328a am: e411343c31 am: fe28569bf2 -s ours am: fb09c27ba3 am: b5d75c8af5 am: 8da5eddeb6 am: 956a850170 -s ours am: 42f2549716 Change-Id: I682ce21861160ffdeeeeb914968b2a1c31f725e8
| | | | * DO NOT MERGE Limit account id and id to longs am: 4d43d4ae1c am: 87be55a2c5 ↵Rohan Shah2016-08-220-0/+0
| | | | |\ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | am: 0f1787b8e4 -s ours am: e33dde450b -s ours am: 57aa11328a am: e411343c31 am: fe28569bf2 -s ours am: fb09c27ba3 am: b5d75c8af5 am: 8da5eddeb6 am: 956a850170 -s ours Change-Id: Ibffa5650d7ee57c4df19824efdfccbfd9ef4045d
| | | | | * DO NOT MERGE Limit account id and id to longs am: 4d43d4ae1c am: 87be55a2c5 ↵Rohan Shah2016-08-220-0/+0
| | | | | |\ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | am: 0f1787b8e4 -s ours am: e33dde450b -s ours am: 57aa11328a am: e411343c31 am: fe28569bf2 -s ours am: fb09c27ba3 am: b5d75c8af5 am: 8da5eddeb6 Change-Id: I6be321778f32e13e823ba244f59ee071ae358878
| | | | | | * DO NOT MERGE Limit account id and id to longs am: 4d43d4ae1c am: 87be55a2c5 ↵Rohan Shah2016-08-220-0/+0
| | | | | | |\ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | am: 0f1787b8e4 -s ours am: e33dde450b -s ours am: 57aa11328a am: e411343c31 am: fe28569bf2 -s ours am: fb09c27ba3 am: b5d75c8af5 Change-Id: I946158738844b48866e9d5e4f17cd17ab2bf9f70
| | | | | | | * DO NOT MERGE Limit account id and id to longs am: 4d43d4ae1c am: 87be55a2c5 ↵Rohan Shah2016-08-220-0/+0
| | | | | | | |\ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | am: 0f1787b8e4 -s ours am: e33dde450b -s ours am: 57aa11328a am: e411343c31 am: fe28569bf2 -s ours am: fb09c27ba3 Change-Id: Iddbf33a00472c8d6eb9992befd4efbda873d0c8a
| | | | | | | | * DO NOT MERGE Limit account id and id to longs am: 4d43d4ae1c am: 87be55a2c5 ↵Rohan Shah2016-08-220-0/+0
| | | | | | | | |\ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | am: 0f1787b8e4 -s ours am: e33dde450b -s ours am: 57aa11328a am: e411343c31 am: fe28569bf2 -s ours Change-Id: I3773c0168b520ce1bb61ddccadff2fc4f2804ed2
| | | | | | | | | * DO NOT MERGE Limit account id and id to longs am: 4d43d4ae1c am: 87be55a2c5 ↵Rohan Shah2016-08-220-0/+0
| | | | | | | | | |\ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | am: 0f1787b8e4 -s ours am: e33dde450b -s ours am: 57aa11328a am: e411343c31 Change-Id: I39d20b12cfdef8a6faefe3e1c943300402cbe3d3
| | | | | | | | | | * DO NOT MERGE Limit account id and id to longs am: 4d43d4ae1c am: 87be55a2c5 ↵Rohan Shah2016-08-220-0/+0
| | | | | | | | | | |\ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | am: 0f1787b8e4 -s ours am: e33dde450b -s ours am: 57aa11328a Change-Id: Ie81690e2de660eec58512d1a43ffd52fedbca827
| | | | | | | | | | | * DO NOT MERGE Limit account id and id to longs am: 4d43d4ae1c am: 87be55a2c5 ↵Rohan Shah2016-08-220-0/+0
| | | | | | | | | | | |\ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | am: 0f1787b8e4 -s ours am: e33dde450b -s ours Change-Id: I2da37316922f306cc9f2156016f6a62a43acb569
| | | | | | | | | | | | * DO NOT MERGE Limit account id and id to longs am: 4d43d4ae1c am: 87be55a2c5Rohan Shah2016-08-220-0/+0
| | | | | | | | | | | | |\ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | am: 0f1787b8e4 -s ours Change-Id: Id5097ae2be27a6ade1b67469292538bffd616ca5
| | | | | | | | | | | | | * DO NOT MERGE Limit account id and id to longs am: 4d43d4ae1cRohan Shah2016-08-221-5/+9
| | | | | | | | | | | | | |\ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | am: 87be55a2c5 Change-Id: Id7a231bc6408ce29b3ce6e623cfd1deb6ce05adf
| | | | | | | | | | | | | | * DO NOT MERGE Limit account id and id to longsRohan Shah2016-08-221-5/+9
| | | | | | | | | | | | | | |\ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | am: 4d43d4ae1c Change-Id: I5d4203b5b5239d1c5a4f2715a343be3f01a7e339
| | | | | | | | | | | | | | | * DO NOT MERGE Limit account id and id to longsRohan Shah2016-08-171-5/+9
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The security issue occurs because id is allowed to be an arbitrary path instead of being limited to what it is -- a long. Both id and account id are now parsed into longs (and if either fails, an error will be logged and null will be returned). Tested/verified error is logged using the reported attack. BUG=30745403 Change-Id: Ibe87479fd798da7da0e8809e37a39a4dfc708658
| * | | | | | | | | | | | | | | Limit account id and id to longs am: 9794d7e821 am: 4fc61f9a45 am: ↵Rohan Shah2016-08-191-5/+9
| |\| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | 9b35eea4c5 am: 093c608106 am: c7ba2c9c4e am: a2c9fbde45 am: 4b0afdab56 am: 244074273b am: 2a40e91775 am: 9f9c17637c am: 77c0c25126 Change-Id: I99b543f5e926b80b0562aa2d63ce5dc06dc33c52
| | * | | | | | | | | | | | | | Limit account id and id to longs am: 9794d7e821 am: 4fc61f9a45 am: ↵Rohan Shah2016-08-191-5/+9
| |/| | | | | | | | | | | | | | | | |/ / / / / / / / / / / / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | 9b35eea4c5 am: 093c608106 am: c7ba2c9c4e am: a2c9fbde45 am: 4b0afdab56 am: 244074273b am: 2a40e91775 am: 9f9c17637c Change-Id: I756ba62e388f4f71f00a21ba3fb673d584de9563
| | * / / / / / / / / / / / / Limit account id and id to longs am: 9794d7e821 am: 4fc61f9a45 am: ↵Rohan Shah2016-08-191-5/+9
| |/| | | | | | | | | | | | | | | |/ / / / / / / / / / / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | 9b35eea4c5 am: 093c608106 am: c7ba2c9c4e am: a2c9fbde45 am: 4b0afdab56 am: 244074273b am: 2a40e91775 Change-Id: If5fd6f49691d2709b5ed89faa1d564c27b1f9091
| | * | | | | | | | | | | | Limit account id and id to longs am: 9794d7e821 am: 4fc61f9a45 am: ↵Rohan Shah2016-08-191-5/+9
| | |\| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | 9b35eea4c5 am: 093c608106 am: c7ba2c9c4e am: a2c9fbde45 am: 4b0afdab56 am: 244074273b Change-Id: I70ff67e29992b44596364a5aa426cd8acbd0b403
| | | * | | | | | | | | | | Limit account id and id to longs am: 9794d7e821 am: 4fc61f9a45 am: ↵Rohan Shah2016-08-191-5/+9
| | | |\| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | 9b35eea4c5 am: 093c608106 am: c7ba2c9c4e am: a2c9fbde45 am: 4b0afdab56 Change-Id: I993285ade7ed21785eee9e27eaa37bab81221b5b
| | | | * | | | | | | | | | Limit account id and id to longs am: 9794d7e821 am: 4fc61f9a45 am: ↵Rohan Shah2016-08-191-5/+9
| | | | |\| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | 9b35eea4c5 am: 093c608106 am: c7ba2c9c4e am: a2c9fbde45 Change-Id: Ida56bd49be857709ddfecb8cf142ddc386f6d3cc
| | | | | * | | | | | | | | Limit account id and id to longs am: 9794d7e821 am: 4fc61f9a45 am: ↵Rohan Shah2016-08-191-5/+9
| | | | | |\| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | 9b35eea4c5 am: 093c608106 am: c7ba2c9c4e Change-Id: I1954ff3a746c01d32283780af76dcc336a5d93fa
generated by cgit v1.2.3 (git 2.25.1) at 2024-04-28 14:15:36 +0000