diff options
author | Tom Taylor <tomtaylor@google.com> | 2016-12-05 13:57:45 -0800 |
---|---|---|
committer | Sean McCreary <mccreary@mcwest.org> | 2017-04-06 13:31:58 -0600 |
commit | 04c487f3f5872ba390e430d95204ab996bbbdc59 (patch) | |
tree | f451bdb71aa778654f0b900103b9268085b34bd3 /res/xml-mcc310-mnc580/mms_config.xml | |
parent | a4098b20bc5af495c367eb108c327466fd1726f6 (diff) | |
download | packages_apps_Messaging-04c487f3f5872ba390e430d95204ab996bbbdc59.tar.gz packages_apps_Messaging-04c487f3f5872ba390e430d95204ab996bbbdc59.tar.bz2 packages_apps_Messaging-04c487f3f5872ba390e430d95204ab996bbbdc59.zip |
32161610 Security Vulnerability - Information disclosure vulnerability in AOSP Messaging
* Check to make sure the returned uri from the gallery picker does
not point to bugle's data directory (or any subdir).
* Test:
Manual-
* I created the test app in the bug, the one that injects the bad
uri into Bugle. I verified the bad behavior before the fix and the
good behavior after.
* I tested the gallery to make sure picking photos,
from the photos app and drive, still work.
* I verified the behavior in the debugger to be sure the code is
catching the bad uri from the test app.
AOSP-Change-Id: I3393f3b886c837a49758b91945cf1e17ec9bee41
Fixes: 32161610
(cherry picked from commit 69ed579fb8092395c4ffeb64ff5147622def3d4a)
Change-Id: Ifbfc78e6404f5f258a98026d3c5a5e76a107ddc8
(cherry picked from commit 9aaf452d882da24e19801fdb09df1e1311986482)
Diffstat (limited to 'res/xml-mcc310-mnc580/mms_config.xml')
0 files changed, 0 insertions, 0 deletions