diff options
| author | Andres Morales <anmorales@google.com> | 2014-07-22 11:04:21 -0700 |
|---|---|---|
| committer | Andres Morales <anmorales@google.com> | 2014-08-07 00:45:03 +0000 |
| commit | 78ce5e8c9f9e01502f5a544b7488b1ee000a2b6f (patch) | |
| tree | fbeff627819f9273e052cee85ca253e9f8196a95 /src/com/android/settings/nfc | |
| parent | f34c3501948190acf44defefba8eb161ec6dc07b (diff) | |
| download | packages_apps_Settings-78ce5e8c9f9e01502f5a544b7488b1ee000a2b6f.tar.gz packages_apps_Settings-78ce5e8c9f9e01502f5a544b7488b1ee000a2b6f.tar.bz2 packages_apps_Settings-78ce5e8c9f9e01502f5a544b7488b1ee000a2b6f.zip | |
Prevent newlines and long captions selecting default payment app
This would allow attackers to spoof the default selection
dialog causing the user to unkowingly change their default
payment handler.
Bug: 15906632
Change-Id: I49ad2a7351bd6d2c1f9a79ad9be0cbc9787ca6c3
Diffstat (limited to 'src/com/android/settings/nfc')
| -rw-r--r-- | src/com/android/settings/nfc/PaymentDefaultDialog.java | 20 |
1 files changed, 17 insertions, 3 deletions
diff --git a/src/com/android/settings/nfc/PaymentDefaultDialog.java b/src/com/android/settings/nfc/PaymentDefaultDialog.java index 6bc29e19a..33ac94743 100644 --- a/src/com/android/settings/nfc/PaymentDefaultDialog.java +++ b/src/com/android/settings/nfc/PaymentDefaultDialog.java @@ -34,6 +34,7 @@ public final class PaymentDefaultDialog extends AlertActivity implements DialogInterface.OnClickListener { public static final String TAG = "PaymentDefaultDialog"; + private static final int PAYMENT_APP_MAX_CAPTION_LENGTH = 40; private PaymentBackend mBackend; private ComponentName mNewDefault; @@ -109,12 +110,14 @@ public final class PaymentDefaultDialog extends AlertActivity implements p.mTitle = getString(R.string.nfc_payment_set_default_label); if (defaultPaymentApp == null) { String formatString = getString(R.string.nfc_payment_set_default); - String msg = String.format(formatString, requestedPaymentApp.caption); + String msg = String.format(formatString, + sanitizePaymentAppCaption(requestedPaymentApp.caption.toString())); p.mMessage = msg; } else { String formatString = getString(R.string.nfc_payment_set_default_instead_of); - String msg = String.format(formatString, requestedPaymentApp.caption, - defaultPaymentApp.caption); + String msg = String.format(formatString, + sanitizePaymentAppCaption(requestedPaymentApp.caption.toString()), + sanitizePaymentAppCaption(defaultPaymentApp.caption.toString())); p.mMessage = msg; } p.mPositiveButtonText = getString(R.string.yes); @@ -126,4 +129,15 @@ public final class PaymentDefaultDialog extends AlertActivity implements return true; } + private String sanitizePaymentAppCaption(String input) { + String sanitizedString = input.replace('\n', ' ').replace('\r', ' ').trim(); + + + if (sanitizedString.length() > PAYMENT_APP_MAX_CAPTION_LENGTH) { + return sanitizedString.substring(0, PAYMENT_APP_MAX_CAPTION_LENGTH); + } + + return sanitizedString; + } + } |