diff options
| author | 2022-03-08 10:50:14 +0800 | |
|---|---|---|
| committer | 2022-05-26 06:19:51 +0000 | |
| commit | 6390b37a3b32fc7583154d53fda3af8fbd95f59f (patch) | |
| tree | d1a2667ac1304deac17a267c18d7cf5b1c0a509d | |
| parent | 53ac502a1a2276771ff36037fbcb5225f17a744e (diff) | |
Stop using invalid URL to prevent unexpected crash
Verify the input PAC Uri before performing follow-up actions.
Check if the URL is a valid URL to filter some invalid URLs since
these invalid URLs could not fall into any subclass of existing
URLConnections. When the PAC Uri is other invalid URL scheme, it
will cause an UnsupportedOperationException if there is no proper
subclass that implements the openConnection() method.
A malformed URL may crash the system.
Even it's a valid URL, some subclasses(e.g. JarURLConnection)
may not have openConnection() implemented. It will also hit the
problem, so convert the possbile exception from openConnection()
to re-throw it to IOException which is handled in the existing
code.
Bug: 219498290
Test: atest FrameworksNetTests CtsNetTestCases
Test: Test with malformed URL
Change-Id: I22903414380b62051f514e43b93af992f45740b4
| -rw-r--r-- | services/core/java/com/android/server/connectivity/PacProxyService.java | 19 |
1 files changed, 17 insertions, 2 deletions
diff --git a/services/core/java/com/android/server/connectivity/PacProxyService.java b/services/core/java/com/android/server/connectivity/PacProxyService.java index 3a97765246c1..2e90a3d86161 100644 --- a/services/core/java/com/android/server/connectivity/PacProxyService.java +++ b/services/core/java/com/android/server/connectivity/PacProxyService.java @@ -44,6 +44,7 @@ import android.os.SystemProperties; import android.os.UserHandle; import android.provider.Settings; import android.util.Log; +import android.webkit.URLUtil; import com.android.internal.annotations.GuardedBy; import com.android.internal.util.TrafficStatsConstants; @@ -232,8 +233,22 @@ public class PacProxyService extends IPacProxyManager.Stub { * @throws IOException if the URL is malformed, or the PAC file is too big. */ private static String get(Uri pacUri) throws IOException { - URL url = new URL(pacUri.toString()); - URLConnection urlConnection = url.openConnection(java.net.Proxy.NO_PROXY); + if (!URLUtil.isValidUrl(pacUri.toString())) { + throw new IOException("Malformed URL:" + pacUri); + } + + final URL url = new URL(pacUri.toString()); + URLConnection urlConnection; + try { + urlConnection = url.openConnection(java.net.Proxy.NO_PROXY); + // Catch the possible exceptions and rethrow as IOException to not to crash the system + // for illegal input. + } catch (IllegalArgumentException e) { + throw new IOException("Incorrect proxy type for " + pacUri); + } catch (UnsupportedOperationException e) { + throw new IOException("Unsupported URL connection type for " + pacUri); + } + long contentLength = -1; try { contentLength = Long.parseLong(urlConnection.getHeaderField("Content-Length")); |