diff options
| author | 2016-08-11 18:15:29 +0000 | |
|---|---|---|
| committer | 2016-08-11 18:15:30 +0000 | |
| commit | df7bd91dfa47bb4dffd8edd0dba4cdd4a701d1af (patch) | |
| tree | eaa09e87747bafa1393c2776cb741cc3af33800d | |
| parent | df17644db7ac17df91447b41a6c4a4a27f41ac24 (diff) | |
| parent | dde12c69233e8553252c2e010bdfda6b91762ff9 (diff) | |
Merge "Fix vulnerability where large GPS XTRA data can be injected. -Can potentially crash system with OOM. Bug: 29555864" into klp-dev
| -rw-r--r-- | services/java/com/android/server/location/GpsXtraDownloader.java | 6 |
1 files changed, 4 insertions, 2 deletions
diff --git a/services/java/com/android/server/location/GpsXtraDownloader.java b/services/java/com/android/server/location/GpsXtraDownloader.java index e4200736fd8e..fdd9c491fd8f 100644 --- a/services/java/com/android/server/location/GpsXtraDownloader.java +++ b/services/java/com/android/server/location/GpsXtraDownloader.java @@ -44,6 +44,7 @@ public class GpsXtraDownloader { private static final String TAG = "GpsXtraDownloader"; static final boolean DEBUG = false; + private static final long MAXIMUM_CONTENT_LENGTH_BYTES = 1000000; // 1MB. private Context mContext; private String[] mXtraServers; @@ -138,8 +139,9 @@ public class GpsXtraDownloader { byte[] body = null; if (entity != null) { try { - if (entity.getContentLength() > 0) { - body = new byte[(int) entity.getContentLength()]; + long contentLength = entity.getContentLength(); + if (contentLength > 0 && contentLength <= MAXIMUM_CONTENT_LENGTH_BYTES) { + body = new byte[(int) contentLength]; DataInputStream dis = new DataInputStream(entity.getContent()); try { dis.readFully(body); |