summaryrefslogtreecommitdiff
path: root/api/api.go
diff options
context:
space:
mode:
author Tetiana Meronyk <tetianameronyk@google.com> 2023-08-24 16:27:30 +0000
committer Tetiana Meronyk <tetianameronyk@google.com> 2023-10-09 08:23:49 +0000
commite5e5d53c31615b23a7c20ec0b900b7a6d690222c (patch)
treed64f2dde1220fc9d2c701806a43cd3901b8c1602 /api/api.go
parent40a74a7b701fa5c6e7fa6bfbc4c1bb35ef701c40 (diff)
Truncate user data to a limit of 500 characters
Fix vulnerability that allows creating users with no restrictions. This is done by creating an intent to create a user and putting extras that are too long to be serialized. It causes IOException and the restrictions are not written in the file. By truncating the string values when writing them to the file, we ensure that the exception does not happen and it can be recorded correctly. Bug: 293602317 Test: install app provided in the bug, open app and click add. Check logcat to see there is no more IOException. Reboot the device by either opening User details page or running adb shell dumpsys user | grep -A12 heen and see that the restrictions are in place. Change-Id: I633dc10974a64ef2abd07e67ff2d209847129989 Merged-In: I633dc10974a64ef2abd07e67ff2d209847129989 (cherry picked from commit 59042a32c7e192d160c295ecb6477a09bb5da0bb)
Diffstat (limited to 'api/api.go')
0 files changed, 0 insertions, 0 deletions