1 files changed, 17 insertions, 2 deletions

diff --git a/services/core/java/com/android/server/connectivity/PacProxyService.java b/services/core/java/com/android/server/connectivity/PacProxyService.java
index 3a97765246c1..2e90a3d86161 100644
--- a/services/core/java/com/android/server/connectivity/PacProxyService.java
+++ b/services/core/java/com/android/server/connectivity/PacProxyService.java
@@ -44,6 +44,7 @@ import android.os.SystemProperties;
 import android.os.UserHandle;
 import android.provider.Settings;
 import android.util.Log;
+import android.webkit.URLUtil;
 
 import com.android.internal.annotations.GuardedBy;
 import com.android.internal.util.TrafficStatsConstants;
@@ -232,8 +233,22 @@ public class PacProxyService extends IPacProxyManager.Stub {
      * @throws IOException if the URL is malformed, or the PAC file is too big.
      */
     private static String get(Uri pacUri) throws IOException {
-        URL url = new URL(pacUri.toString());
-        URLConnection urlConnection = url.openConnection(java.net.Proxy.NO_PROXY);
+        if (!URLUtil.isValidUrl(pacUri.toString()))  {
+            throw new IOException("Malformed URL:" + pacUri);
+        }
+
+        final URL url = new URL(pacUri.toString());
+        URLConnection urlConnection;
+        try {
+            urlConnection = url.openConnection(java.net.Proxy.NO_PROXY);
+            // Catch the possible exceptions and rethrow as IOException to not to crash the system
+            // for illegal input.
+        } catch (IllegalArgumentException e) {
+            throw new IOException("Incorrect proxy type for " + pacUri);
+        } catch (UnsupportedOperationException e) {
+            throw new IOException("Unsupported URL connection type for " + pacUri);
+        }
+
         long contentLength = -1;
         try {
             contentLength = Long.parseLong(urlConnection.getHeaderField("Content-Length"));