From edb1e78ee3a38f947b9518be90dbc12c223d1380 Mon Sep 17 00:00:00 2001 From: Raphael Kim Date: Mon, 18 Sep 2023 14:07:23 -0700 Subject: [CDM] Validate component name length before requesting notification access. Bug: 295335110 Test: Test app with long component name Change-Id: I7ea5d5c1f78858db9865f3310d1e0aff9c8b5579 Merged-In: I7ea5d5c1f78858db9865f3310d1e0aff9c8b5579 --- .../com/android/server/companion/CompanionDeviceManagerService.java | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/services/companion/java/com/android/server/companion/CompanionDeviceManagerService.java b/services/companion/java/com/android/server/companion/CompanionDeviceManagerService.java index 595218207713..eccfe2ecb0b2 100644 --- a/services/companion/java/com/android/server/companion/CompanionDeviceManagerService.java +++ b/services/companion/java/com/android/server/companion/CompanionDeviceManagerService.java @@ -172,6 +172,7 @@ public class CompanionDeviceManagerService extends SystemService implements Bind private static final int ASSOCIATE_WITHOUT_PROMPT_MAX_PER_TIME_WINDOW = 5; private static final long ASSOCIATE_WITHOUT_PROMPT_WINDOW_MS = 60 * 60 * 1000; // 60 min; + private static final int MAX_CN_LENGTH = 500; private static final String XML_TAG_ASSOCIATIONS = "associations"; private static final String XML_TAG_ASSOCIATION = "association"; @@ -552,6 +553,9 @@ public class CompanionDeviceManagerService extends SystemService implements Bind String callingPackage = component.getPackageName(); checkCanCallNotificationApi(callingPackage); int userId = getCallingUserId(); + if (component.flattenToString().length() > MAX_CN_LENGTH) { + throw new IllegalArgumentException("Component name is too long."); + } final long identity = Binder.clearCallingIdentity(); try { return PendingIntent.getActivityAsUser(getContext(), -- cgit v1.2.3-59-g8ed1b