From 254e53f796934aa873427b79f7cb41605006664f Mon Sep 17 00:00:00 2001
From: Raphael Kim <raphk@google.com>
Date: Mon, 18 Sep 2023 14:07:23 -0700
Subject: [CDM] Validate component name length before requesting notification
 access.

Bug: 295335110
Test: Test app with long component name
Change-Id: I7ea5d5c1f78858db9865f3310d1e0aff9c8b5579
Merged-In: I7ea5d5c1f78858db9865f3310d1e0aff9c8b5579
---
 .../com/android/server/companion/CompanionDeviceManagerService.java   | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/services/companion/java/com/android/server/companion/CompanionDeviceManagerService.java b/services/companion/java/com/android/server/companion/CompanionDeviceManagerService.java
index a94e4b9b492d..f5ce00cb31c9 100644
--- a/services/companion/java/com/android/server/companion/CompanionDeviceManagerService.java
+++ b/services/companion/java/com/android/server/companion/CompanionDeviceManagerService.java
@@ -132,6 +132,7 @@ public class CompanionDeviceManagerService extends SystemService {
             "debug.cdm.cdmservice.removal_time_window";
 
     private static final long ASSOCIATION_REMOVAL_TIME_WINDOW_DEFAULT = DAYS.toMillis(90);
+    private static final int MAX_CN_LENGTH = 500;
 
     private final ActivityManager mActivityManager;
     private final OnPackageVisibilityChangeListener mOnPackageVisibilityChangeListener;
@@ -621,6 +622,9 @@ public class CompanionDeviceManagerService extends SystemService {
             String callingPackage = component.getPackageName();
             checkCanCallNotificationApi(callingPackage);
             // TODO: check userId.
+            if (component.flattenToString().length() > MAX_CN_LENGTH) {
+                throw new IllegalArgumentException("Component name is too long.");
+            }
             final long identity = Binder.clearCallingIdentity();
             try {
                 return PendingIntent.getActivityAsUser(getContext(),
-- 
cgit v1.2.3-59-g8ed1b