From 380a8f736de5cfd64c4e9f70024796fb790b4805 Mon Sep 17 00:00:00 2001 From: Raphael Kim Date: Mon, 18 Sep 2023 14:07:23 -0700 Subject: [CDM] Validate component name length before requesting notification access. Bug: 295335110 Test: Test app with long component name Change-Id: I7ea5d5c1f78858db9865f3310d1e0aff9c8b5579 Merged-In: I7ea5d5c1f78858db9865f3310d1e0aff9c8b5579 (cherry picked from commit 067a0e3e3fa9e2e545cc6a5f018b2b079a9db9fc) --- .../com/android/server/companion/CompanionDeviceManagerService.java | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/services/companion/java/com/android/server/companion/CompanionDeviceManagerService.java b/services/companion/java/com/android/server/companion/CompanionDeviceManagerService.java index 2511b50c2106..98614b6b8eb1 100644 --- a/services/companion/java/com/android/server/companion/CompanionDeviceManagerService.java +++ b/services/companion/java/com/android/server/companion/CompanionDeviceManagerService.java @@ -145,6 +145,7 @@ public class CompanionDeviceManagerService extends SystemService { "debug.cdm.cdmservice.removal_time_window"; private static final long ASSOCIATION_REMOVAL_TIME_WINDOW_DEFAULT = DAYS.toMillis(90); + private static final int MAX_CN_LENGTH = 500; private final ActivityManager mActivityManager; private final OnPackageVisibilityChangeListener mOnPackageVisibilityChangeListener; @@ -688,6 +689,9 @@ public class CompanionDeviceManagerService extends SystemService { String callingPackage = component.getPackageName(); checkCanCallNotificationApi(callingPackage); // TODO: check userId. + if (component.flattenToString().length() > MAX_CN_LENGTH) { + throw new IllegalArgumentException("Component name is too long."); + } final long identity = Binder.clearCallingIdentity(); try { return PendingIntent.getActivityAsUser(getContext(), -- cgit v1.2.3-59-g8ed1b