f64c5bdc98e826382b875f7e94c907a7f3bd1855 - fp2-dev/platform/libcore

commit	f64c5bdc98e826382b875f7e94c907a7f3bd1855	[log] [tgz]
author	Teow Wan Yee <wy.teow@hi-p.com>	Thu Oct 13 16:59:13 2016 +0800
committer	Teow Wan Yee <wy.teow@hi-p.com>	Thu Oct 13 16:59:13 2016 +0800
tree	7c33c825eda3842064edcd10ae0834a5d8b12813
parent	e5f9f5173d45b73132ec72de1610ddb1b8e759ff [diff]

FPII-2462: Remote code execution vulnerability in Android runtime CVE-2016-6703 A-30765246

Calling the 64-bit version of IDN.toASCII() function with a long domain name could result in
a stack overflow, which could lead to remote code execution.

The fix is designed to limit the size of the output array to 512 characters.

Change-Id: I855edd05e6db432584cda84ef5092e86f210348e

luni/src/main/native/libcore_icu_NativeIDN.cpp[diff]
luni/src/test/java/libcore/java/net/IDNTest.java[diff]

2 files changed

tree: 7c33c825eda3842064edcd10ae0834a5d8b12813

benchmarks/
dalvik/
dex/
dom/
expectations/
harmony-tests/
include/
json/
jsr166-tests/
libart/
luni/
support/
xml/
Android.mk
CaCerts.mk
CleanSpec.mk
Docs.mk
JavaLibrary.mk
NativeCode.mk
NOTICE
run-libcore-tests