Gitiles
Code Review Sign In
gerrit-public.fairphone.software / fp2-dev / platform / packages / apps / Email / refs/tags/FP2-open-16.10.0
commitc9edac5587059ea5d46bcef68c81d0add8ca4158[log] [tgz]
authorTeow Wan Yee <wy.teow@hi-p.com>Tue Sep 20 16:30:47 2016 +0800
committerJeron Susan <jeron.susan@hi-p.com>Fri Sep 23 09:36:49 2016 +0800
tree7b6496367f065df7bb6e593d6f207244271cb69c
parent60bd37dc11b65c9c8d5e8ee4680f2e83e168ef8b [diff]
FPII-2384 : Information disclosure vulnerability in AOSP Mail CVE-2016-3918 A-30745403

After an application is granted the com.android.email.permission.READ_ATTACHMENT permission,
it could gain access to any file the email app can access. This occurs because the ID is allowed
to be an arbitrary String path instead of being limited to a long type.
The fix is designed to set ID and account ID as long, and parsed as long values.

Change-Id: I50b70baea821246f64c72ba47536d74485974a8a
1 file changed
tree: 7b6496367f065df7bb6e593d6f207244271cb69c
  1. assets/
  2. emailcommon/
  3. provider_src/
  4. res/
  5. src/
  6. tests/
  7. .classpath
  8. .project
  9. Android.mk
  10. AndroidManifest.xml
  11. CleanSpec.mk
  12. MODULE_LICENSE_APACHE2
  13. NOTICE
  14. proguard-test.flags
  15. proguard.flags