commit | 83e87f6811d1730dc8431c4a026e4159e69ce246 | [log] [tgz] |
---|---|---|
author | Rohan Shah <shahrk@google.com> | Wed Aug 17 11:23:26 2016 -0700 |
committer | Liisa Anttonen <liisa.anttonen@nedevicesw.com> | Thu Dec 15 15:50:07 2016 +0200 |
tree | 88ecd44126aa5f231048de29df7a9e194785aef6 | |
parent | 5991b05956da92a267af8941e6ea7c886aeb46f3 [diff] |
Limit account id and id to longs The security issue occurs because id is allowed to be an arbitrary path instead of being limited to what it is -- a long. Both id and account id are now parsed into longs (and if either fails, an error will be logged and null will be returned). Tested/verified error is logged using the reported attack. BUG=30745403 Change-Id: Ia21418545bbaeb96fb5ab6c3f4e71858e57b8684 (cherry picked from commit 9794d7e8216138adf143a3b6faf3d5683316a662)