Fix vulnerability where large GPS XTRA data can be injected. -Can potentially crash system with OOM. Bug: 29555864 am: dde12c6923
am: 3462e52676
Change-Id: I45779f683b417fe2d3cd4f7702d07a9cd13bd6f0
diff --git a/services/core/java/com/android/server/location/GpsXtraDownloader.java b/services/core/java/com/android/server/location/GpsXtraDownloader.java
index e420073..fdd9c49 100644
--- a/services/core/java/com/android/server/location/GpsXtraDownloader.java
+++ b/services/core/java/com/android/server/location/GpsXtraDownloader.java
@@ -44,6 +44,7 @@
private static final String TAG = "GpsXtraDownloader";
static final boolean DEBUG = false;
+ private static final long MAXIMUM_CONTENT_LENGTH_BYTES = 1000000; // 1MB.
private Context mContext;
private String[] mXtraServers;
@@ -138,8 +139,9 @@
byte[] body = null;
if (entity != null) {
try {
- if (entity.getContentLength() > 0) {
- body = new byte[(int) entity.getContentLength()];
+ long contentLength = entity.getContentLength();
+ if (contentLength > 0 && contentLength <= MAXIMUM_CONTENT_LENGTH_BYTES) {
+ body = new byte[(int) contentLength];
DataInputStream dis = new DataInputStream(entity.getContent());
try {
dis.readFully(body);