9794d7e8216138adf143a3b6faf3d5683316a662 |
|
17-Aug-2016 |
Rohan Shah <shahrk@google.com> |
Limit account id and id to longs The security issue occurs because id is allowed to be an arbitrary path instead of being limited to what it is -- a long. Both id and account id are now parsed into longs (and if either fails, an error will be logged and null will be returned). Tested/verified error is logged using the reported attack. BUG=30745403 Change-Id: Ia21418545bbaeb96fb5ab6c3f4e71858e57b8684
/packages/apps/Email/provider_src/com/android/email/provider/AttachmentProvider.java
|