DivestOS/Patches/LineageOS-17.1/android_frameworks_base/360956.patch

From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: "Nate(Qiang) Jiang" <qiangjiang@google.com>
Date: Thu, 13 Apr 2023 21:20:37 +0000
Subject: [PATCH] DO NOT MERGE: Add size check on PPS#policy

Bug: 275340417
Test: atest android.net.wifi
(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:d1afd2c47d086e0365bf6814a9f47555c294769f)
Merged-In: I6e6128b7ed5327da8dbc9186a82bef0f2e4197bb
Change-Id: I6e6128b7ed5327da8dbc9186a82bef0f2e4197bb
---
 .../android/net/wifi/hotspot2/pps/Policy.java | 28 ++++++++++++++++---
 1 file changed, 24 insertions(+), 4 deletions(-)

diff --git a/wifi/java/android/net/wifi/hotspot2/pps/Policy.java b/wifi/java/android/net/wifi/hotspot2/pps/Policy.java
index b0a2cc397c53..4bdacebda060 100644
--- a/wifi/java/android/net/wifi/hotspot2/pps/Policy.java
+++ b/wifi/java/android/net/wifi/hotspot2/pps/Policy.java
@@ -16,6 +16,9 @@
 
 package android.net.wifi.hotspot2.pps;
 
+import static android.net.wifi.hotspot2.PasspointConfiguration.MAX_NUMBER_OF_ENTRIES;
+import static android.net.wifi.hotspot2.PasspointConfiguration.MAX_STRING_LENGTH;
+
 import android.os.Parcel;
 import android.os.Parcelable;
 import android.text.TextUtils;
@@ -269,11 +272,19 @@ public final class Policy implements Parcelable {
          */
         public boolean validate() {
             if (TextUtils.isEmpty(mFqdn)) {
-                Log.d(TAG, "Missing FQDN");
+                Log.e(TAG, "Missing FQDN");
+                return false;
+            }
+            if (mFqdn.getBytes(StandardCharsets.UTF_8).length > MAX_STRING_LENGTH) {
+                Log.e(TAG, "FQDN is too long");
                 return false;
             }
             if (TextUtils.isEmpty(mCountries)) {
-                Log.d(TAG, "Missing countries");
+                Log.e(TAG, "Missing countries");
+                return false;
+            }
+            if (mCountries.getBytes(StandardCharsets.UTF_8).length > MAX_STRING_LENGTH) {
+                Log.e(TAG, "country is too long");
                 return false;
             }
             return true;
@@ -449,7 +460,7 @@ public final class Policy implements Parcelable {
             }
             for (String ssid : mExcludedSsidList) {
                 if (ssid.getBytes(StandardCharsets.UTF_8).length > MAX_SSID_BYTES) {
-                    Log.d(TAG, "Invalid SSID: " + ssid);
+                    Log.e(TAG, "Invalid SSID: " + ssid);
                     return false;
                 }
             }
@@ -457,15 +468,24 @@ public final class Policy implements Parcelable {
         // Validate required protocol to port map.
         if (mRequiredProtoPortMap != null) {
             for (Map.Entry<Integer, String> entry : mRequiredProtoPortMap.entrySet()) {
+                int protocol = entry.getKey();
+                if (protocol < 0 || protocol > 255) {
+                    Log.e(TAG, "Invalid IP protocol: " + protocol);
+                    return false;
+                }
                 String portNumber = entry.getValue();
                 if (portNumber.getBytes(StandardCharsets.UTF_8).length > MAX_PORT_STRING_BYTES) {
-                    Log.d(TAG, "PortNumber string bytes exceeded the max: " + portNumber);
+                    Log.e(TAG, "PortNumber string bytes exceeded the max: " + portNumber);
                     return false;
                 }
             }
         }
         // Validate preferred roaming partner list.
         if (mPreferredRoamingPartnerList != null) {
+            if (mPreferredRoamingPartnerList.size() > MAX_NUMBER_OF_ENTRIES) {
+                Log.e(TAG, "Number of the Preferred Roaming Partner exceed the limit");
+                return false;
+            }
             for (RoamingPartner partner : mPreferredRoamingPartnerList) {
                 if (!partner.validate()) {
                     return false;