From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 From: Raphael Kim Date: Mon, 18 Sep 2023 14:07:23 -0700 Subject: [PATCH] Validate component name length before requesting notification access. Bug: 295335110 Test: Test app with long component name (cherry picked from https://googleplex-android-review.googlesource.com/q/commit:447216ecbe5f22ea06379d9587dae530b1202fe8) Merged-In: I7ea5d5c1f78858db9865f3310d1e0aff9c8b5579 Change-Id: I7ea5d5c1f78858db9865f3310d1e0aff9c8b5579 --- .../server/companion/CompanionDeviceManagerService.java | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/services/companion/java/com/android/server/companion/CompanionDeviceManagerService.java b/services/companion/java/com/android/server/companion/CompanionDeviceManagerService.java index e39652d77b7a..087fe8560fc8 100644 --- a/services/companion/java/com/android/server/companion/CompanionDeviceManagerService.java +++ b/services/companion/java/com/android/server/companion/CompanionDeviceManagerService.java @@ -107,6 +107,8 @@ public class CompanionDeviceManagerService extends SystemService implements Bind private static final boolean DEBUG = false; private static final String LOG_TAG = "CompanionDeviceManagerService"; + private static final int MAX_CN_LENGTH = 500; + private static final String XML_TAG_ASSOCIATIONS = "associations"; private static final String XML_TAG_ASSOCIATION = "association"; private static final String XML_ATTR_PACKAGE = "package"; @@ -290,6 +292,9 @@ public class CompanionDeviceManagerService extends SystemService implements Bind String callingPackage = component.getPackageName(); checkCanCallNotificationApi(callingPackage); int userId = getCallingUserId(); + if (component.flattenToString().length() > MAX_CN_LENGTH) { + throw new IllegalArgumentException("Component name is too long."); + } final long identity = Binder.clearCallingIdentity(); try { return PendingIntent.getActivity(getContext(),