diff options
| -rw-r--r-- | packages/services/PacProcessor/src/com/android/pacprocessor/PacService.java | 16 |
1 files changed, 15 insertions, 1 deletions
diff --git a/packages/services/PacProcessor/src/com/android/pacprocessor/PacService.java b/packages/services/PacProcessor/src/com/android/pacprocessor/PacService.java index 7e760251ac8a..c6b76f173ff3 100644 --- a/packages/services/PacProcessor/src/com/android/pacprocessor/PacService.java +++ b/packages/services/PacProcessor/src/com/android/pacprocessor/PacService.java @@ -25,6 +25,9 @@ import android.util.Log; import com.android.net.IProxyService; +import java.net.MalformedURLException; +import java.net.URL; + public class PacService extends Service { private static final String TAG = "PacService"; @@ -68,7 +71,18 @@ public class PacService extends Service { @Override public String resolvePacFile(String host, String url) throws RemoteException { - return mPacNative.makeProxyRequest(url, host); + try { + // Check for characters that could be used for an injection attack. + new URL(url); + for (char c : host.toCharArray()) { + if (!Character.isLetterOrDigit(c) && (c != '.') && (c != '-')) { + throw new RemoteException("Invalid host was passed"); + } + } + return mPacNative.makeProxyRequest(url, host); + } catch (MalformedURLException e) { + throw new RemoteException("Invalid URL was passed"); + } } @Override |