diff options
| author | Remi NGUYEN VAN <reminv@google.com> | 2020-06-02 00:24:12 +0000 |
|---|---|---|
| committer | Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com> | 2020-06-02 00:24:12 +0000 |
| commit | faa4cf07585f279dbba2f894bcc2affaa0e1ac04 (patch) | |
| tree | 0b43e51544129d5253079e324c75b9f38c0106ef /src | |
| parent | c71f9fcd2c50ac21ce23a717e274b9d8800ea668 (diff) | |
| parent | 6bed0e594128b129d8b4efc427dbed546e3e420f (diff) | |
Allow localhost HTTP URLs for the capport API am: 6bed0e5941
Original change: undetermined
Change-Id: Idb17f0bdd583cf0dc6a1e6dc006c27c10e31a496
Diffstat (limited to 'src')
| -rw-r--r-- | src/android/net/ip/IpClient.java | 20 | ||||
| -rwxr-xr-x | src/com/android/server/connectivity/NetworkMonitor.java | 7 |
2 files changed, 23 insertions, 4 deletions
diff --git a/src/android/net/ip/IpClient.java b/src/android/net/ip/IpClient.java index 4860ff3..018d6ab 100644 --- a/src/android/net/ip/IpClient.java +++ b/src/android/net/ip/IpClient.java @@ -64,7 +64,6 @@ import android.text.TextUtils; import android.util.LocalLog; import android.util.Log; import android.util.Pair; -import android.util.Patterns; import android.util.SparseArray; import androidx.annotation.NonNull; @@ -86,6 +85,8 @@ import com.android.server.NetworkStackService.NetworkStackServiceManager; import java.io.FileDescriptor; import java.io.PrintWriter; import java.net.InetAddress; +import java.net.MalformedURLException; +import java.net.URL; import java.nio.BufferUnderflowException; import java.nio.ByteBuffer; import java.util.ArrayList; @@ -1263,9 +1264,9 @@ public class IpClient extends StateMachine { } final String capportUrl = mDhcpResults.captivePortalApiUrl; - // Uri.parse does no syntax check; do a simple regex check to eliminate garbage. + // Uri.parse does no syntax check; do a simple check to eliminate garbage. // If the URL is still incorrect data fetching will fail later, which is fine. - if (capportUrl != null && Patterns.WEB_URL.matcher(capportUrl).matches()) { + if (isParseableUrl(capportUrl)) { NetworkInformationShimImpl.newInstance() .setCaptivePortalApiUrl(newLp, Uri.parse(capportUrl)); } @@ -1303,6 +1304,19 @@ public class IpClient extends StateMachine { return newLp; } + private static boolean isParseableUrl(String url) { + // Verify that a URL has a reasonable format that can be parsed as per the URL constructor. + // This does not use Patterns.WEB_URL as that pattern excludes URLs without TLDs, such as on + // localhost. + if (url == null) return false; + try { + new URL(url); + return true; + } catch (MalformedURLException e) { + return false; + } + } + private static void addAllReachableDnsServers( LinkProperties lp, Iterable<InetAddress> dnses) { // TODO: Investigate deleting this reachability check. We should be diff --git a/src/com/android/server/connectivity/NetworkMonitor.java b/src/com/android/server/connectivity/NetworkMonitor.java index 8a1b0c7..fc7f8c9 100755 --- a/src/com/android/server/connectivity/NetworkMonitor.java +++ b/src/com/android/server/connectivity/NetworkMonitor.java @@ -2548,7 +2548,12 @@ public class NetworkMonitor extends StateMachine { final String apiContent; try { final URL url = new URL(mCaptivePortalApiUrl.toString()); - if (!"https".equals(url.getProtocol())) { + // Protocol must be HTTPS + // (as per https://www.ietf.org/id/draft-ietf-capport-api-07.txt, #4). + // Only allow HTTP on localhost, for testing. + final boolean isLocalhostHttp = + "localhost".equals(url.getHost()) && "http".equals(url.getProtocol()); + if (!"https".equals(url.getProtocol()) && !isLocalhostHttp) { validationLog("Invalid captive portal API protocol: " + url.getProtocol()); return null; } |