diff options
Diffstat (limited to 'src/android/net/ip/IpClient.java')
| -rw-r--r-- | src/android/net/ip/IpClient.java | 20 |
1 files changed, 17 insertions, 3 deletions
diff --git a/src/android/net/ip/IpClient.java b/src/android/net/ip/IpClient.java index 4860ff3..018d6ab 100644 --- a/src/android/net/ip/IpClient.java +++ b/src/android/net/ip/IpClient.java @@ -64,7 +64,6 @@ import android.text.TextUtils; import android.util.LocalLog; import android.util.Log; import android.util.Pair; -import android.util.Patterns; import android.util.SparseArray; import androidx.annotation.NonNull; @@ -86,6 +85,8 @@ import com.android.server.NetworkStackService.NetworkStackServiceManager; import java.io.FileDescriptor; import java.io.PrintWriter; import java.net.InetAddress; +import java.net.MalformedURLException; +import java.net.URL; import java.nio.BufferUnderflowException; import java.nio.ByteBuffer; import java.util.ArrayList; @@ -1263,9 +1264,9 @@ public class IpClient extends StateMachine { } final String capportUrl = mDhcpResults.captivePortalApiUrl; - // Uri.parse does no syntax check; do a simple regex check to eliminate garbage. + // Uri.parse does no syntax check; do a simple check to eliminate garbage. // If the URL is still incorrect data fetching will fail later, which is fine. - if (capportUrl != null && Patterns.WEB_URL.matcher(capportUrl).matches()) { + if (isParseableUrl(capportUrl)) { NetworkInformationShimImpl.newInstance() .setCaptivePortalApiUrl(newLp, Uri.parse(capportUrl)); } @@ -1303,6 +1304,19 @@ public class IpClient extends StateMachine { return newLp; } + private static boolean isParseableUrl(String url) { + // Verify that a URL has a reasonable format that can be parsed as per the URL constructor. + // This does not use Patterns.WEB_URL as that pattern excludes URLs without TLDs, such as on + // localhost. + if (url == null) return false; + try { + new URL(url); + return true; + } catch (MalformedURLException e) { + return false; + } + } + private static void addAllReachableDnsServers( LinkProperties lp, Iterable<InetAddress> dnses) { // TODO: Investigate deleting this reachability check. We should be |