diff options
| author | Paul Jensen <pauljensen@google.com> | 2016-04-15 10:41:13 -0400 |
|---|---|---|
| committer | The Android Automerger <android-build@google.com> | 2016-05-27 11:31:17 -0700 |
| commit | ec2fc50d202d975447211012997fe425496c849c (patch) | |
| tree | 30a12a2920d11be5da2575d9c25f713744926f86 /core | |
| parent | e83f0f6a5a6f35323f5367f99c8e287c440f33f5 (diff) | |
| download | frameworks_base-ec2fc50d202d975447211012997fe425496c849c.zip frameworks_base-ec2fc50d202d975447211012997fe425496c849c.tar.gz frameworks_base-ec2fc50d202d975447211012997fe425496c849c.tar.bz2 | |
Don't pass URL path and username/password to PAC scripts
The URL path could contain credentials that apps don't want exposed
to a potentially malicious PAC script.
Bug: 27593919
Change-Id: I4bb0362fc91f70ad47c4c7453d77d6f9a1e8eeed
Diffstat (limited to 'core')
| -rw-r--r-- | core/java/android/net/PacProxySelector.java | 9 |
1 files changed, 9 insertions, 0 deletions
diff --git a/core/java/android/net/PacProxySelector.java b/core/java/android/net/PacProxySelector.java index 9bdf4f6..85bf79a 100644 --- a/core/java/android/net/PacProxySelector.java +++ b/core/java/android/net/PacProxySelector.java @@ -30,6 +30,7 @@ import java.net.Proxy.Type; import java.net.ProxySelector; import java.net.SocketAddress; import java.net.URI; +import java.net.URISyntaxException; import java.util.List; /** @@ -67,7 +68,15 @@ public class PacProxySelector extends ProxySelector { String response = null; String urlString; try { + // Strip path and username/password from URI so it's not visible to PAC script. The + // path often contains credentials the app does not want exposed to a potentially + // malicious PAC script. + if (!"http".equalsIgnoreCase(uri.getScheme())) { + uri = new URI(uri.getScheme(), null, uri.getHost(), uri.getPort(), "/", null, null); + } urlString = uri.toURL().toString(); + } catch (URISyntaxException e) { + urlString = uri.getHost(); } catch (MalformedURLException e) { urlString = uri.getHost(); } |