git.osdn.net Git - android-x86/frameworks-base.git/commit

Adjust URI host parsing to stop on \ character.

The WHATWG URL parsing algorithm [1] used by browsers says that for
"special" URL schemes (which is basically all commonly-used
hierarchical schemes, including http, https, ftp, and file), the host
portion ends if a \ character is seen, whereas this class previously
continued to consider characters part of the hostname. This meant
that a malicious URL could be seen as having a "safe" host when viewed
by an app but navigate to a different host when passed to a browser.

[1] https://url.spec.whatwg.org/#host-state

Bug: 71360761
Test: vogar frameworks/base/core/tests/coretests/src/android/net/UriTest.java (on NYC branch)
Test: cts -m CtsNetTestCases (on NYC branch)
Change-Id: Id53f7054d1be8d59bbcc7e219159e59a2425106e
(cherry picked from commit fa3afbd0e7a9a0d8fc8c55ceefdb4ddf9d0115af)

author	Adam Vartanian <flooey@google.com>
	Wed, 31 Jan 2018 11:05:10 +0000 (11:05 +0000)
committer	android-build-team Robot <android-build-team-robot@google.com>
	Sat, 3 Feb 2018 00:11:08 +0000 (00:11 +0000)
commit	90c6d6e028359e9b0e7d10953cab13e8ad5cc651
tree	a0b843c95dca0667cd6c42afc76c3a95de2e49a0	tree \| snapshot
parent	826fec9d42112c73bee3dd0fd6c46653f6ce270e	commit \| diff

core/java/android/net/Uri.java		diff \| blob \| history
core/tests/coretests/src/android/net/UriTest.java		diff \| blob \| history