summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorPaul Jensen <pauljensen@google.com>2016-04-15 10:41:13 -0400
committerThe Android Automerger <android-build@google.com>2016-05-27 11:09:24 -0700
commit68584d383c6fa4ad82aac1bdfa3dbf1c26166efc (patch)
tree720e2bca88368ee0f41e81c674e8677f0ad5794c
parent830665ebc48f81b3b6276e7f79a12e68c0baba38 (diff)
downloadbase-68584d383c6fa4ad82aac1bdfa3dbf1c26166efc.tar.gz
Don't pass URL path and username/password to PAC scripts
The URL path could contain credentials that apps don't want exposed to a potentially malicious PAC script. Bug: 27593919 Change-Id: I4bb0362fc91f70ad47c4c7453d77d6f9a1e8eeed
Diffstat
-rw-r--r--core/java/android/net/PacProxySelector.java9
1 files changed, 9 insertions, 0 deletions
diff --git a/core/java/android/net/PacProxySelector.java b/core/java/android/net/PacProxySelector.java
index 9bdf4f6db8e6..85bf79ab3d69 100644
--- a/core/java/android/net/PacProxySelector.java
+++ b/core/java/android/net/PacProxySelector.java
@@ -30,6 +30,7 @@ import java.net.Proxy.Type;
import java.net.ProxySelector;
import java.net.SocketAddress;
import java.net.URI;
+import java.net.URISyntaxException;
import java.util.List;
/**
@@ -67,7 +68,15 @@ public class PacProxySelector extends ProxySelector {
String response = null;
String urlString;
try {
+ // Strip path and username/password from URI so it's not visible to PAC script. The
+ // path often contains credentials the app does not want exposed to a potentially
+ // malicious PAC script.
+ if (!"http".equalsIgnoreCase(uri.getScheme())) {
+ uri = new URI(uri.getScheme(), null, uri.getHost(), uri.getPort(), "/", null, null);
+ }
urlString = uri.toURL().toString();
+ } catch (URISyntaxException e) {
+ urlString = uri.getHost();
} catch (MalformedURLException e) {
urlString = uri.getHost();
}
generated by cgit v1.2.3 (git 2.25.1) at 2024-05-28 18:09:12 +0000