diff options
author | Paul Jensen <pauljensen@google.com> | 2016-04-15 10:41:13 -0400 |
---|---|---|
committer | The Android Automerger <android-build@google.com> | 2016-05-27 11:09:24 -0700 |
commit | 68584d383c6fa4ad82aac1bdfa3dbf1c26166efc (patch) | |
tree | 720e2bca88368ee0f41e81c674e8677f0ad5794c | |
parent | 830665ebc48f81b3b6276e7f79a12e68c0baba38 (diff) | |
download | base-68584d383c6fa4ad82aac1bdfa3dbf1c26166efc.tar.gz |
Don't pass URL path and username/password to PAC scripts
The URL path could contain credentials that apps don't want exposed
to a potentially malicious PAC script.
Bug: 27593919
Change-Id: I4bb0362fc91f70ad47c4c7453d77d6f9a1e8eeed
-rw-r--r-- | core/java/android/net/PacProxySelector.java | 9 |
1 files changed, 9 insertions, 0 deletions
diff --git a/core/java/android/net/PacProxySelector.java b/core/java/android/net/PacProxySelector.java index 9bdf4f6db8e6..85bf79ab3d69 100644 --- a/core/java/android/net/PacProxySelector.java +++ b/core/java/android/net/PacProxySelector.java @@ -30,6 +30,7 @@ import java.net.Proxy.Type; import java.net.ProxySelector; import java.net.SocketAddress; import java.net.URI; +import java.net.URISyntaxException; import java.util.List; /** @@ -67,7 +68,15 @@ public class PacProxySelector extends ProxySelector { String response = null; String urlString; try { + // Strip path and username/password from URI so it's not visible to PAC script. The + // path often contains credentials the app does not want exposed to a potentially + // malicious PAC script. + if (!"http".equalsIgnoreCase(uri.getScheme())) { + uri = new URI(uri.getScheme(), null, uri.getHost(), uri.getPort(), "/", null, null); + } urlString = uri.toURL().toString(); + } catch (URISyntaxException e) { + urlString = uri.getHost(); } catch (MalformedURLException e) { urlString = uri.getHost(); } |