cordova-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From agri...@apache.org
Subject android commit: CB-7940 Disable exec bridge if bridgeSecret is wrong
Date Tue, 04 Nov 2014 21:00:35 GMT
Repository: cordova-android
Updated Branches:
  refs/heads/master fc63f66e8 -> 032ea8a8d


CB-7940 Disable exec bridge if bridgeSecret is wrong


Project: http://git-wip-us.apache.org/repos/asf/cordova-android/repo
Commit: http://git-wip-us.apache.org/repos/asf/cordova-android/commit/032ea8a8
Tree: http://git-wip-us.apache.org/repos/asf/cordova-android/tree/032ea8a8
Diff: http://git-wip-us.apache.org/repos/asf/cordova-android/diff/032ea8a8

Branch: refs/heads/master
Commit: 032ea8a8d386d8bcffc5de7fd3e4202478effb7d
Parents: fc63f66
Author: Andrew Grieve <agrieve@chromium.org>
Authored: Tue Nov 4 15:57:51 2014 -0500
Committer: Andrew Grieve <agrieve@chromium.org>
Committed: Tue Nov 4 15:57:51 2014 -0500

----------------------------------------------------------------------
 framework/src/org/apache/cordova/CordovaBridge.java | 2 ++
 1 file changed, 2 insertions(+)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/cordova-android/blob/032ea8a8/framework/src/org/apache/cordova/CordovaBridge.java
----------------------------------------------------------------------
diff --git a/framework/src/org/apache/cordova/CordovaBridge.java b/framework/src/org/apache/cordova/CordovaBridge.java
index f3e48b6..becbd52 100644
--- a/framework/src/org/apache/cordova/CordovaBridge.java
+++ b/framework/src/org/apache/cordova/CordovaBridge.java
@@ -99,6 +99,8 @@ public class CordovaBridge {
         }
         // Bridge secret wrong and bridge not due to it being from the previous page.
         if (expectedBridgeSecret < 0 || bridgeSecret != expectedBridgeSecret) {
+            Log.e(LOG_TAG, "Bridge access attempt with wrong secret token, possibly from
malicious code. Disabling exec() bridge!");
+            clearBridgeSecret();
             throw new IllegalAccessException();
         }
         return true;


---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@cordova.apache.org
For additional commands, e-mail: commits-help@cordova.apache.org


Mime
View raw message