cordova-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "ASF GitHub Bot (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (CB-9135) Crash Apache Cordova App on Android using secondary configuration variable "loadurltimeoutvalue"
Date Tue, 09 Jun 2015 09:19:02 GMT

    [ https://issues.apache.org/jira/browse/CB-9135?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14578622#comment-14578622
] 

ASF GitHub Bot commented on CB-9135:
------------------------------------

GitHub user NoLongerLazyDhl opened a pull request:

    https://github.com/apache/cordova-android/pull/181

    CB-9135 fix the vulnerability bug

    This is fixed in 4.0.x, but not in 3.7.x. The property "LoadUrlTimeoutValue" still gets
its value from intent not from configuration file. This commit will fix this bug.  

You can merge this pull request into a Git repository by running:

    $ git pull https://github.com/NoLongerLazyDhl/cordova-android 3.7.x

Alternatively you can review and apply these changes as the patch at:

    https://github.com/apache/cordova-android/pull/181.patch

To close this pull request, make a commit to your master/trunk branch
with (at least) the following in the commit message:

    This closes #181
    
----
commit 1b79f37951d959d1db2e24ba2d4513a608d034f1
Author: caoyr <caoyr@cn.fujitsu.com>
Date:   2015-06-09T09:07:56Z

    CB-9135 fix the vulnerability bug

----


> Crash Apache Cordova App on Android using secondary configuration variable "loadurltimeoutvalue"
> ------------------------------------------------------------------------------------------------
>
>                 Key: CB-9135
>                 URL: https://issues.apache.org/jira/browse/CB-9135
>             Project: Apache Cordova
>          Issue Type: Bug
>          Components: Android, CordovaLib, mobile-spec
>         Environment: Android
>            Reporter: xianghui
>
> It can remote exploit Apache Cordova App's secondary configuration variables on Android.
> The details are in the following links:
> 1.http://cordova.apache.org/announcements/2015/05/26/android-402.html
> 2.http://blog.trendmicro.com/trendlabs-security-intelligence/trend-micro-discovers-apache-vulnerability-that-allows-one-click-modification-of-android-apps/
> However, the fix isn't complete. Using the following adb command, it can still crash
the Cordova App.
> >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
> adb shell am start -n org.apache.mobilespec/.CordovaApp -es loadurltimeoutvalue "aaa"
> >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
> The reason is that in CordovaWebView.java's loadUrlIntoView(final String url, boolean
recreatePlugins) mehtod, it try to get "loadurltimeoutvalue" value from Activity's intent
and then be parsed int using the following code.
> >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
> final int loadUrlTimeoutValue = Integer.parseInt(this.getProperty("LoadUrlTimeoutValue",
"20000"));
> >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
> However, if the value isn't a int type, such as "aaa", it will throw "java.lang.NumberFormatException",
and crash the App.
> The possible solution is to verify the value if it's a int type. If it's a valid int
type value, we can use the value, or ignore the value and use the default.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscribe@cordova.apache.org
For additional commands, e-mail: issues-help@cordova.apache.org


Mime
View raw message