Return-Path: X-Original-To: apmail-cordova-issues-archive@minotaur.apache.org Delivered-To: apmail-cordova-issues-archive@minotaur.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id CC8D317C5B for ; Wed, 10 Jun 2015 16:00:04 +0000 (UTC) Received: (qmail 29611 invoked by uid 500); 10 Jun 2015 16:00:04 -0000 Delivered-To: apmail-cordova-issues-archive@cordova.apache.org Received: (qmail 29586 invoked by uid 500); 10 Jun 2015 16:00:04 -0000 Mailing-List: contact issues-help@cordova.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Delivered-To: mailing list issues@cordova.apache.org Received: (qmail 29573 invoked by uid 99); 10 Jun 2015 16:00:04 -0000 Received: from arcas.apache.org (HELO arcas.apache.org) (140.211.11.28) by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 10 Jun 2015 16:00:04 +0000 Date: Wed, 10 Jun 2015 16:00:04 +0000 (UTC) From: "Joe Bowser (JIRA)" To: issues@cordova.apache.org Message-ID: In-Reply-To: References: Subject: [jira] [Closed] (CB-9135) Crash Apache Cordova App on Android using secondary configuration variable "loadurltimeoutvalue" MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit X-JIRA-FingerPrint: 30527f35849b9dde25b450d4833f0394 [ https://issues.apache.org/jira/browse/CB-9135?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Joe Bowser closed CB-9135. -------------------------- Resolution: Fixed > Crash Apache Cordova App on Android using secondary configuration variable "loadurltimeoutvalue" > ------------------------------------------------------------------------------------------------ > > Key: CB-9135 > URL: https://issues.apache.org/jira/browse/CB-9135 > Project: Apache Cordova > Issue Type: Bug > Components: Android, CordovaLib, mobile-spec > Environment: Android > Reporter: xianghui > > It can remote exploit Apache Cordova App's secondary configuration variables on Android. > The details are in the following links: > 1.http://cordova.apache.org/announcements/2015/05/26/android-402.html > 2.http://blog.trendmicro.com/trendlabs-security-intelligence/trend-micro-discovers-apache-vulnerability-that-allows-one-click-modification-of-android-apps/ > However, the fix isn't complete. Using the following adb command, it can still crash the Cordova App. > >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> > adb shell am start -n org.apache.mobilespec/.CordovaApp -es loadurltimeoutvalue "aaa" > >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> > The reason is that in CordovaWebView.java's loadUrlIntoView(final String url, boolean recreatePlugins) mehtod, it try to get "loadurltimeoutvalue" value from Activity's intent and then be parsed int using the following code. > >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> > final int loadUrlTimeoutValue = Integer.parseInt(this.getProperty("LoadUrlTimeoutValue", "20000")); > >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> > However, if the value isn't a int type, such as "aaa", it will throw "java.lang.NumberFormatException", and crash the App. > The possible solution is to verify the value if it's a int type. If it's a valid int type value, we can use the value, or ignore the value and use the default. -- This message was sent by Atlassian JIRA (v6.3.4#6332) --------------------------------------------------------------------- To unsubscribe, e-mail: issues-unsubscribe@cordova.apache.org For additional commands, e-mail: issues-help@cordova.apache.org