mirror of
https://github.com/bitwarden/android.git
synced 2024-12-24 18:08:26 +03:00
Fix Unsafe deserialization of Parcel data Intent (#1691)
* Fix crash produced by unsafe deserialization of Parcel data passed on the intent * Fix crash produced by unsafe deserialization of Parcel data passed on the intent on other activities and renamed intent extension method
This commit is contained in:
parent
705b8ac12b
commit
04c7409418
5 changed files with 39 additions and 1 deletions
|
@ -6,6 +6,7 @@ using Android.Views;
|
|||
using System;
|
||||
using Bit.Core.Abstractions;
|
||||
using Bit.Core.Utilities;
|
||||
using Bit.Droid.Utilities;
|
||||
|
||||
namespace Bit.Droid.Accessibility
|
||||
{
|
||||
|
@ -17,6 +18,7 @@ namespace Bit.Droid.Accessibility
|
|||
|
||||
protected override void OnCreate(Bundle bundle)
|
||||
{
|
||||
Intent?.Validate();
|
||||
base.OnCreate(bundle);
|
||||
HandleIntent(Intent, 932473);
|
||||
}
|
||||
|
|
|
@ -150,6 +150,7 @@
|
|||
<Compile Include="WebAuthCallbackActivity.cs" />
|
||||
<Compile Include="Renderers\SelectableLabelRenderer.cs" />
|
||||
<Compile Include="Services\ClipboardService.cs" />
|
||||
<Compile Include="Utilities\IntentExtensions.cs" />
|
||||
</ItemGroup>
|
||||
<ItemGroup>
|
||||
<AndroidAsset Include="Assets\FontAwesome.ttf" />
|
||||
|
|
|
@ -19,6 +19,7 @@ using System.Threading.Tasks;
|
|||
using AndroidX.Core.Content;
|
||||
using Bit.App.Utilities;
|
||||
using ZXing.Net.Mobile.Android;
|
||||
using Android.Util;
|
||||
|
||||
namespace Bit.Droid
|
||||
{
|
||||
|
@ -60,6 +61,9 @@ namespace Bit.Droid
|
|||
TabLayoutResource = Resource.Layout.Tabbar;
|
||||
ToolbarResource = Resource.Layout.Toolbar;
|
||||
|
||||
// this needs to be called here before base.OnCreate(...)
|
||||
Intent?.Validate();
|
||||
|
||||
base.OnCreate(savedInstanceState);
|
||||
if (!CoreHelpers.InDebugMode())
|
||||
{
|
||||
|
|
22
src/Android/Utilities/IntentExtensions.cs
Normal file
22
src/Android/Utilities/IntentExtensions.cs
Normal file
|
@ -0,0 +1,22 @@
|
|||
using Android.Content;
|
||||
using Android.OS;
|
||||
|
||||
namespace Bit.Droid.Utilities
|
||||
{
|
||||
public static class IntentExtensions
|
||||
{
|
||||
public static void Validate(this Intent intent)
|
||||
{
|
||||
try
|
||||
{
|
||||
// Check if getting the bundle of the extras causes any exception when unparcelling
|
||||
// Note: getting the bundle like this will cause to call unparcel() internally
|
||||
var b = intent?.Extras?.GetBundle("trashstringwhichhasnousebuttocheckunparcel");
|
||||
}
|
||||
catch (BadParcelableException)
|
||||
{
|
||||
intent.ReplaceExtras((Bundle)null);
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
|
@ -1,5 +1,7 @@
|
|||
using Android.App;
|
||||
using Android.Content.PM;
|
||||
using Android.OS;
|
||||
using Bit.Droid.Utilities;
|
||||
|
||||
namespace Bit.Droid
|
||||
{
|
||||
|
@ -9,5 +11,12 @@ namespace Bit.Droid
|
|||
[IntentFilter(new[] { Android.Content.Intent.ActionView },
|
||||
Categories = new[] { Android.Content.Intent.CategoryDefault, Android.Content.Intent.CategoryBrowsable },
|
||||
DataScheme = "bitwarden")]
|
||||
public class WebAuthCallbackActivity : Xamarin.Essentials.WebAuthenticatorCallbackActivity { }
|
||||
public class WebAuthCallbackActivity : Xamarin.Essentials.WebAuthenticatorCallbackActivity
|
||||
{
|
||||
protected override void OnCreate(Bundle savedInstanceState)
|
||||
{
|
||||
Intent?.Validate();
|
||||
base.OnCreate(savedInstanceState);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
Loading…
Reference in a new issue