From 04c7409418b6d0d80bb797e36cc34f58d7c43ac8 Mon Sep 17 00:00:00 2001 From: Federico Maccaroni Date: Wed, 15 Dec 2021 15:09:08 -0300 Subject: [PATCH] Fix Unsafe deserialization of Parcel data Intent (#1691) * Fix crash produced by unsafe deserialization of Parcel data passed on the intent * Fix crash produced by unsafe deserialization of Parcel data passed on the intent on other activities and renamed intent extension method --- .../Accessibility/AccessibilityActivity.cs | 2 ++ src/Android/Android.csproj | 1 + src/Android/MainActivity.cs | 4 ++++ src/Android/Utilities/IntentExtensions.cs | 22 +++++++++++++++++++ src/Android/WebAuthCallbackActivity.cs | 11 +++++++++- 5 files changed, 39 insertions(+), 1 deletion(-) create mode 100644 src/Android/Utilities/IntentExtensions.cs diff --git a/src/Android/Accessibility/AccessibilityActivity.cs b/src/Android/Accessibility/AccessibilityActivity.cs index 2be39b24f..e49180c01 100644 --- a/src/Android/Accessibility/AccessibilityActivity.cs +++ b/src/Android/Accessibility/AccessibilityActivity.cs @@ -6,6 +6,7 @@ using Android.Views; using System; using Bit.Core.Abstractions; using Bit.Core.Utilities; +using Bit.Droid.Utilities; namespace Bit.Droid.Accessibility { @@ -17,6 +18,7 @@ namespace Bit.Droid.Accessibility protected override void OnCreate(Bundle bundle) { + Intent?.Validate(); base.OnCreate(bundle); HandleIntent(Intent, 932473); } diff --git a/src/Android/Android.csproj b/src/Android/Android.csproj index 358ac775a..5112861b7 100644 --- a/src/Android/Android.csproj +++ b/src/Android/Android.csproj @@ -150,6 +150,7 @@ + diff --git a/src/Android/MainActivity.cs b/src/Android/MainActivity.cs index 459a3033c..b73e42dc2 100644 --- a/src/Android/MainActivity.cs +++ b/src/Android/MainActivity.cs @@ -19,6 +19,7 @@ using System.Threading.Tasks; using AndroidX.Core.Content; using Bit.App.Utilities; using ZXing.Net.Mobile.Android; +using Android.Util; namespace Bit.Droid { @@ -60,6 +61,9 @@ namespace Bit.Droid TabLayoutResource = Resource.Layout.Tabbar; ToolbarResource = Resource.Layout.Toolbar; + // this needs to be called here before base.OnCreate(...) + Intent?.Validate(); + base.OnCreate(savedInstanceState); if (!CoreHelpers.InDebugMode()) { diff --git a/src/Android/Utilities/IntentExtensions.cs b/src/Android/Utilities/IntentExtensions.cs new file mode 100644 index 000000000..fc6242821 --- /dev/null +++ b/src/Android/Utilities/IntentExtensions.cs @@ -0,0 +1,22 @@ +using Android.Content; +using Android.OS; + +namespace Bit.Droid.Utilities +{ + public static class IntentExtensions + { + public static void Validate(this Intent intent) + { + try + { + // Check if getting the bundle of the extras causes any exception when unparcelling + // Note: getting the bundle like this will cause to call unparcel() internally + var b = intent?.Extras?.GetBundle("trashstringwhichhasnousebuttocheckunparcel"); + } + catch (BadParcelableException) + { + intent.ReplaceExtras((Bundle)null); + } + } + } +} diff --git a/src/Android/WebAuthCallbackActivity.cs b/src/Android/WebAuthCallbackActivity.cs index 0d95fe460..771b818f3 100644 --- a/src/Android/WebAuthCallbackActivity.cs +++ b/src/Android/WebAuthCallbackActivity.cs @@ -1,5 +1,7 @@ using Android.App; using Android.Content.PM; +using Android.OS; +using Bit.Droid.Utilities; namespace Bit.Droid { @@ -9,5 +11,12 @@ namespace Bit.Droid [IntentFilter(new[] { Android.Content.Intent.ActionView }, Categories = new[] { Android.Content.Intent.CategoryDefault, Android.Content.Intent.CategoryBrowsable }, DataScheme = "bitwarden")] - public class WebAuthCallbackActivity : Xamarin.Essentials.WebAuthenticatorCallbackActivity { } + public class WebAuthCallbackActivity : Xamarin.Essentials.WebAuthenticatorCallbackActivity + { + protected override void OnCreate(Bundle savedInstanceState) + { + Intent?.Validate(); + base.OnCreate(savedInstanceState); + } + } }