From d39e72ed66baa3d560f333812d0da7afe9d2418b Mon Sep 17 00:00:00 2001 From: Zach Date: Thu, 5 Oct 2023 16:59:10 -0400 Subject: [PATCH] Protect readLine() against DoS --- app/build.gradle | 1 + .../module/hook/systemui/controlcenter/SunlightMode.java | 3 ++- .../main/java/com/sevtinge/cemiuiler/utils/BackupUtils.java | 5 +++-- .../main/java/com/sevtinge/cemiuiler/utils/LogcatHelper.java | 3 ++- .../main/java/com/sevtinge/cemiuiler/utils/ShellUtils.java | 5 +++-- 5 files changed, 11 insertions(+), 6 deletions(-) diff --git a/app/build.gradle b/app/build.gradle index 2aefc9888..a9d2899df 100644 --- a/app/build.gradle +++ b/app/build.gradle @@ -136,6 +136,7 @@ dependencies { implementation "com.google.accompanist:accompanist-systemuicontroller:0.32.0" implementation "org.lsposed.hiddenapibypass:hiddenapibypass:4.3" implementation "com.google.code.gson:gson:2.10.1" + implementation("io.github.pixee:java-security-toolkit:1.0.7") implementation roots.AndroidXCore implementation roots.AndroidXCollection diff --git a/app/src/main/java/com/sevtinge/cemiuiler/module/hook/systemui/controlcenter/SunlightMode.java b/app/src/main/java/com/sevtinge/cemiuiler/module/hook/systemui/controlcenter/SunlightMode.java index b0dd3062d..e8917b406 100644 --- a/app/src/main/java/com/sevtinge/cemiuiler/module/hook/systemui/controlcenter/SunlightMode.java +++ b/app/src/main/java/com/sevtinge/cemiuiler/module/hook/systemui/controlcenter/SunlightMode.java @@ -15,6 +15,7 @@ import com.sevtinge.cemiuiler.R; import com.sevtinge.cemiuiler.utils.ShellUtils; import com.sevtinge.cemiuiler.utils.TileUtils; +import io.github.pixee.security.BoundedLineReader; import java.io.BufferedReader; import java.io.BufferedWriter; @@ -277,7 +278,7 @@ public String readAndWrit(String writ, boolean need) { try { reader = new BufferedReader(new FileReader(path)); builder = new StringBuilder(); - while ((line = reader.readLine()) != null) { + while ((line = BoundedLineReader.readLine(reader, 5_000_000)) != null) { builder.append(line); } } catch (IOException e) { diff --git a/app/src/main/java/com/sevtinge/cemiuiler/utils/BackupUtils.java b/app/src/main/java/com/sevtinge/cemiuiler/utils/BackupUtils.java index 11e0fe9d6..130ab8cf0 100644 --- a/app/src/main/java/com/sevtinge/cemiuiler/utils/BackupUtils.java +++ b/app/src/main/java/com/sevtinge/cemiuiler/utils/BackupUtils.java @@ -7,6 +7,7 @@ import android.net.Uri; import androidx.annotation.Nullable; +import io.github.pixee.security.BoundedLineReader; import org.json.JSONException; import org.json.JSONObject; @@ -62,10 +63,10 @@ public static void handleReadDocument(Activity activity, @Nullable Uri data) thr InputStream inputStream = activity.getContentResolver().openInputStream(data); BufferedReader bufferedReader = new BufferedReader(new InputStreamReader(inputStream)); StringBuilder stringBuilder = new StringBuilder(); - String line = bufferedReader.readLine(); + String line = BoundedLineReader.readLine(bufferedReader, 5_000_000); while (line != null) { stringBuilder.append(line); - line = bufferedReader.readLine(); + line = BoundedLineReader.readLine(bufferedReader, 5_000_000); } String read = stringBuilder.toString(); JSONObject jsonObject = new JSONObject(read); diff --git a/app/src/main/java/com/sevtinge/cemiuiler/utils/LogcatHelper.java b/app/src/main/java/com/sevtinge/cemiuiler/utils/LogcatHelper.java index 33e1d0e78..ef4a3f4e7 100644 --- a/app/src/main/java/com/sevtinge/cemiuiler/utils/LogcatHelper.java +++ b/app/src/main/java/com/sevtinge/cemiuiler/utils/LogcatHelper.java @@ -3,6 +3,7 @@ import android.annotation.SuppressLint; import android.content.Context; import android.os.Environment; +import io.github.pixee.security.BoundedLineReader; import java.io.BufferedReader; import java.io.File; @@ -105,7 +106,7 @@ public void run() { logcatProc = Runtime.getRuntime().exec(cmds); mReader = new BufferedReader(new InputStreamReader(logcatProc.getInputStream()), 1024); String line = null; - while (mRunning && (line = mReader.readLine()) != null) { + while (mRunning && (line = BoundedLineReader.readLine(mReader, 5_000_000)) != null) { if (!mRunning) { break; } diff --git a/app/src/main/java/com/sevtinge/cemiuiler/utils/ShellUtils.java b/app/src/main/java/com/sevtinge/cemiuiler/utils/ShellUtils.java index c886bb5f4..79c0cc4ef 100644 --- a/app/src/main/java/com/sevtinge/cemiuiler/utils/ShellUtils.java +++ b/app/src/main/java/com/sevtinge/cemiuiler/utils/ShellUtils.java @@ -1,5 +1,6 @@ package com.sevtinge.cemiuiler.utils; +import io.github.pixee.security.BoundedLineReader; import java.io.BufferedReader; import java.io.DataOutputStream; import java.io.IOException; @@ -137,10 +138,10 @@ public static CommandResult execCommand(String[] commands, boolean isRoot, boole successResult = new BufferedReader(new InputStreamReader(process.getInputStream())); errorResult = new BufferedReader(new InputStreamReader(process.getErrorStream())); String s; - while ((s = successResult.readLine()) != null) { + while ((s = BoundedLineReader.readLine(successResult, 5_000_000)) != null) { successMsg.append(s); } - while ((s = errorResult.readLine()) != null) { + while ((s = BoundedLineReader.readLine(errorResult, 5_000_000)) != null) { errorMsg.append(s); } }