Details
-
Bug
-
Status: Closed
-
Major
-
Resolution: Fixed
-
None
-
None
-
None
-
Android
Description
It can remote exploit Apache Cordova App's secondary configuration variables on Android.
The details are in the following links:
1.http://cordova.apache.org/announcements/2015/05/26/android-402.html
2.http://blog.trendmicro.com/trendlabs-security-intelligence/trend-micro-discovers-apache-vulnerability-that-allows-one-click-modification-of-android-apps/
However, the fix isn't complete. Using the following adb command, it can still crash the Cordova App.
>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
adb shell am start -n org.apache.mobilespec/.CordovaApp -es loadurltimeoutvalue "aaa"
>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
The reason is that in CordovaWebView.java's loadUrlIntoView(final String url, boolean recreatePlugins) mehtod, it try to get "loadurltimeoutvalue" value from Activity's intent and then be parsed int using the following code.
>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
final int loadUrlTimeoutValue = Integer.parseInt(this.getProperty("LoadUrlTimeoutValue", "20000"));
>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
However, if the value isn't a int type, such as "aaa", it will throw "java.lang.NumberFormatException", and crash the App.
The possible solution is to verify the value if it's a int type. If it's a valid int type value, we can use the value, or ignore the value and use the default.
Attachments
Issue Links
- links to
