backport security fix: avoid set NITZ time to 2038

author fionaxu <fionaxu@google.com>

Tue, 21 Jun 2016 02:11:57 +0000 (19:11 -0700)

committer fionaxu <fionaxu@google.com>

Tue, 21 Jun 2016 02:13:37 +0000 (19:13 -0700)
author fionaxu <fionaxu@google.com>
Tue, 21 Jun 2016 02:11:57 +0000 (19:11 -0700)
committer fionaxu <fionaxu@google.com>
Tue, 21 Jun 2016 02:13:37 +0000 (19:13 -0700)
diff --git a/src/java/com/android/internal/telephony/cdma/CdmaServiceStateTracker.java b/src/java/com/android/internal/telephony/cdma/CdmaServiceStateTracker.java

index e5225592b5ed501f4feb5738c9c0f90757ff2bbf..d09cbbdfbb5d65e645a8ba4af00f4cc771f9db52 100644 (file)
--- a/src/java/com/android/internal/telephony/cdma/CdmaServiceStateTracker.java
+++ b/src/java/com/android/internal/telephony/cdma/CdmaServiceStateTracker.java
@@ -91,6 +91,8 @@ public class CdmaServiceStateTracker extends ServiceStateTracker {
      private static final int NITZ_UPDATE_DIFF_DEFAULT = 2000;
      private int mNitzUpdateDiff = SystemProperties.getInt("ro.nitz_update_diff",
              NITZ_UPDATE_DIFF_DEFAULT);
+    /** Time stamp after 19 January 2038 is not supported under 32 bit */
+    private static final int MAX_NITZ_YEAR = 2037;
  
      private boolean mCdmaRoaming = false;
      private int mRoamingIndicator;
@@ -1324,6 +1326,10 @@ public class CdmaServiceStateTracker extends ServiceStateTracker {
              String[] nitzSubs = nitz.split("[/:,+-]");
  
              int year = 2000 + Integer.parseInt(nitzSubs[0]);
+            if (year > MAX_NITZ_YEAR) {
+              if (DBG) loge("NITZ year: " + year + " exceeds limit, skip NITZ time update");
+              return;
+            }
              c.set(Calendar.YEAR, year);
  
              // month is 0 based!
diff --git a/src/java/com/android/internal/telephony/gsm/GsmServiceStateTracker.java b/src/java/com/android/internal/telephony/gsm/GsmServiceStateTracker.java

index 24ec58602708a7acc114db91b1cb1f1d2d9ce09b..a64156948b3252d2b6abb6c2550188f7f50be427 100644 (file)
--- a/src/java/com/android/internal/telephony/gsm/GsmServiceStateTracker.java
+++ b/src/java/com/android/internal/telephony/gsm/GsmServiceStateTracker.java
@@ -127,6 +127,8 @@ final class GsmServiceStateTracker extends ServiceStateTracker {
  
      /** Boolean is true is setTimeFromNITZString was called */
      private boolean mNitzUpdatedTime = false;
+    /** Time stamp after 19 January 2038 is not supported under 32 bit */
+    private static final int MAX_NITZ_YEAR = 2037;
  
      String mSavedTimeZone;
      long mSavedTime;
@@ -1502,6 +1504,10 @@ final class GsmServiceStateTracker extends ServiceStateTracker {
              String[] nitzSubs = nitz.split("[/:,+-]");
  
              int year = 2000 + Integer.parseInt(nitzSubs[0]);
+            if (year > MAX_NITZ_YEAR) {
+              if (DBG) loge("NITZ year: " + year + " exceeds limit, skip NITZ time update");
+              return;
+            }
              c.set(Calendar.YEAR, year);
  
              // month is 0 based!
author	fionaxu <fionaxu@google.com>
	Tue, 21 Jun 2016 02:11:57 +0000 (19:11 -0700)
committer	fionaxu <fionaxu@google.com>
	Tue, 21 Jun 2016 02:13:37 +0000 (19:13 -0700)
src/java/com/android/internal/telephony/cdma/CdmaServiceStateTracker.java		patch \| blob \| history
src/java/com/android/internal/telephony/gsm/GsmServiceStateTracker.java		patch \| blob \| history