Push: Do not allow app data to override service fields

microg · Apr 29, 2024 · cf65b1a · cf65b1a
1 parent 834736f
commit cf65b1a
Showing 1 changed file with 5 additions and 0 deletions.
diff --git a/play-services-core/src/main/java/org/microg/gms/gcm/McsService.java b/play-services-core/src/main/java/org/microg/gms/gcm/McsService.java
@@ -69,6 +69,7 @@
 import java.util.ArrayList;
 import java.util.Collections;
 import java.util.List;
+import java.util.Locale;
 import java.util.concurrent.atomic.AtomicInteger;
 
 import javax.net.ssl.SSLContext;
@@ -562,6 +563,10 @@ private void handleAppMessage(DataMessageStanza msg) {
             intent.addFlags(Intent.FLAG_EXCLUDE_STOPPED_PACKAGES);
         }
         for (AppData appData : msg.app_data) {
+            if (appData.key == null) continue;
+            String key = appData.key.toLowerCase(Locale.US);
+            // Some keys are exclusively set by the client and not the app.
+            if (key.equals(EXTRA_FROM) || (key.startsWith("google.") && !key.startsWith("google.c."))) continue;
             intent.putExtra(appData.key, appData.value_);
         }