moparisthebest/k-9
1
0
Fork 0
mirror of https://github.com/moparisthebest/k-9 synced 2024-11-23 18:02:15 -05:00
Code Issues Releases Wiki Activity

fixed security issue -- account databases previously world-readable and accessible to any app if UUID is known.

Browse Source
This commit is contained in:
ashley willis 2012-04-22 19:39:35 -05:00
parent b5a57fe40c
commit ed4c74983e
1 changed files with 3 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
src/com/fsck/k9/mail/store/LockableDatabase.java
View File

@ -6,6 +6,7 @@ import java.util.concurrent.locks.ReadWriteLock;
import java.util.concurrent.locks.ReentrantReadWriteLock;
import android.app.Application;
import android.content.Context;
import android.database.sqlite.SQLiteDatabase;
import android.database.sqlite.SQLiteException;
import android.util.Log;
@ -370,12 +371,12 @@ public class LockableDatabase {
try {
final File databaseFile = prepareStorage(mStorageProviderId);
try {
mDb = SQLiteDatabase.openOrCreateDatabase(databaseFile, null);
mDb = application.openOrCreateDatabase(databaseFile.getPath(), Context.MODE_PRIVATE, null);
} catch (SQLiteException e) {
// try to gracefully handle DB corruption - see issue 2537
Log.w(K9.LOG_TAG, "Unable to open DB " + databaseFile + " - removing file and retrying", e);
databaseFile.delete();
mDb = SQLiteDatabase.openOrCreateDatabase(databaseFile, null);
mDb = application.openOrCreateDatabase(databaseFile.getPath(), Context.MODE_PRIVATE, null);
}
if (mDb.getVersion() != mSchemaDefinition.getVersion()) {
mSchemaDefinition.doDbUpgrade(mDb);