当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2015-089905

漏洞标题:搜狗输入法拒绝服务之一

相关厂商:搜狗

漏洞作者: 路人甲

提交时间:2015-01-05 11:22

修复时间:2015-04-05 11:24

公开时间:2015-04-05 11:24

漏洞类型:拒绝服务

危害等级:中

自评Rank:10

漏洞状态:厂商已经确认

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:

漏洞详情

披露状态:

2015-01-05: 细节已通知厂商并且等待厂商处理中
2015-01-08: 厂商已经确认,细节仅向厂商公开
2015-01-11: 细节向第三方安全合作伙伴开放
2015-03-04: 细节向核心白帽子及相关领域专家公开
2015-03-14: 细节向普通白帽子公开
2015-03-24: 细节向实习白帽子公开
2015-04-05: 细节向公众公开

简要描述:

搜狗输入法intent处理不当

详细说明:

protected void onCreate(Bundle arg5) {
super.onCreate(arg5);
this.requestWindowFeature(7);
this.setContentView(2130903292);
this.getWindow().setFeatureInt(7, 2130903293);
this.a = this.findViewById(2131297500);
this.b = this.findViewById(2131296850);
this.a = this.findViewById(2131297501);
this.b = this.findViewById(2131297502);
this.a.setOnClickListener(((View$OnClickListener)this));
this.b.setOnClickListener(((View$OnClickListener)this));
Intent intent = this.getIntent();
String string = intent.getAction(); //可能为空
if(string.equals("android.intent.action.INSERT")) { //crash

漏洞证明:

静态检测报告 

VulnRepresent(CRASHVULN,$z0 = virtualinvoke $r7.<java.lang.String: boolean equals(java.lang.Object)>("android.intent.action.INSERT"),<com.sohu.inputmethod.settings.UserSymbolEdit: void onCreate(android.os.Bundle)>,,,NPE_CRASH,)


Trace:

D/ForceCloseExceptionHandler Stack Trace( 3591): java.lang.RuntimeException: Unable to start activity ComponentInfo{com.sohu.inputmethod.sogou/com.sohu.inputmethod.settings.UserSymbolEdit}: java.lang.NullPointerException
D/ForceCloseExceptionHandler Stack Trace( 3591): 	at android.app.ActivityThread.performLaunchActivity(ActivityThread.java:2377)
D/ForceCloseExceptionHandler Stack Trace( 3591): 	at android.app.ActivityThread.handleLaunchActivity(ActivityThread.java:2429)
D/ForceCloseExceptionHandler Stack Trace( 3591): 	at android.app.ActivityThread.access$600(ActivityThread.java:171)
D/ForceCloseExceptionHandler Stack Trace( 3591): 	at android.app.ActivityThread$H.handleMessage(ActivityThread.java:1393)
D/ForceCloseExceptionHandler Stack Trace( 3591): 	at android.os.Handler.dispatchMessage(Handler.java:107)
D/ForceCloseExceptionHandler Stack Trace( 3591): 	at android.os.Looper.loop(Looper.java:194)
D/ForceCloseExceptionHandler Stack Trace( 3591): 	at android.app.ActivityThread.main(ActivityThread.java:5468)
D/ForceCloseExceptionHandler Stack Trace( 3591): 	at java.lang.reflect.Method.invokeNative(Native Method)
D/ForceCloseExceptionHandler Stack Trace( 3591): 	at java.lang.reflect.Method.invoke(Method.java:525)
D/ForceCloseExceptionHandler Stack Trace( 3591): 	at com.android.internal.os.ZygoteInit$MethodAndArgsCaller.run(ZygoteInit.java:936)
D/ForceCloseExceptionHandler Stack Trace( 3591): 	at com.android.internal.os.ZygoteInit.main(ZygoteInit.java:703)
D/ForceCloseExceptionHandler Stack Trace( 3591): 	at dalvik.system.NativeStart.main(Native Method)
D/ForceCloseExceptionHandler Stack Trace( 3591): Caused by: java.lang.NullPointerException
D/ForceCloseExceptionHandler Stack Trace( 3591): 	at com.sohu.inputmethod.settings.UserSymbolEdit.onCreate(SogouSource:93)
D/ForceCloseExceptionHandler Stack Trace( 3591): 	at android.app.Activity.performCreate(Activity.java:5211)
D/ForceCloseExceptionHandler Stack Trace( 3591): 	at android.app.Instrumentation.callActivityOnCreate(Instrumentation.java:1151)
D/ForceCloseExceptionHandler Stack Trace( 3591): 	at android.app.ActivityThread.performLaunchActivity(ActivityThread.java:2341)
D/ForceCloseExceptionHandler Stack Trace( 3591): 	... 11 more
I/Process ( 3591): Sending signal. PID: 3591 SIG: 9


sgcrash1.jpg

修复方案:

空指针检查

版权声明:转载请注明来源 路人甲@乌云

漏洞回应

厂商回应:

危害等级:中

漏洞Rank:5

确认时间:2015-01-08 11:09

厂商回复:

感谢支持

最新状态:

暂无