Ddos

[sergiomarotco]

file https://github.com/PSDev/LicensesDialog/blob/26dc021121b802b9a90999588e47a43bead882e5/licensesdialog/src/main/java/de/psdev/licensesdialog/licenses/License.java has strings: private String toString(final BufferedReader reader) throws IOException { final StringBuilder builder = new StringBuilder(); String line; while ((**line = reader.readLine()**) != null) { builder.append(line).append(LINE_SEPARATOR); } return builder.toString(); can be used to put big line and this will cause a denial of service. Recommendations: Implement a mechanism for validating user-entered data, which will not allow an attacker to abuse the provided application resources.

• Limit the maximum amount of resources allocated for processing one request

OWASP: Application Denial of Service

2. Most Robust way of reading a file or stream using Java (To prevent DoS attacks) — stackoverflow.com
3. How to Prevent Dos attack for BufferedReader readLine() method in Java? — stackoverflow.com
4. CWE-400: Uncontrolled Resource Consumption ('Resource Exhaustion')

[hameno]

There is no user entered data here

[sergiomarotco]

But reverser/hacker or virus on device can put some bad string

[hameno]

That's not really a likely scenario, also the severity is quite low as it would just affect this one screen. Also, since Android limits the memory usage of apps this will just cause an OOM and crash the app, nothing else. I don't see any need to put a limit there, as it could also cause not all of the license text to be loaded.