From 487c5de7795751fa7d7b439b6fab36d6ae2e5a8b Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Bal=C3=A1zs=20Gerlei?= <gerlotdev@gmail.com>
Date: Tue, 6 May 2025 07:59:40 +0200
Subject: [PATCH] Handle Exceptions during Intent parsing logic to avoid DoS
 attacks on Android

- Putting a custom Serializable class into an Intent sent to MainActivity of the Android app could cause a crash, which is easily avoidable with a try-catch
---
 .../kotlinconf/android/MainActivity.kt         | 18 +++++++++++-------
 1 file changed, 11 insertions(+), 7 deletions(-)

diff --git a/androidApp/src/androidMain/kotlin/org/jetbrains/kotlinconf/android/MainActivity.kt b/androidApp/src/androidMain/kotlin/org/jetbrains/kotlinconf/android/MainActivity.kt
index 245df32f5..3a0114094 100644
--- a/androidApp/src/androidMain/kotlin/org/jetbrains/kotlinconf/android/MainActivity.kt
+++ b/androidApp/src/androidMain/kotlin/org/jetbrains/kotlinconf/android/MainActivity.kt
@@ -68,14 +68,18 @@ class MainActivity : ComponentActivity() {
     private fun processIntent(intent: Intent?) {
         if (intent == null) return
 
-        val notificationId = intent.getStringExtra(EXTRA_LOCAL_NOTIFICATION_ID)
-        if (notificationId != null) {
-            // Local notification clicked
-            navigateByLocalNotificationId(notificationId)
+        try {
+            val notificationId = intent.getStringExtra(EXTRA_LOCAL_NOTIFICATION_ID)
+            if (notificationId != null) {
+                // Local notification clicked
+                navigateByLocalNotificationId(notificationId)
+                return
+            }
+
+            // Process push notifications
+            NotifierManager.onCreateOrOnNewIntent(intent)
+        } catch (e: Exception) {
             return
         }
-
-        // Process push notifications
-        NotifierManager.onCreateOrOnNewIntent(intent)
     }
 }