From 061c6803ab0d1695517dbe32a71497494f4b3c97 Mon Sep 17 00:00:00 2001
From: jxw <jiexiwen@huawei.com>
Date: Wed, 27 Aug 2025 11:17:53 +0000
Subject: [PATCH 1/5] update
 frameworks/native/netmanagernative/netsys_native_service_proxy.cpp.

Signed-off-by: jxw <jiexiwen@huawei.com>
---
 .../netmanagernative/netsys_native_service_proxy.cpp       | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/frameworks/native/netmanagernative/netsys_native_service_proxy.cpp b/frameworks/native/netmanagernative/netsys_native_service_proxy.cpp
index 2ba89ac67..21da65306 100644
--- a/frameworks/native/netmanagernative/netsys_native_service_proxy.cpp
+++ b/frameworks/native/netmanagernative/netsys_native_service_proxy.cpp
@@ -31,6 +31,8 @@ static constexpr uint32_t UIDS_LIST_MAX_SIZE = 1024;
 static constexpr int32_t MAX_DNS_CONFIG_SIZE = 7;
 static constexpr int32_t MAX_INTERFACE_CONFIG_SIZE = 16;
 static constexpr int32_t MAX_INTERFACE_SIZE = 65535;
+constexpr uint32_t MAX_ROUTE_TABLE_SIZE = 128;
+constexpr uint32_t MAX_CONFIG_LIST_SIZE = 1024;
 
 namespace {
 bool WriteNatDataToMessage(MessageParcel &data, const std::string &downstreamIface, const std::string &upstreamIface)
@@ -2510,7 +2512,7 @@ int32_t NetsysNativeServiceProxy::NetDiagGetRouteTable(std::list<NetDiagRouteTab
             NETNATIVE_LOGE("Read uint32 failed");
             return ERR_FLATTEN_OBJECT;
         }
-
+        size = (size > MAX_ROUTE_TABLE_SIZE) ? MAX_ROUTE_TABLE_SIZE : size;
         for (uint32_t i = 0; i < size; ++i) {
             NetDiagRouteTable routeTable;
             if (!NetDiagRouteTable::Unmarshalling(reply, routeTable)) {
@@ -2599,7 +2601,7 @@ int32_t NetsysNativeServiceProxy::NetDiagGetInterfaceConfig(std::list<NetDiagIfa
             NETNATIVE_LOGE("Read uint32 failed");
             return ERR_FLATTEN_OBJECT;
         }
-
+        size = (size > MAX_CONFIG_LIST_SIZE) ? MAX_CONFIG_LIST_SIZE : size;
         for (uint32_t i = 0; i < size; ++i) {
             NetDiagIfaceConfig ifaceConfig;
             if (!NetDiagIfaceConfig::Unmarshalling(reply, ifaceConfig)) {
@@ -3413,6 +3415,7 @@ int32_t NetsysNativeServiceProxy::NotifyNetBearerTypeChange(std::set<NetBearType
     }
 
     uint32_t size = static_cast<uint32_t>(bearerTypes.size());
+    size = (size > BEARER_DEFAULT) ? BEARER_DEFAULT : size;
     if (!data.WriteUint32(size)) {
         return ERR_FLATTEN_OBJECT;
     }
-- 
Gitee


From 02a5b1aa2ac5a3a0b27ce5f89628318744a119b7 Mon Sep 17 00:00:00 2001
From: jxw <jiexiwen@huawei.com>
Date: Wed, 27 Aug 2025 11:23:24 +0000
Subject: [PATCH 2/5] update
 frameworks/native/netpolicyclient/src/net_access_policy.cpp.

Signed-off-by: jxw <jiexiwen@huawei.com>
---
 .../native/netpolicyclient/src/net_access_policy.cpp      | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/frameworks/native/netpolicyclient/src/net_access_policy.cpp b/frameworks/native/netpolicyclient/src/net_access_policy.cpp
index d170def58..fea737f60 100644
--- a/frameworks/native/netpolicyclient/src/net_access_policy.cpp
+++ b/frameworks/native/netpolicyclient/src/net_access_policy.cpp
@@ -25,6 +25,7 @@
 
 namespace OHOS {
 namespace NetManagerStandard {
+constexpr int32_t MAX_UNMARSHALLING_SIZE = 65535;
 int32_t NetworkAccessPolicy::Marshalling(Parcel &parcel, AccessPolicySave& policies, bool flag)
 {
     if (flag) {
@@ -44,6 +45,9 @@ int32_t NetworkAccessPolicy::Marshalling(Parcel &parcel, AccessPolicySave& polic
             return NETMANAGER_ERR_WRITE_REPLY_FAIL;
         }
     } else {
+        if (policies.uid_policies.size() > MAX_UNMARSHALLING_SIZE) {
+            return NETMANAGER_ERR_WRITE_REPLY_FAIL;
+        }
         if (!parcel.WriteUint32(policies.uid_policies.size())) {
             return NETMANAGER_ERR_WRITE_REPLY_FAIL;
         }
@@ -95,7 +99,9 @@ int32_t NetworkAccessPolicy::Unmarshalling(Parcel &parcel, AccessPolicySave& pol
         if (!parcel.ReadUint32(size)) {
             return NETMANAGER_ERR_WRITE_REPLY_FAIL;
         }
-
+        if (size > MAX_UNMARSHALLING_SIZE) {
+            return NETMANAGER_ERR_WRITE_REPLY_FAIL;
+        }
         for (uint32_t i = 0; i < size; ++i) {
             NetworkAccessPolicy tmp_policy;
             uint32_t uid;
-- 
Gitee


From d733bd8d745c3c3c4bb2b8e95416e3d7ec02c242 Mon Sep 17 00:00:00 2001
From: jxw <jiexiwen@huawei.com>
Date: Wed, 27 Aug 2025 11:24:39 +0000
Subject: [PATCH 3/5] update
 services/netconnmanager/src/net_http_proxy_tracker.cpp.

Signed-off-by: jxw <jiexiwen@huawei.com>
---
 services/netconnmanager/src/net_http_proxy_tracker.cpp | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/services/netconnmanager/src/net_http_proxy_tracker.cpp b/services/netconnmanager/src/net_http_proxy_tracker.cpp
index 4e890e192..741a241c3 100644
--- a/services/netconnmanager/src/net_http_proxy_tracker.cpp
+++ b/services/netconnmanager/src/net_http_proxy_tracker.cpp
@@ -102,7 +102,7 @@ bool NetHttpProxyTracker::WriteToSettingsData(HttpProxy &httpProxy, KeyUri keyUr
     auto dataShareHelperUtils = std::make_unique<NetDataShareHelperUtils>();
     int32_t ret = dataShareHelperUtils->Update(keyUri.hostUri_, KEY_GLOBAL_PROXY_HOST, host);
     if (ret != NETMANAGER_SUCCESS) {
-        NETMGR_LOG_E("Set host:%{public}s to datashare failed", host.c_str());
+        NETMGR_LOG_E("Set host to datashare failed");
         return false;
     }
 
-- 
Gitee


From 5e4ab960d6ccbc5f56f3a29a56270c0fa1f2983b Mon Sep 17 00:00:00 2001
From: jxw <jiexiwen@huawei.com>
Date: Wed, 27 Aug 2025 11:26:38 +0000
Subject: [PATCH 4/5] update
 services/netmanagernative/src/netsys_native_service_stub.cpp.

Signed-off-by: jxw <jiexiwen@huawei.com>
---
 services/netmanagernative/src/netsys_native_service_stub.cpp | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/services/netmanagernative/src/netsys_native_service_stub.cpp b/services/netmanagernative/src/netsys_native_service_stub.cpp
index fe4623d8e..611a1bd28 100644
--- a/services/netmanagernative/src/netsys_native_service_stub.cpp
+++ b/services/netmanagernative/src/netsys_native_service_stub.cpp
@@ -2325,7 +2325,7 @@ int32_t NetsysNativeServiceStub::CmdNotifyNetBearerTypeChange(MessageParcel &dat
     if (!data.ReadUint32(size)) {
         return ERR_FLATTEN_OBJECT;
     }
-
+    size = (size > DEARER_DEFAULT) ? DEARER_DEFAULT : size;
     for (uint32_t i = 0; i < size; i++) {
         if (!data.ReadUint32(value)) {
             return ERR_FLATTEN_OBJECT;
-- 
Gitee


From c5252aa96362aa0b78630c4c0b7859309bcdf8df Mon Sep 17 00:00:00 2001
From: jxw <jiexiwen@huawei.com>
Date: Wed, 27 Aug 2025 11:32:52 +0000
Subject: [PATCH 5/5] update
 services/netmanagernative/src/netsys_native_service_stub.cpp.

Signed-off-by: jxw <jiexiwen@huawei.com>
---
 services/netmanagernative/src/netsys_native_service_stub.cpp | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/services/netmanagernative/src/netsys_native_service_stub.cpp b/services/netmanagernative/src/netsys_native_service_stub.cpp
index 611a1bd28..75674b88e 100644
--- a/services/netmanagernative/src/netsys_native_service_stub.cpp
+++ b/services/netmanagernative/src/netsys_native_service_stub.cpp
@@ -2325,7 +2325,7 @@ int32_t NetsysNativeServiceStub::CmdNotifyNetBearerTypeChange(MessageParcel &dat
     if (!data.ReadUint32(size)) {
         return ERR_FLATTEN_OBJECT;
     }
-    size = (size > DEARER_DEFAULT) ? DEARER_DEFAULT : size;
+    size = (size > BEARER_DEFAULT) ? BEARER_DEFAULT : size;
     for (uint32_t i = 0; i < size; i++) {
         if (!data.ReadUint32(value)) {
             return ERR_FLATTEN_OBJECT;
-- 
Gitee