From bc0e469eaec53a48134c74a5e72f4158b7867e06 Mon Sep 17 00:00:00 2001
From: Marvin W <git@larma.de>
Date: Mon, 29 Apr 2024 11:03:03 +0200
Subject: [PATCH] Push: Do not allow app data to override service fields

---
 .../src/main/java/org/microg/gms/gcm/McsService.java         | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/play-services-core/src/main/java/org/microg/gms/gcm/McsService.java b/play-services-core/src/main/java/org/microg/gms/gcm/McsService.java
index 8ce16fa5be..58616adc5d 100644
--- a/play-services-core/src/main/java/org/microg/gms/gcm/McsService.java
+++ b/play-services-core/src/main/java/org/microg/gms/gcm/McsService.java
@@ -69,6 +69,7 @@
 import java.util.ArrayList;
 import java.util.Collections;
 import java.util.List;
+import java.util.Locale;
 import java.util.concurrent.atomic.AtomicInteger;
 
 import javax.net.ssl.SSLContext;
@@ -560,6 +561,10 @@ private void handleAppMessage(DataMessageStanza msg) {
             intent.addFlags(Intent.FLAG_EXCLUDE_STOPPED_PACKAGES);
         }
         for (AppData appData : msg.app_data) {
+            if (appData.key == null) continue;
+            String key = appData.key.toLowerCase(Locale.US);
+            // Some keys are exclusively set by the client and not the app.
+            if (key.equals(EXTRA_FROM) || (key.startsWith("google.") && !key.startsWith("google.c."))) continue;
             intent.putExtra(appData.key, appData.value_);
         }