Gitiles
Code Review Sign In
review.blissroms.org / platform_hardware_interfaces / d468101f149e30bc4ec5105555973d4ed8b4e009
commitd468101f149e30bc4ec5105555973d4ed8b4e009[log] [tgz]
authorEdwin Wong <edwinwong@google.com>Tue Feb 02 10:04:02 2021 -0800
committerEdwin Wong <edwinwong@google.com>Tue Feb 02 23:48:11 2021 -0800
tree675788b10987a0874fe2c0ba13c49742c60fbff6
parent072cdf233c02d1dc3eb8b2e20498675aea70c21d [diff]
[RESTRICT AUTOMERGE] Fix potential decrypt destPtr overflow.

There is a potential integer overflow to bypass the
destination base size check in decrypt. The destPtr
can then point to the outside of the destination buffer.

Test: sts-tradefed
  sts-tradefed run sts-engbuild-no-spl-lock -m StsHostTestCases --test android.security.sts.Bug_176444622#testPocBug_176444622

Test: push to device with target_hwasan-userdebug build
  adb shell /data/local/tmp/Bug-17644462264

Bug: 176444622
Bug: 176496353
Change-Id: I75ae057793a4ff4e4f52a8577bef189ad842fb0e
1 file changed
tree: 675788b10987a0874fe2c0ba13c49742c60fbff6
  1. audio/
  2. automotive/
  3. biometrics/
  4. bluetooth/
  5. boot/
  6. broadcastradio/
  7. camera/
  8. cas/
  9. configstore/
  10. contexthub/
  11. drm/
  12. dumpstate/
  13. gatekeeper/
  14. gnss/
  15. graphics/
  16. health/
  17. ir/
  18. keymaster/
  19. light/
  20. media/
  21. memtrack/
  22. minijail/
  23. neuralnetworks/
  24. nfc/
  25. oemlock/
  26. power/
  27. radio/
  28. renderscript/
  29. sensors/
  30. soundtrigger/
  31. tests/
  32. tetheroffload/
  33. thermal/
  34. tv/
  35. usb/
  36. vibrator/
  37. vr/
  38. weaver/
  39. wifi/
  40. .clang-format
  41. Android.bp
  42. CleanSpec.mk
  43. compatibility_matrix.26.xml
  44. compatibility_matrix.27.xml
  45. compatibility_matrix.current.xml
  46. compatibility_matrix.legacy.xml
  47. current.txt
  48. MODULE_LICENSE_APACHE2
  49. NOTICE
  50. OWNERS
  51. PREUPLOAD.cfg
  52. update-base-files.sh
  53. update-makefiles.sh