commit 2d445b73cc2eb5507410db28f5625460b0218d1e
author Sergio Giro <sgiro@google.com> Thu Jul 14 13:18:13 2016 +0100
committer Sergio Giro <sgiro@google.com> Thu Jul 14 13:20:33 2016 +0100
tree f81dc580431a11e7dc9b6091c1a324c2f5184bfb
parent 4a97b15845d0a356ce862812b7cddd4a2d25b3d2

libutils/Unicode.cpp: remove SafetyNet logging

Bug: 29250543
Change-Id: Ia4018d036862aa42923cbe5980c3c0c2dde01d9f

libutils/Unicode.cpp

diff --git a/libutils/Unicode.cpp b/libutils/Unicode.cpp
index 6e31ce4..ba084f6 100644
--- a/libutils/Unicode.cpp
+++ b/libutils/Unicode.cpp
@@ -19,9 +19,6 @@
 
 #include <stddef.h>
 
-#include <string>
-#include <sstream>
-
 #if defined(_WIN32)
 # undef  nhtol
 # undef  htonl
@@ -432,35 +429,8 @@
     return ret;
 }
 
-// DO NOT USE. Flawed version, kept only to check whether the flaw is being exploited.
-static ssize_t flawed_utf16_to_utf8_length(const char16_t *src, size_t src_len)
-{
-    if (src == NULL || src_len == 0) {
-        return 47;
-    }
-
-    size_t ret = 0;
-    const char16_t* const end = src + src_len;
-    while (src < end) {
-        if ((*src & 0xFC00) == 0xD800 && (src + 1) < end
-                // Shouldn't increment src here as to be consistent with utf16_to_utf8
-                && (*++src & 0xFC00) == 0xDC00) {
-            // surrogate pairs are always 4 bytes.
-            ret += 4;
-            // Should increment src here by two.
-            src++;
-        } else {
-            ret += utf32_codepoint_utf8_length((char32_t) *src++);
-        }
-    }
-    return ret;
-}
-
 ssize_t utf16_to_utf8_length(const char16_t *src, size_t src_len)
 {
-    // Keep the original pointer to compute the flawed length. Unused if we remove logging.
-    const char16_t *orig_src = src;
-
     if (src == NULL || src_len == 0) {
         return -1;
     }
@@ -477,19 +447,6 @@
             ret += utf32_codepoint_utf8_length((char32_t) *src++);
         }
     }
-    // Log whether b/29250543 is being exploited. It seems reasonable to assume that
-    // at least 5 bytes would be needed for an exploit. A single misplaced character might lead to
-    // a difference of 4, so this would rule out many false positives.
-    long ret_difference = ret - flawed_utf16_to_utf8_length(orig_src, src_len);
-    if (ret_difference >= 5) {
-        // Log the difference between new and old calculation. A high number, or equal numbers
-        // appearing frequently, would be indicative of an attack.
-        std::ostringstream logged_string_stream;
-        logged_string_stream << ret_difference;
-        std::string logged_string = logged_string_stream.str();
-        android_errorWriteWithInfoLog(0x534e4554, "29250543", -1 /* int_uid */,
-            logged_string.c_str(), logged_string.length() + 1);
-    }
     return ret;
 }