gatekeeperd: fixed potential nullptr deref gatekeeperd verifyChallenge may use several pointer parameters unchecked. Also fixed broken length parameter check. Bug: 127909982 Test: Not yet Change-Id: I708bdc8afcb30f252385e51c4aa4bcefe1ef1045

commit: 514e456fbea95d9e9165c67afc0f0512515d8113 [log] [tgz]
author: Janis Danisevskis <jdanis@google.com> Thu Mar 14 13:48:30 2019 -0700
committer: Janis Danisevskis <jdanis@google.com> Thu Mar 14 13:51:50 2019 -0700
tree: 98b142a309b7e3c72309b89d9eb0b426c8df9344
parent: bcf0e9c9e8ff81426ccdcc02df829a12965e0b65 [diff]
diff --git a/gatekeeperd/gatekeeperd.cpp b/gatekeeperd/gatekeeperd.cpp
index 8700c34..5451819 100644
--- a/gatekeeperd/gatekeeperd.cpp
+++ b/gatekeeperd/gatekeeperd.cpp

@@ -273,7 +273,8 @@
         }
 
         // can't verify if we're missing either param
-        if ((enrolled_password_handle_length | provided_password_length) == 0)
+        if (enrolled_password_handle == nullptr || provided_password == nullptr ||
+            enrolled_password_handle_length == 0 || provided_password_length == 0)
             return -EINVAL;
 
         int ret;
@@ -322,7 +323,7 @@
 
                 if (ret == 0) {
                     // success! re-enroll with HAL
-                    *request_reenroll = true;
+                    if (request_reenroll != nullptr) *request_reenroll = true;
                 }
             }
         } else {
commit	514e456fbea95d9e9165c67afc0f0512515d8113	[log] [tgz]
author	Janis Danisevskis <jdanis@google.com>	Thu Mar 14 13:48:30 2019 -0700
committer	Janis Danisevskis <jdanis@google.com>	Thu Mar 14 13:51:50 2019 -0700
tree	98b142a309b7e3c72309b89d9eb0b426c8df9344
parent	bcf0e9c9e8ff81426ccdcc02df829a12965e0b65 [diff]