OSDN Git Service

(root) / android-x86 / frameworks-base.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 0da68f3) | patch
ResStringPool: Fix security vulnerability
authory <rtmitchell@google.com>
Fri, 6 Apr 2018 00:57:27 +0000 (17:57 -0700)
committerandroid-build-team Robot <android-build-team-robot@google.com>
Fri, 10 Aug 2018 20:27:12 +0000 (20:27 +0000)
commit4ab6bce2d969cceeafe29b59a4e77d41e292ae4e
tree695361ed6494478e14bcaf79458393fe8bb1f029tree | snapshot
parent0da68f30a9262a74c47a6c12f99d848320c8aefccommit | diff
ResStringPool: Fix security vulnerability

Adds detection of attacker-modified size and data fields passed to
ResStringPool::setTo(). These attacks are modified apks that AAPT would
not normally generate. In the rare case this occurs, the installation
cannot be allowed to continue.

Bug: 71361168
Bug: 71360999
Test: run cts -m CtsAppSecurityHostTestCases \
          -t android.appsecurity.cts.CorruptApkTests

Change-Id: If7eb93a9e723b16c8a0556fc4e20006aa0391d57
Merged-In: If7eb93a9e723b16c8a0556fc4e20006aa0391d57
(cherry picked from commit 7e54c3f261d81316b75cb734075319108d8bc1d1)
libs/androidfw/ResourceTypes.cpp diff | blob | history
frameworks/base
About OSDN
Find Software
Develop Software
Help