OSDN Git Service

(root) / android-x86 / frameworks-base.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: c998deb)
Fix vulnerability in LockSettings service
authorJim Miller <jaggies@google.com>
Wed, 10 Aug 2016 22:43:17 +0000 (15:43 -0700)
committergitbuildkicker <android-build@google.com>
Fri, 26 Aug 2016 04:56:19 +0000 (21:56 -0700)
Fixes bug 30003944

Change-Id: I8700d4424c6186c8d5e71d2fdede0223ad86904d
(cherry picked from commit 2d71384a139ae27cbc7b57f06662bf6ee2010f2b)

core/java/com/android/internal/widget/LockPatternUtils.java patch | blob | history
services/core/java/com/android/server/LockSettingsService.java patch | blob | history

diff --git a/core/java/com/android/internal/widget/LockPatternUtils.java b/core/java/com/android/internal/widget/LockPatternUtils.java
index 60380fb..0aef320 100644 (file)
--- a/core/java/com/android/internal/widget/LockPatternUtils.java
+++ b/core/java/com/android/internal/widget/LockPatternUtils.java
@@ -291,7 +291,7 @@ public class LockPatternUtils {
                 return false;
             }
         } catch (RemoteException re) {
-            return true;
+            return false;
         }
     }
 
@@ -340,7 +340,7 @@ public class LockPatternUtils {
                 return false;
             }
         } catch (RemoteException re) {
-            return true;
+            return false;
         }
     }
 
diff --git a/services/core/java/com/android/server/LockSettingsService.java b/services/core/java/com/android/server/LockSettingsService.java
index 55682c2..6cb2875 100644 (file)
--- a/services/core/java/com/android/server/LockSettingsService.java
+++ b/services/core/java/com/android/server/LockSettingsService.java
@@ -519,6 +519,9 @@ public class LockSettingsService extends ILockSettings.Stub {
     private VerifyCredentialResponse doVerifyPattern(String pattern, boolean hasChallenge,
             long challenge, int userId) throws RemoteException {
        checkPasswordReadPermission(userId);
+       if (TextUtils.isEmpty(pattern)) {
+           throw new IllegalArgumentException("Pattern can't be null or empty");
+       }
        CredentialHash storedHash = mStorage.readPatternHash(userId);
        boolean shouldReEnrollBaseZero = storedHash != null && storedHash.isBaseZeroPattern;
 
@@ -575,6 +578,9 @@ public class LockSettingsService extends ILockSettings.Stub {
     private VerifyCredentialResponse doVerifyPassword(String password, boolean hasChallenge,
             long challenge, int userId) throws RemoteException {
        checkPasswordReadPermission(userId);
+       if (TextUtils.isEmpty(password)) {
+           throw new IllegalArgumentException("Password can't be null or empty");
+       }
        CredentialHash storedHash = mStorage.readPasswordHash(userId);
        return verifyCredential(userId, storedHash, password, hasChallenge, challenge,
                new CredentialUtil() {
frameworks/base
About OSDN
Find Software
Develop Software
Help