git.osdn.net Git - android-x86/frameworks-native.git/commit

author	Siarhei Vishniakou <svv@google.com>
	Sat, 17 Nov 2018 06:18:53 +0000 (22:18 -0800)
committer	akirilov <akirilov@google.com>
	Wed, 5 Dec 2018 02:19:49 +0000 (18:19 -0800)
commit	e730f5aaa1c726ee9998a080e2d7f6284f4afec8
tree	559c7965ff9cf84d6e38d2f24a6428bf9ab9c835	tree \| snapshot
parent	11ed3dccbd7c60f8a3c04f36a5e86b77e2e6b7e8	commit \| diff

Sanitize InputMessage before sending

The struct InputMessage has many fields, and is force-aligned to 8-byte
boundaries. There are also some padding fields that carry no
information.

This struct is typically allocated in the stack and populated with
various values before being sent across as a stream of bytes through the
socket.

Therefore, the "unused" data portions of the struct could contain
portions of the stack, since there aren't ever writes to those memory
locations.

To avoid this information leak, forcefully sanitize the struct. Create a
new struct that is explicitly set to zero. Next, only fill the
meaningful fields manually.

Bug: 115739809
Test: cts-tradefed run cts -m CtsSecurityBulletinHostTestCases -t android.security.cts.Poc18_12; adb shell monkey 100000
Change-Id: I7e44dacf1e8fa3156c8e4d2f7784ef0c53dab507
Merged-In: I7e44dacf1e8fa3156c8e4d2f7784ef0c53dab507

include/input/InputTransport.h		diff \| blob \| history
libs/input/InputTransport.cpp		diff \| blob \| history
libs/input/tests/StructLayout_test.cpp		diff \| blob \| history