Fix vulnerability in LockSettings service

Fixes bug 30003944 Change-Id: I8700d4424c6186c8d5e71d2fdede0223ad86904d (cherry picked from commit 2d71384a139ae27cbc7b57f06662bf6ee2010f2b)
author: Jim Miller <jaggies@google.com> 2016-08-10 15:43:17 -0700
committer: gitbuildkicker <android-build@google.com> 2016-08-26 10:40:53 -0700
commit: 96daf7d4893f614714761af2d53dfb93214a32e4 (patch)
tree: 6e5f6d8ddb35fe6524a0b441f75fa10ae33f4676
parent: 6c049120c2d749f0c0289d822ec7d0aa692f55c5 (diff)
download: base-96daf7d4893f614714761af2d53dfb93214a32e4.tar.gz
2 files changed, 8 insertions, 2 deletions
diff --git a/core/java/com/android/internal/widget/LockPatternUtils.java b/core/java/com/android/internal/widget/LockPatternUtils.java
index 2e0dfa5fa731..7f2f740f2ee2 100644
--- a/core/java/com/android/internal/widget/LockPatternUtils.java
+++ b/core/java/com/android/internal/widget/LockPatternUtils.java
@@ -354,7 +354,7 @@ public class LockPatternUtils {
                 return false;
             }
         } catch (RemoteException re) {
-            return true;
+            return false;
         }
     }
 
@@ -435,7 +435,7 @@ public class LockPatternUtils {
                 return false;
             }
         } catch (RemoteException re) {
-            return true;
+            return false;
         }
     }
 
diff --git a/services/core/java/com/android/server/LockSettingsService.java b/services/core/java/com/android/server/LockSettingsService.java
index d64fe32cca55..42e75c6632a5 100644
--- a/services/core/java/com/android/server/LockSettingsService.java
+++ b/services/core/java/com/android/server/LockSettingsService.java
@@ -1215,6 +1215,9 @@ public class LockSettingsService extends ILockSettings.Stub {
     private VerifyCredentialResponse doVerifyPattern(String pattern, boolean hasChallenge,
             long challenge, int userId) throws RemoteException {
        checkPasswordReadPermission(userId);
+       if (TextUtils.isEmpty(pattern)) {
+           throw new IllegalArgumentException("Pattern can't be null or empty");
+       }
        CredentialHash storedHash = mStorage.readPatternHash(userId);
        return doVerifyPattern(pattern, storedHash, hasChallenge, challenge, userId);
     }
@@ -1306,6 +1309,9 @@ public class LockSettingsService extends ILockSettings.Stub {
     private VerifyCredentialResponse doVerifyPassword(String password, boolean hasChallenge,
             long challenge, int userId) throws RemoteException {
        checkPasswordReadPermission(userId);
+       if (TextUtils.isEmpty(password)) {
+           throw new IllegalArgumentException("Password can't be null or empty");
+       }
        CredentialHash storedHash = mStorage.readPasswordHash(userId);
        return doVerifyPassword(password, storedHash, hasChallenge, challenge, userId);
     }
author	Jim Miller <jaggies@google.com>	2016-08-10 15:43:17 -0700
committer	gitbuildkicker <android-build@google.com>	2016-08-26 10:40:53 -0700
commit	96daf7d4893f614714761af2d53dfb93214a32e4 (patch)
tree	6e5f6d8ddb35fe6524a0b441f75fa10ae33f4676
parent	6c049120c2d749f0c0289d822ec7d0aa692f55c5 (diff)
download	base-96daf7d4893f614714761af2d53dfb93214a32e4.tar.gz