diff options
author | Jim Miller <jaggies@google.com> | 2016-08-10 15:43:17 -0700 |
---|---|---|
committer | gitbuildkicker <android-build@google.com> | 2016-08-26 10:40:53 -0700 |
commit | 96daf7d4893f614714761af2d53dfb93214a32e4 (patch) | |
tree | 6e5f6d8ddb35fe6524a0b441f75fa10ae33f4676 | |
parent | 6c049120c2d749f0c0289d822ec7d0aa692f55c5 (diff) | |
download | base-96daf7d4893f614714761af2d53dfb93214a32e4.tar.gz |
Fix vulnerability in LockSettings service
Fixes bug 30003944
Change-Id: I8700d4424c6186c8d5e71d2fdede0223ad86904d
(cherry picked from commit 2d71384a139ae27cbc7b57f06662bf6ee2010f2b)
-rw-r--r-- | core/java/com/android/internal/widget/LockPatternUtils.java | 4 | ||||
-rw-r--r-- | services/core/java/com/android/server/LockSettingsService.java | 6 |
2 files changed, 8 insertions, 2 deletions
diff --git a/core/java/com/android/internal/widget/LockPatternUtils.java b/core/java/com/android/internal/widget/LockPatternUtils.java index 2e0dfa5fa731..7f2f740f2ee2 100644 --- a/core/java/com/android/internal/widget/LockPatternUtils.java +++ b/core/java/com/android/internal/widget/LockPatternUtils.java @@ -354,7 +354,7 @@ public class LockPatternUtils { return false; } } catch (RemoteException re) { - return true; + return false; } } @@ -435,7 +435,7 @@ public class LockPatternUtils { return false; } } catch (RemoteException re) { - return true; + return false; } } diff --git a/services/core/java/com/android/server/LockSettingsService.java b/services/core/java/com/android/server/LockSettingsService.java index d64fe32cca55..42e75c6632a5 100644 --- a/services/core/java/com/android/server/LockSettingsService.java +++ b/services/core/java/com/android/server/LockSettingsService.java @@ -1215,6 +1215,9 @@ public class LockSettingsService extends ILockSettings.Stub { private VerifyCredentialResponse doVerifyPattern(String pattern, boolean hasChallenge, long challenge, int userId) throws RemoteException { checkPasswordReadPermission(userId); + if (TextUtils.isEmpty(pattern)) { + throw new IllegalArgumentException("Pattern can't be null or empty"); + } CredentialHash storedHash = mStorage.readPatternHash(userId); return doVerifyPattern(pattern, storedHash, hasChallenge, challenge, userId); } @@ -1306,6 +1309,9 @@ public class LockSettingsService extends ILockSettings.Stub { private VerifyCredentialResponse doVerifyPassword(String password, boolean hasChallenge, long challenge, int userId) throws RemoteException { checkPasswordReadPermission(userId); + if (TextUtils.isEmpty(password)) { + throw new IllegalArgumentException("Password can't be null or empty"); + } CredentialHash storedHash = mStorage.readPasswordHash(userId); return doVerifyPassword(password, storedHash, hasChallenge, challenge, userId); } |