summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authortyiu <tyiu@google.com>2023-04-03 23:40:58 +0000
committerAutomerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>2023-04-03 23:40:58 +0000
commit863b6b563d7f6353ce74e55b7d9bd8191972ec0a (patch)
tree5eb6a0b527bb112f63558135826ca829ca77334d
parent6f46453f113949d5599839996d36509d17d00185 (diff)
parentca8d670c1656a6a47ef0f31fdfe1744d75fe5543 (diff)
downloadnative-863b6b563d7f6353ce74e55b7d9bd8191972ec0a.tar.gz
RESTRICT AUTOMERGE: Fix HMAC Compare time attack am: ca8d670c16
Original change: https://googleplex-android-review.googlesource.com/c/platform/frameworks/native/+/21804206 Change-Id: I94349bd9d8fff3cddc401e8d389663aa44960204 Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
Diffstat
-rw-r--r--services/inputflinger/dispatcher/InputDispatcher.cpp3
1 files changed, 2 insertions, 1 deletions
diff --git a/services/inputflinger/dispatcher/InputDispatcher.cpp b/services/inputflinger/dispatcher/InputDispatcher.cpp
index 5e9427ad87..da461285f5 100644
--- a/services/inputflinger/dispatcher/InputDispatcher.cpp
+++ b/services/inputflinger/dispatcher/InputDispatcher.cpp
@@ -27,6 +27,7 @@
#include <ftl/enum.h>
#include <gui/SurfaceComposerClient.h>
#include <input/InputDevice.h>
+#include <openssl/mem.h>
#include <powermanager/PowerManager.h>
#include <unistd.h>
#include <utils/Trace.h>
@@ -4422,7 +4423,7 @@ std::unique_ptr<VerifiedInputEvent> InputDispatcher::verifyInputEvent(const Inpu
if (calculatedHmac == INVALID_HMAC) {
return nullptr;
}
- if (calculatedHmac != event.getHmac()) {
+ if (0 != CRYPTO_memcmp(calculatedHmac.data(), event.getHmac().data(), calculatedHmac.size())) {
return nullptr;
}
return result;
generated by cgit v1.2.3 (git 2.25.1) at 2024-06-01 06:02:27 +0000