Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Skip to content
Commit a7dd68bd authored by Edwin Wong's avatar Edwin Wong
Browse files

[RESTRICT AUTOMERGE] Fix potential decrypt srcPtr overflow. 

There is a potential integer overflow to bypass the
source base size check in decrypt. The source pointer
can then point to the outside of the source buffer,
which could potentially leak arbitrary memory content
to destination pointer.

Test: sts-tradefed
  sts-tradefed run sts-engbuild-no-spl-lock -m StsHostTestCases --test android.security.sts.Bug_176496160#testPocBug_176496160

Test: push to device with target_hwasan-userdebug build
  adb shell /data/local/tmp/Bug-17649616064

Bug: 176496160
Bug: 176444786
Change-Id: Iea3dcd44d0f4f61de3288ed1e26d8bd5e39115d2
parent 7e3c0ce9
Hide whitespace changes
Inline Side-by-side
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment