[RESTRICT AUTOMERGE] Fix clearkey CryptoPlugin use after free vulnerability. (7a398e72) · Commits · e / os / android_frameworks_av · GitLab

Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 7a398e72 authored Jan 22, 2021 by Edwin Wong

[RESTRICT AUTOMERGE] Fix clearkey CryptoPlugin use after free vulnerability.

The shared memory buffer used by srcPtr can be freed by another
thread because it is not protected by a mutex. Subsequently,
a use after free AIGABRT can occur in a race condition.

SafetyNet logging is not added to avoid log spamming. The
mutex lock is called to setup for decryption, which is
called frequently.

The crash was reproduced on the device before the fix.
Verified the test passes after the fix.

Test: sts
  sts-tradefed run sts-engbuild-no-spl-lock -m StsHostTestCases --test android.security.sts.Bug_176495665#testPocBug_176495665

Test: push to device with target_hwasan-userdebug build
  adb shell /data/local/tmp/Bug-176495665_sts64

Bug: 176495665
Bug: 176444161
Change-Id: Ie6e73804d8b764e53b1bd7a16cfbf04b4f3669b9

parent 746c14a7

Hide whitespace changes

Inline Side-by-side

Rohit Sekhar @merothh
mentioned in commit ac2858d6
· Sep 13, 2022

mentioned in commit ac2858d6

mentioned in commit ac2858d6faa69c7c2e04c5e44c51430627cd5598

Toggle commit list

Please register or to comment