Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Skip to content
Unverified Commit 7dde2cfd authored by Edwin Wong's avatar Edwin Wong Committed by Kevin F. Haggerty
Browse files

Fix potential decrypt src pointer overflow. 

There is a potential integer overflow to bypass the
source base size check in decrypt. The source pointer
can then point to the outside of the source buffer,
which could potentially leak arbitrary memory content
to destination pointer.

Test: sts-tradefed
  sts-tradefed run sts-engbuild-no-spl-lock -m StsHostTestCases --test android.security.sts.Bug_176496160#testPocBug_176496160

Test: push to device with target_hwasan-userdebug build
  adb shell /data/local/tmp/Bug-17649616064

Bug: 176496160
Bug: 176444786
Change-Id: Iea3dcd44d0f4f61de3288ed1e26d8bd5e39115d2
(cherry picked from commit 9bae1251)
parent c4a1c736
Hide whitespace changes
Inline Side-by-side
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment