Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Skip to content
Commit 909e636a authored by Edwin Wong's avatar Edwin Wong Committed by android-build-team Robot
Browse files

Fix potential decrypt destPtr overflow. 

There is a potential integer overflow to bypass the
destination base size check in decrypt. The destPtr
can then point to the outside of the destination buffer.

Test: sts-tradefed
  sts-tradefed run sts-engbuild-no-spl-lock -m StsHostTestCases --test android.security.sts.Bug_176444622#testPocBug_176444622

Test: push to device with target_hwasan-userdebug build
  adb shell /data/local/tmp/Bug-17644462264

Bug: 176444622
Bug: 176496353
Change-Id: Idac48307edd45fc8282902c4beeb2c8ca94f8cf3
Merged-In: Idac48307edd45fc8282902c4beeb2c8ca94f8cf3
(cherry picked from commit 49c0fe41)
parent 9b1a401a
Hide whitespace changes
Inline Side-by-side
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment