Fix vulnerability in LockSettings service (ae3aef22) · Commits · e / os / android_frameworks_base

core/java/com/android/internal/widget/LockPatternUtils.java

+2 −2

Original line number	Diff line number	Diff line
		@@ -291,7 +291,7 @@ public class LockPatternUtils {
		return false;
		}
		} catch (RemoteException re) {
		return true;
		return false;
		}
		}

		@@ -340,7 +340,7 @@ public class LockPatternUtils {
		return false;
		}
		} catch (RemoteException re) {
		return true;
		return false;
		}
		}

+6 −0

Original line number	Diff line number	Diff line
		@@ -519,6 +519,9 @@ public class LockSettingsService extends ILockSettings.Stub {
		private VerifyCredentialResponse doVerifyPattern(String pattern, boolean hasChallenge,
		long challenge, int userId) throws RemoteException {
		checkPasswordReadPermission(userId);
		if (TextUtils.isEmpty(pattern)) {
		throw new IllegalArgumentException("Pattern can't be null or empty");
		}
		CredentialHash storedHash = mStorage.readPatternHash(userId);
		boolean shouldReEnrollBaseZero = storedHash != null && storedHash.isBaseZeroPattern;

		@@ -575,6 +578,9 @@ public class LockSettingsService extends ILockSettings.Stub {
		private VerifyCredentialResponse doVerifyPassword(String password, boolean hasChallenge,
		long challenge, int userId) throws RemoteException {
		checkPasswordReadPermission(userId);
		if (TextUtils.isEmpty(password)) {
		throw new IllegalArgumentException("Password can't be null or empty");
		}
		CredentialHash storedHash = mStorage.readPasswordHash(userId);
		return verifyCredential(userId, storedHash, password, hasChallenge, challenge,
		new CredentialUtil() {