Fix vulnerability in LockSettings service (d7a94a8e) · Commits · e / os / android_frameworks_base

core/java/com/android/internal/widget/LockPatternUtils.java

+2 −2

Original line number	Diff line number	Diff line
		@@ -354,7 +354,7 @@ public class LockPatternUtils {
		return false;
		}
		} catch (RemoteException re) {
		return true;
		return false;
		}
		}

		@@ -435,7 +435,7 @@ public class LockPatternUtils {
		return false;
		}
		} catch (RemoteException re) {
		return true;
		return false;
		}
		}

+6 −0

Original line number	Diff line number	Diff line
		@@ -1215,6 +1215,9 @@ public class LockSettingsService extends ILockSettings.Stub {
		private VerifyCredentialResponse doVerifyPattern(String pattern, boolean hasChallenge,
		long challenge, int userId) throws RemoteException {
		checkPasswordReadPermission(userId);
		if (TextUtils.isEmpty(pattern)) {
		throw new IllegalArgumentException("Pattern can't be null or empty");
		}
		CredentialHash storedHash = mStorage.readPatternHash(userId);
		return doVerifyPattern(pattern, storedHash, hasChallenge, challenge, userId);
		}
		@@ -1306,6 +1309,9 @@ public class LockSettingsService extends ILockSettings.Stub {
		private VerifyCredentialResponse doVerifyPassword(String password, boolean hasChallenge,
		long challenge, int userId) throws RemoteException {
		checkPasswordReadPermission(userId);
		if (TextUtils.isEmpty(password)) {
		throw new IllegalArgumentException("Password can't be null or empty");
		}
		CredentialHash storedHash = mStorage.readPasswordHash(userId);
		return doVerifyPassword(password, storedHash, hasChallenge, challenge, userId);
		}