[RESTRICT AUTOMERGE] Fix CryptoPlugin use after free vulnerability. (ae1c624b) · Commits · e / os / android_hardware_interfaces · GitLab

Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit ae1c624b authored Jan 23, 2021 by Edwin Wong

[RESTRICT AUTOMERGE] Fix CryptoPlugin use after free vulnerability.

The shared memory buffer used by srcPtr can be freed by another
thread because it is not protected by a mutex. Subsequently,
a use after free AIGABRT can occur in a race condition.

SafetyNet logging is not added to avoid log spamming. The
mutex lock is called to setup for decryption, which is
called frequently.

Test is run on rvc-dev branch, using target_hwasan-userdebug build.

Test: sts
  sts-tradefed run sts-engbuild-no-spl-lock -m StsHostTestCases --test android.security.sts.Bug_176495665#testPocBug_176495665

Test: push to device with target_hwasan-userdebug build
  adb shell /data/local/tmp/Bug-176495665_sts64

Bug: 176495665
Bug: 176444161
Change-Id: I3ec33cd444183f40ee76bec4c88dec0dac859cd3

parent ef66293e

Hide whitespace changes

Inline Side-by-side

Rohit Sekhar @merothh
mentioned in commit 73b40f6f
· Sep 25, 2023

mentioned in commit 73b40f6f

mentioned in commit 73b40f6f7edfe055ea02fb6d0433d908661b67f2

Toggle commit list

Please register or to comment