Android/frameworks_base
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Fix vulnerability in LockSettings service

Browse Source 
am: 2d71384a13

Change-Id: I62ca5fb150022fe0971329294b1063957f397248
This commit is contained in:
Jim Miller
2016-08-17 22:59:27 +00:00
committed by android-build-merger
parent 72933c623c 2d71384a13
commit 485fbda04c
2 changed files with 8 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
core/java/com/android/internal/widget/LockPatternUtils.java
View File

@@ -291,7 +291,7 @@ public class LockPatternUtils {
return false;
}
} catch (RemoteException re) {
return true;
return false;
}
}
@@ -340,7 +340,7 @@ public class LockPatternUtils {
return false;
}
} catch (RemoteException re) {
return true;
return false;
}
}

6
services/core/java/com/android/server/LockSettingsService.java
View File

@@ -519,6 +519,9 @@ public class LockSettingsService extends ILockSettings.Stub {
private VerifyCredentialResponse doVerifyPattern(String pattern, boolean hasChallenge,
long challenge, int userId) throws RemoteException {
checkPasswordReadPermission(userId);
if (TextUtils.isEmpty(pattern)) {
throw new IllegalArgumentException("Pattern can't be null or empty");
}
CredentialHash storedHash = mStorage.readPatternHash(userId);
boolean shouldReEnrollBaseZero = storedHash != null && storedHash.isBaseZeroPattern;
@@ -575,6 +578,9 @@ public class LockSettingsService extends ILockSettings.Stub {
private VerifyCredentialResponse doVerifyPassword(String password, boolean hasChallenge,
long challenge, int userId) throws RemoteException {
checkPasswordReadPermission(userId);
if (TextUtils.isEmpty(password)) {
throw new IllegalArgumentException("Password can't be null or empty");
}
CredentialHash storedHash = mStorage.readPasswordHash(userId);
return verifyCredential(userId, storedHash, password, hasChallenge, challenge,
new CredentialUtil() {