Android/frameworks_base
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merge "Fix vulnerability in LockSettings service" into nyc-mr1-dev

Browse Source
This commit is contained in:
TreeHugger Robot
2016-07-18 20:54:44 +00:00
committed by Android (Google) Code Review
parent b822f7a956 29d157bf05
commit 6ad9c16ffd
2 changed files with 9 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
core/java/com/android/internal/widget/LockPatternUtils.java
View File

@@ -371,7 +371,7 @@ public class LockPatternUtils {
return false;
}
} catch (RemoteException re) {
return true;
return false;
}
}
@@ -464,7 +464,7 @@ public class LockPatternUtils {
return false;
}
} catch (RemoteException re) {
return true;
return false;
}
}

7
services/core/java/com/android/server/LockSettingsService.java
View File

@@ -1243,6 +1243,10 @@ public class LockSettingsService extends ILockSettings.Stub {
private VerifyCredentialResponse doVerifyPattern(String pattern, CredentialHash storedHash,
boolean hasChallenge, long challenge, int userId,
ICheckCredentialProgressCallback progressCallback) throws RemoteException {
if (TextUtils.isEmpty(pattern)) {
throw new IllegalArgumentException("Pattern can't be null or empty");
}
boolean shouldReEnrollBaseZero = storedHash != null && storedHash.isBaseZeroPattern;
String patternToVerify;
@@ -1340,6 +1344,9 @@ public class LockSettingsService extends ILockSettings.Stub {
private VerifyCredentialResponse doVerifyPassword(String password, CredentialHash storedHash,
boolean hasChallenge, long challenge, int userId,
ICheckCredentialProgressCallback progressCallback) throws RemoteException {
if (TextUtils.isEmpty(password)) {
throw new IllegalArgumentException("Password can't be null or empty");
}
return verifyCredential(userId, storedHash, password, hasChallenge, challenge,
new CredentialUtil() {
@Override