Android/frameworks_base
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Fix vulnerability in LockSettings service am: 2d71384a13 am: 485fbda04c am: 229de7088e

Browse Source 
am: cb83f6188b

Change-Id: I82302931ab714e25ec21721dc05480e1f2d447b0
This commit is contained in:
Jim Miller
2016-08-17 23:22:33 +00:00
committed by android-build-merger
parent 96855c49a6 cb83f6188b
commit e3457fc127
2 changed files with 8 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
core/java/com/android/internal/widget/LockPatternUtils.java
View File

@@ -354,7 +354,7 @@ public class LockPatternUtils {
return false;
}
} catch (RemoteException re) {
return true;
return false;
}
}
@@ -435,7 +435,7 @@ public class LockPatternUtils {
return false;
}
} catch (RemoteException re) {
return true;
return false;
}
}

6
services/core/java/com/android/server/LockSettingsService.java
View File

@@ -1215,6 +1215,9 @@ public class LockSettingsService extends ILockSettings.Stub {
private VerifyCredentialResponse doVerifyPattern(String pattern, boolean hasChallenge,
long challenge, int userId) throws RemoteException {
checkPasswordReadPermission(userId);
if (TextUtils.isEmpty(pattern)) {
throw new IllegalArgumentException("Pattern can't be null or empty");
}
CredentialHash storedHash = mStorage.readPatternHash(userId);
return doVerifyPattern(pattern, storedHash, hasChallenge, challenge, userId);
}
@@ -1306,6 +1309,9 @@ public class LockSettingsService extends ILockSettings.Stub {
private VerifyCredentialResponse doVerifyPassword(String password, boolean hasChallenge,
long challenge, int userId) throws RemoteException {
checkPasswordReadPermission(userId);
if (TextUtils.isEmpty(password)) {
throw new IllegalArgumentException("Password can't be null or empty");
}
CredentialHash storedHash = mStorage.readPasswordHash(userId);
return doVerifyPassword(password, storedHash, hasChallenge, challenge, userId);
}