gatekeeperd: protect from invalid data passed by HAL

Bug: 31349112 Change-Id: I6c0656f85e44054147f8795c98baab7a98f575b9 Signed-off-by: Alexey Polyudov <apolyudov@google.com>
2016-09-07 18:51:28 -07:00 · 2016-09-07 18:51:28 -07:00 · 8c63536ded
commit 8c63536ded
parent 03067a21e7
1 changed files with 8 additions and 1 deletions
--- a/gatekeeperd/gatekeeperd.cpp
+++ b/gatekeeperd/gatekeeperd.cpp
@ -169,7 +169,14 @@ public:
                    enrolled_password_handle, enrolled_password_handle_length);
        }

-        if (ret == 0) {
+        if (ret == GATEKEEPER_RESPONSE_OK && (*enrolled_password_handle == nullptr ||
+            *enrolled_password_handle_length != sizeof(password_handle_t))) {
+            ret = GATEKEEPER_RESPONSE_ERROR;
+            ALOGE("HAL: password_handle=%p size_of_handle=%" PRIu32 "\n",
+                  *enrolled_password_handle, *enrolled_password_handle_length);
+        }
+
+        if (ret == GATEKEEPER_RESPONSE_OK) {
            gatekeeper::password_handle_t *handle =
                    reinterpret_cast<gatekeeper::password_handle_t *>(*enrolled_password_handle);
            store_sid(uid, handle->user_id);