gatekeeperd: fixed potential nullptr deref

gatekeeperd verifyChallenge may use several pointer parameters unchecked. Also fixed broken length parameter check. Bug: 127909982 Test: Not yet Change-Id: I708bdc8afcb30f252385e51c4aa4bcefe1ef1045
2019-03-14 13:48:30 -07:00 · 2019-03-14 13:48:30 -07:00 · e8d2835d8d
commit e8d2835d8d
parent 020f61bca8
1 changed files with 3 additions and 2 deletions
--- a/gatekeeperd/gatekeeperd.cpp
+++ b/gatekeeperd/gatekeeperd.cpp
@ -273,7 +273,8 @@ public:
        }

        // can't verify if we're missing either param
-        if ((enrolled_password_handle_length | provided_password_length) == 0)
+        if (enrolled_password_handle == nullptr || provided_password == nullptr ||
+            enrolled_password_handle_length == 0 || provided_password_length == 0)
            return -EINVAL;

        int ret;
@ -322,7 +323,7 @@ public:

                if (ret == 0) {
                    // success! re-enroll with HAL
-                    *request_reenroll = true;
+                    if (request_reenroll != nullptr) *request_reenroll = true;
                }
            }
        } else {