Gitiles
Code Review Sign In
LeafOS / LeafOS-Project / android_frameworks_base / 18a6ada4aa136da4f50f03fff91d61d448ced195
commit18a6ada4aa136da4f50f03fff91d61d448ced195[log] [tgz]
authorRyan Mitchell <rtmitchell@google.com>Wed May 30 12:17:01 2018 -0700
committerRyan Mitchell <rtmitchell@google.com>Tue Jun 05 22:05:11 2018 +0000
tree6e92164af48a4e38ea2a8fbb6fee1a3ebb7f914d
parent2d6209f71de8f88526f97526d40304eef626219a [diff]
Fix DynamicRefTable::load security bug

DynamicRefTables parsed from apks are missing bounds checks that prevent
buffer overflows. This changes verifies the bounds of the header before
attempting to preform operations on the chunk.

Bug: 79488511
Test: run cts -m CtsAppSecurityHostTestCases \
        -t android.appsecurity.cts.CorruptApkTests

Change-Id: I02c8ad957da244fce777ac68a482e4e8fa70f846
Merged-In: I02c8ad957da244fce777ac68a482e4e8fa70f846
1 file changed
tree: 6e92164af48a4e38ea2a8fbb6fee1a3ebb7f914d
  1. apct-tests/
  2. api/
  3. cmds/
  4. config/
  5. core/
  6. data/
  7. docs/
  8. drm/
  9. graphics/
  10. keystore/
  11. legacy-test/
  12. libs/
  13. location/
  14. lowpan/
  15. media/
  16. native/
  17. nfc-extras/
  18. obex/
  19. opengl/
  20. packages/
  21. proto/
  22. rs/
  23. samples/
  24. sax/
  25. services/
  26. telecomm/
  27. telephony/
  28. test-runner/
  29. tests/
  30. tools/
  31. vr/
  32. wifi/
  33. Android.bp
  34. Android.mk
  35. CleanSpec.mk
  36. MODULE_LICENSE_APACHE2
  37. NOTICE
  38. pathmap.mk
  39. PREUPLOAD.cfg