Fix vulnerability in LockSettings service am: 2d71384a13

am: 485fbda04c Change-Id: I07def32199ecdbbb32aa6ecaca20724cfc81265c
author: Jim Miller <jaggies@google.com> 2016-08-17 23:07:46 +0000
committer: android-build-merger <android-build-merger@google.com> 2016-08-17 23:07:46 +0000
commit: 229de7088e800815f5737cec4980e47754e03d63 (patch)
tree: 016a5f8ffb9f3359c901926883055381df94e02b
parent: 13edf0a70beaa2f59377c633d0e11c70abcb66f3 (diff)
parent: 485fbda04c7651413122422121fc96e4227a5f77 (diff)
2 files changed, 8 insertions, 2 deletions
diff --git a/core/java/com/android/internal/widget/LockPatternUtils.java b/core/java/com/android/internal/widget/LockPatternUtils.java
index 2e9f4f63899c..af0cc7e01a9e 100644
--- a/core/java/com/android/internal/widget/LockPatternUtils.java
+++ b/core/java/com/android/internal/widget/LockPatternUtils.java
@@ -296,7 +296,7 @@ public class LockPatternUtils {
                 return false;
             }
         } catch (RemoteException re) {
-            return true;
+            return false;
         }
     }
 
@@ -345,7 +345,7 @@ public class LockPatternUtils {
                 return false;
             }
         } catch (RemoteException re) {
-            return true;
+            return false;
         }
     }
 
diff --git a/services/core/java/com/android/server/LockSettingsService.java b/services/core/java/com/android/server/LockSettingsService.java
index f1678d26e119..7eaec1689847 100644
--- a/services/core/java/com/android/server/LockSettingsService.java
+++ b/services/core/java/com/android/server/LockSettingsService.java
@@ -523,6 +523,9 @@ public class LockSettingsService extends ILockSettings.Stub {
     private VerifyCredentialResponse doVerifyPattern(String pattern, boolean hasChallenge,
             long challenge, int userId) throws RemoteException {
        checkPasswordReadPermission(userId);
+       if (TextUtils.isEmpty(pattern)) {
+           throw new IllegalArgumentException("Pattern can't be null or empty");
+       }
        CredentialHash storedHash = mStorage.readPatternHash(userId);
        boolean shouldReEnrollBaseZero = storedHash != null && storedHash.isBaseZeroPattern;
 
@@ -579,6 +582,9 @@ public class LockSettingsService extends ILockSettings.Stub {
     private VerifyCredentialResponse doVerifyPassword(String password, boolean hasChallenge,
             long challenge, int userId) throws RemoteException {
        checkPasswordReadPermission(userId);
+       if (TextUtils.isEmpty(password)) {
+           throw new IllegalArgumentException("Password can't be null or empty");
+       }
        CredentialHash storedHash = mStorage.readPasswordHash(userId);
        return verifyCredential(userId, storedHash, password, hasChallenge, challenge,
                new CredentialUtil() {
author	Jim Miller <jaggies@google.com>	2016-08-17 23:07:46 +0000
committer	android-build-merger <android-build-merger@google.com>	2016-08-17 23:07:46 +0000
commit	229de7088e800815f5737cec4980e47754e03d63 (patch)
tree	016a5f8ffb9f3359c901926883055381df94e02b
parent	13edf0a70beaa2f59377c633d0e11c70abcb66f3 (diff)
parent	485fbda04c7651413122422121fc96e4227a5f77 (diff)