Fix vulnerability in LockSettings service

Fixes bug 30003944 Change-Id: I8700d4424c6186c8d5e71d2fdede0223ad86904d
author: Jim Miller <jaggies@google.com> 2016-07-15 17:24:08 -0700
committer: Jim Miller <jaggies@google.com> 2016-07-15 17:28:53 -0700
commit: 29d157bf0557bda04ffeda64f2dd4239d91aa5f4 (patch)
tree: e35bee574fad232642fffb285a46b42a81a707b1
parent: 843979a3b3708af61859e7f10083de0a5fec94ce (diff)
2 files changed, 9 insertions, 2 deletions
diff --git a/core/java/com/android/internal/widget/LockPatternUtils.java b/core/java/com/android/internal/widget/LockPatternUtils.java
index 0059d4df79f7..d3792ade9965 100644
--- a/core/java/com/android/internal/widget/LockPatternUtils.java
+++ b/core/java/com/android/internal/widget/LockPatternUtils.java
@@ -371,7 +371,7 @@ public class LockPatternUtils {
                 return false;
             }
         } catch (RemoteException re) {
-            return true;
+            return false;
         }
     }
 
@@ -464,7 +464,7 @@ public class LockPatternUtils {
                 return false;
             }
         } catch (RemoteException re) {
-            return true;
+            return false;
         }
     }
 
diff --git a/services/core/java/com/android/server/LockSettingsService.java b/services/core/java/com/android/server/LockSettingsService.java
index 0cce2a226392..33c2ea28d7d1 100644
--- a/services/core/java/com/android/server/LockSettingsService.java
+++ b/services/core/java/com/android/server/LockSettingsService.java
@@ -1243,6 +1243,10 @@ public class LockSettingsService extends ILockSettings.Stub {
     private VerifyCredentialResponse doVerifyPattern(String pattern, CredentialHash storedHash,
             boolean hasChallenge, long challenge, int userId,
             ICheckCredentialProgressCallback progressCallback) throws RemoteException {
+
+       if (TextUtils.isEmpty(pattern)) {
+           throw new IllegalArgumentException("Pattern can't be null or empty");
+       }
        boolean shouldReEnrollBaseZero = storedHash != null && storedHash.isBaseZeroPattern;
 
        String patternToVerify;
@@ -1340,6 +1344,9 @@ public class LockSettingsService extends ILockSettings.Stub {
     private VerifyCredentialResponse doVerifyPassword(String password, CredentialHash storedHash,
             boolean hasChallenge, long challenge, int userId,
             ICheckCredentialProgressCallback progressCallback) throws RemoteException {
+       if (TextUtils.isEmpty(password)) {
+           throw new IllegalArgumentException("Password can't be null or empty");
+       }
        return verifyCredential(userId, storedHash, password, hasChallenge, challenge,
                new CredentialUtil() {
                    @Override
author	Jim Miller <jaggies@google.com>	2016-07-15 17:24:08 -0700
committer	Jim Miller <jaggies@google.com>	2016-07-15 17:28:53 -0700
commit	29d157bf0557bda04ffeda64f2dd4239d91aa5f4 (patch)
tree	e35bee574fad232642fffb285a46b42a81a707b1
parent	843979a3b3708af61859e7f10083de0a5fec94ce (diff)