gatekeeperd: protect from invalid data passed by HAL am: 8c63536ded am: 563ed1672f Change-Id: I524b468ef7d54444feaceacbcdc66861a1cada0c

commit: 48e00f74709e08ae873075b33b2e6e4ceee5d5a7 [log] [tgz]
author: Alexey Polyudov <apolyudov@google.com> Wed Jan 04 03:33:20 2017 +0000
committer: android-build-merger <android-build-merger@google.com> Wed Jan 04 03:33:20 2017 +0000
tree: 8c6fff46279d8b67854dd36f6c771448436aae1c
parent: f456868d8421c0a86a83c83c9c3b5a4c24e6fcf8 [diff]
parent: 563ed1672fdddedc7e9475a57ceee6dfdb133950 [diff]
diff --git a/gatekeeperd/gatekeeperd.cpp b/gatekeeperd/gatekeeperd.cpp
index d2c119d..4a7138a 100644
--- a/gatekeeperd/gatekeeperd.cpp
+++ b/gatekeeperd/gatekeeperd.cpp

@@ -196,7 +196,14 @@
                     enrolled_password_handle, enrolled_password_handle_length);
         }
 
-        if (ret == 0) {
+        if (ret == GATEKEEPER_RESPONSE_OK && (*enrolled_password_handle == nullptr ||
+            *enrolled_password_handle_length != sizeof(password_handle_t))) {
+            ret = GATEKEEPER_RESPONSE_ERROR;
+            ALOGE("HAL: password_handle=%p size_of_handle=%" PRIu32 "\n",
+                  *enrolled_password_handle, *enrolled_password_handle_length);
+        }
+
+        if (ret == GATEKEEPER_RESPONSE_OK) {
             gatekeeper::password_handle_t *handle =
                     reinterpret_cast<gatekeeper::password_handle_t *>(*enrolled_password_handle);
             store_sid(uid, handle->user_id);
commit	48e00f74709e08ae873075b33b2e6e4ceee5d5a7	[log] [tgz]
author	Alexey Polyudov <apolyudov@google.com>	Wed Jan 04 03:33:20 2017 +0000
committer	android-build-merger <android-build-merger@google.com>	Wed Jan 04 03:33:20 2017 +0000
tree	8c6fff46279d8b67854dd36f6c771448436aae1c
parent	f456868d8421c0a86a83c83c9c3b5a4c24e6fcf8 [diff]
parent	563ed1672fdddedc7e9475a57ceee6dfdb133950 [diff]