Project-1CE/hardware_interfaces - Unnamed repository; edit this file 'description' to name the repository.

diff options

author	Edwin Wong <edwinwong@google.com>	2021-01-27 20:19:32 -0800
committer	Edwin Wong <edwinwong@google.com>	2021-01-29 22:25:00 +0000
commit	072cdf233c02d1dc3eb8b2e20498675aea70c21d (patch)
tree	1122697dc39890e243b7a9800018967a6af9a5bb /identity/support/src/cppbor_parse.cpp
parent	44fa9a5cf077df4dcdbd709f231d56e695366b54 (diff)

[RESTRICT AUTOMERGE] Fix potential decrypt srcPtr overflow.

There is a potential integer overflow to bypass the source base size check in decrypt. The source pointer can then point to the outside of the source buffer, which could potentially leak arbitrary memory content to destination pointer. Test: sts-tradefed sts-tradefed run sts-engbuild-no-spl-lock -m StsHostTestCases --test android.security.sts.Bug_176496160#testPocBug_176496160 Test: push to device with target_hwasan-userdebug build adb shell /data/local/tmp/Bug-17649616064 Bug: 176496160 Bug: 176444786 Change-Id: I5ed8921cbd7120e2f3841de1ea7b73d33539838f

Diffstat (limited to 'identity/support/src/cppbor_parse.cpp')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: