diff options
| author | Edwin Wong <edwinwong@google.com> | 2021-02-05 12:47:20 -0800 |
|---|---|---|
| committer | Edwin Wong <edwinwong@google.com> | 2021-03-08 23:32:30 -0800 |
| commit | 7e4c587ae32aca644254fa206de5131553975f4b (patch) | |
| tree | 9bc19dedf02f2d852dbde70702971940ff3307fb /identity/support/src/cppbor_parse.cpp | |
| parent | 072cdf233c02d1dc3eb8b2e20498675aea70c21d (diff) | |
[RESTRICT AUTOMERGE] Fix CryptoPlugin use after free vulnerability.
The shared memory buffer used by srcPtr can be freed by another
thread because it is not protected by a mutex. Subsequently,
a use after free AIGABRT can occur in a race condition.
SafetyNet logging is not added to avoid log spamming. The
mutex lock is called to setup for decryption, which is
called frequently.
Test is run on rvc-dev branch, using target_hwasan-userdebug build.
Test: sts
sts-tradefed run sts-engbuild-no-spl-lock -m StsHostTestCases --test android.security.sts.Bug_176495665#testPocBug_176495665
Test: push to device with target_hwasan-userdebug build
adb shell /data/local/tmp/Bug-176495665_sts64
Bug: 176495665
Bug: 176444161
Change-Id: If40e792cf78445a4b2dcce6a7d7905b5342c1724
Diffstat (limited to 'identity/support/src/cppbor_parse.cpp')
0 files changed, 0 insertions, 0 deletions