OSDN > Trouver un logiciel > System > OS distribution > Live CD > Android-x86 > SCM > git > frameworks-base > Commit

Android-x86
Fork
external-gbm_gralloc
hardware-powerbtnd
hardware-intel-libva
manifest
device-generic-x86_64
device-generic-common
system-bt
hardware-intel-intel-driver
external-bluetooth-bluedroid
build
device-generic-x86
packages-apps-Camera2
device-viewsonic-viewpad10
packages-apps-Taskbar
packages-apps-Gallery2
system-media
hardware-intel-common-libva
external-vboxguest-linux-modules
system-netd
hardware-intel-common-vaapi
external-swiftshader
external-efibootmgr
device-generic-openthos
packages-apps-Settings
hardware-ril
packages-apps-CMFileManager
packages-apps-Eleven
external-toybox
external-drm_hwcomposer
hardware-libhardware_legacy
system-extras
hardware-libsensors
hardware-liblights
hardware-broadcom-libbt
packages-apps-TSCalibration2
system-core
packages-apps-Bluetooth
device-generic-firmware
device-generic-goldfish
external-s2tc
device-asus
device-amd
device-common
device-hp-tx2500
device-ibm-thinkpad
device-lenovo-s103t
device-tegatech-tegav2
external-srec
external-webkit
external-wpa_supplicant_6
packages-apps-AndroidTerm
packages-apps-FileManager
external-tslib
external-modules-rtl8723au
packages-inputmethods-PinyinIME
sdk
system-bluetooth
hardware-alsa_sound
device-asus-laptop
device-amd-persimmon
development
device-dell-sparta
device-vm-vm
hardware-wacom-input
libcore
packages-apps-Browser
packages-apps-Camera
prebuilt
device-motion-m1400
device-viliv-s5
packages-apps-Superuser
device-asus-eeepc
device-generic-goldfish-opengl
external-mplayer
external-wpa_supplicant
frameworks-policies-base
ndk
packages-apps-Calendar
packages-apps-ConnectBot
packages-apps-Contacts
packages-apps-DeskClock
packages-apps-LIME
packages-apps-Music
packages-providers-DownloadProvider
packages-wallpapers-Basic
packages-wallpapers-MagicSmoke
packages-wallpapers-MusicVisualization
packages-providers-ImProvider
packages-apps-AlarmClock
packages-apps-IM
packages-apps-Launcher
packages-apps-SoundRecorder
external-opencore
vendor-intel-houdini
vendor-samsung-q1u
external-dhcpcd
hardware-menlow-psb
hardware-menlow-ioport
push
external-eject
external-v86d
external-koush-Superuser
external-koush-Widgets
frameworks-native
external-libpciaccess
external-bluetooth-bluez
external-libtruezip
external-stagefright-plugins
external-ntfs-3g
external-parted
hardware-intel-hwcomposer
external-mesa
external-ffmpeg
external-llvm
external-libdrm
external-e2fsprogs
external-bluetooth-glib
hardware-broadcom-wlan
external-drm_gralloc
hardware-gps
external-busybox
kernel
external-alsa-lib
external-alsa-utils
system-vold
frameworks-base
frameworks-av
external-bluetooth-sbc
packages-apps-Trebuchet
dalvik
hardware-x86power
packages-services-Analytics
external-ppp
packages-apps-Launcher3
external-wpa_supplicant_8
hardware-intel-audio_media
hardware-intel-libsensors
hardware-libaudio
hardware-libcamera
external-googleanalytics
hardware-libhardware
hardware-interfaces
bootable-newinstaller
art
external-efivar
hardware-memtrack
system-connectivity-wificond
bionic
external-kernel-drivers
external-drm_framebuffer
external-exfat
external-openssh
external-wireless-tools
external-mksh
external-libffi
external-musl-libc
system-hardware-interfaces
external-minigbm
external-IA-Hardware-Composer
external-drmfb-composer
external-alsa-ucm-conf
external-libncurses
external-llvm-project
system-linkerconfig
Faire un don

R/O
HTTP
SSH
HTTPS

frameworks-base: Commit

frameworks/base

Commit MetaInfo

Révision	906afb4f3641963583a4334bd8291d479b8c844a (tree)
l'heure	2018-08-11 05:28:02
Auteur	Ryan Mitchell <rtmitchell@goog...>
Commiter	android-build-team Robot

Message de Log

Fix DynamicRefTable::load security bug

DynamicRefTables parsed from apks are missing bounds checks that prevent
buffer overflows. This changes verifies the bounds of the header before
attempting to preform operations on the chunk.

Bug: 79488511
Test: run cts -m CtsAppSecurityHostTestCases \

-t android.appsecurity.cts.CorruptApkTests

Change-Id: I02c8ad957da244fce777ac68a482e4e8fa70f846
Merged-In: I02c8ad957da244fce777ac68a482e4e8fa70f846
(cherry picked from commit 18a6ada4aa136da4f50f03fff91d61d448ced195)

Change Summary

modified: libs/androidfw/ResourceTypes.cpp (diff)

Modification

--- a/libs/androidfw/ResourceTypes.cpp

+++ b/libs/androidfw/ResourceTypes.cpp

		@@ -6576,8 +6576,16 @@ status_t ResTable::parsePackage(const ResTable_package* const pkg,
6576	6576	}
6577	6577
6578	6578	} else if (ctype == RES_TABLE_LIBRARY_TYPE) {
	6579	+
6579	6580	if (group->dynamicRefTable.entries().size() == 0) {
6580		- status_t err = group->dynamicRefTable.load((const ResTable_lib_header*) chunk);
	6581	+ const ResTable_lib_header* lib = (const ResTable_lib_header*) chunk;
	6582	+ status_t err = validate_chunk(&lib->header, sizeof(*lib),
	6583	+ endPos, "ResTable_lib_header");
	6584	+ if (err != NO_ERROR) {
	6585	+ return (mError=err);
	6586	+ }
	6587	+
	6588	+ err = group->dynamicRefTable.load(lib);
6581	6589	if (err != NO_ERROR) {
6582	6590	return (mError=err);
6583	6591	}

Afficher sur ancien navigateur de dépôt.