Android-x86
Fork
Donation

  • R/O
  • HTTP
  • SSH
  • HTTPS

system-core: Commit

system/core


Commit MetaInfo

Revision3fa15fd97eff37d424e7f548837a35f3d67400ff (tree)
Time2019-10-16 23:35:22
AuthorChih-Wei Huang <cwhuang@linu...>
CommiterChih-Wei Huang

Log Message

Android 7.1.2 Release 39 (5787804)
-----BEGIN PGP SIGNATURE-----

iF0EABECAB0WIQRDQNE1cO+UXoOBCWTorT+BmrEOeAUCXZfNxgAKCRDorT+BmrEO
eJWVAKCCVE/pU5lwm01w/ZwlVxxFCNhucgCfV6DOtVe2MwvsxHwgU5aARNmySM4=
=aOyO
-----END PGP SIGNATURE-----

Merge tag 'android-7.1.2_r39' into nougat-x86

Android 7.1.2 Release 39 (5787804)

Change Summary

Incremental Difference

--- a/gatekeeperd/SoftGateKeeper.h
+++ b/gatekeeperd/SoftGateKeeper.h
@@ -58,23 +58,16 @@ public:
5858 virtual ~SoftGateKeeper() {
5959 }
6060
61- virtual bool GetAuthTokenKey(const uint8_t **auth_token_key,
62- uint32_t *length) const {
61+ virtual bool GetAuthTokenKey(const uint8_t** auth_token_key, uint32_t* length) const {
6362 if (auth_token_key == NULL || length == NULL) return false;
64- uint8_t *auth_token_key_copy = new uint8_t[SIGNATURE_LENGTH_BYTES];
65- memcpy(auth_token_key_copy, key_.get(), SIGNATURE_LENGTH_BYTES);
66-
67- *auth_token_key = auth_token_key_copy;
63+ *auth_token_key = key_.get();
6864 *length = SIGNATURE_LENGTH_BYTES;
6965 return true;
7066 }
7167
72- virtual void GetPasswordKey(const uint8_t **password_key, uint32_t *length) {
68+ virtual void GetPasswordKey(const uint8_t** password_key, uint32_t* length) {
7369 if (password_key == NULL || length == NULL) return;
74- uint8_t *password_key_copy = new uint8_t[SIGNATURE_LENGTH_BYTES];
75- memcpy(password_key_copy, key_.get(), SIGNATURE_LENGTH_BYTES);
76-
77- *password_key = password_key_copy;
70+ *password_key = key_.get();
7871 *length = SIGNATURE_LENGTH_BYTES;
7972 }
8073
--- a/libnetutils/packet.c
+++ b/libnetutils/packet.c
@@ -219,6 +219,20 @@ int receive_packet(int s, struct dhcp_msg *msg)
219219 * to construct the pseudo header used in the checksum calculation.
220220 */
221221 dhcp_size = ntohs(packet.udp.len) - sizeof(packet.udp);
222+ /*
223+ * check validity of dhcp_size.
224+ * 1) cannot be negative or zero.
225+ * 2) src buffer contains enough bytes to copy
226+ * 3) cannot exceed destination buffer
227+ */
228+ if ((dhcp_size <= 0) ||
229+ ((int)(nread - sizeof(struct iphdr) - sizeof(struct udphdr)) < dhcp_size) ||
230+ ((int)sizeof(struct dhcp_msg) < dhcp_size)) {
231+#if VERBOSE
232+ ALOGD("Malformed Packet");
233+#endif
234+ return -1;
235+ }
222236 saddr = packet.ip.saddr;
223237 daddr = packet.ip.daddr;
224238 nread = ntohs(packet.ip.tot_len);
--- a/libutils/String16.cpp
+++ b/libutils/String16.cpp
@@ -84,6 +84,23 @@ static char16_t* allocFromUTF8(const char* u8str, size_t u8len)
8484 return getEmptyString();
8585 }
8686
87+static char16_t* allocFromUTF16(const char16_t* u16str, size_t u16len) {
88+ if (u16len >= SIZE_MAX / sizeof(char16_t)) {
89+ android_errorWriteLog(0x534e4554, "73826242");
90+ abort();
91+ }
92+
93+ SharedBuffer* buf = SharedBuffer::alloc((u16len + 1) * sizeof(char16_t));
94+ ALOG_ASSERT(buf, "Unable to allocate shared buffer");
95+ if (buf) {
96+ char16_t* str = (char16_t*)buf->data();
97+ memcpy(str, u16str, u16len * sizeof(char16_t));
98+ str[u16len] = 0;
99+ return str;
100+ }
101+ return getEmptyString();
102+}
103+
87104 // ---------------------------------------------------------------------------
88105
89106 String16::String16()
@@ -116,35 +133,9 @@ String16::String16(const String16& o, size_t len, size_t begin)
116133 setTo(o, len, begin);
117134 }
118135
119-String16::String16(const char16_t* o)
120-{
121- size_t len = strlen16(o);
122- SharedBuffer* buf = SharedBuffer::alloc((len+1)*sizeof(char16_t));
123- ALOG_ASSERT(buf, "Unable to allocate shared buffer");
124- if (buf) {
125- char16_t* str = (char16_t*)buf->data();
126- strcpy16(str, o);
127- mString = str;
128- return;
129- }
130-
131- mString = getEmptyString();
132-}
136+String16::String16(const char16_t* o) : mString(allocFromUTF16(o, strlen16(o))) {}
133137
134-String16::String16(const char16_t* o, size_t len)
135-{
136- SharedBuffer* buf = SharedBuffer::alloc((len+1)*sizeof(char16_t));
137- ALOG_ASSERT(buf, "Unable to allocate shared buffer");
138- if (buf) {
139- char16_t* str = (char16_t*)buf->data();
140- memcpy(str, o, len*sizeof(char16_t));
141- str[len] = 0;
142- mString = str;
143- return;
144- }
145-
146- mString = getEmptyString();
147-}
138+String16::String16(const char16_t* o, size_t len) : mString(allocFromUTF16(o, len)) {}
148139
149140 String16::String16(const String8& o)
150141 : mString(allocFromUTF8(o.string(), o.size()))
@@ -206,6 +197,11 @@ status_t String16::setTo(const char16_t* other)
206197
207198 status_t String16::setTo(const char16_t* other, size_t len)
208199 {
200+ if (len >= SIZE_MAX / sizeof(char16_t)) {
201+ android_errorWriteLog(0x534e4554, "73826242");
202+ abort();
203+ }
204+
209205 SharedBuffer* buf = SharedBuffer::bufferFromData(mString)
210206 ->editResize((len+1)*sizeof(char16_t));
211207 if (buf) {
@@ -228,7 +224,12 @@ status_t String16::append(const String16& other)
228224 } else if (otherLen == 0) {
229225 return NO_ERROR;
230226 }
231-
227+
228+ if (myLen >= SIZE_MAX / sizeof(char16_t) - otherLen) {
229+ android_errorWriteLog(0x534e4554, "73826242");
230+ abort();
231+ }
232+
232233 SharedBuffer* buf = SharedBuffer::bufferFromData(mString)
233234 ->editResize((myLen+otherLen+1)*sizeof(char16_t));
234235 if (buf) {
@@ -249,7 +250,12 @@ status_t String16::append(const char16_t* chrs, size_t otherLen)
249250 } else if (otherLen == 0) {
250251 return NO_ERROR;
251252 }
252-
253+
254+ if (myLen >= SIZE_MAX / sizeof(char16_t) - otherLen) {
255+ android_errorWriteLog(0x534e4554, "73826242");
256+ abort();
257+ }
258+
253259 SharedBuffer* buf = SharedBuffer::bufferFromData(mString)
254260 ->editResize((myLen+otherLen+1)*sizeof(char16_t));
255261 if (buf) {
Show on old repository browser