commit | e63e9163ffdd4f198aaa8dbaba2f01f168e14484 | [log] [tgz] |
---|---|---|
author | Edwin Wong <edwinwong@google.com> | Tue Sep 20 23:07:02 2022 +0000 |
committer | Edwin Wong <edwinwong@google.com> | Tue Sep 20 23:57:56 2022 +0000 |
tree | 23c389c489ed66328d919a64b6b0b2428b759d83 | |
parent | 6edb934c2691521a15b67d8407b5a524aa681ec3 [diff] |
[Fix vulnerability] Must validate input for decrypt. There is a possible out of bounds read in Session::decrypt due to lack of input validation. Poc test is in http://go/ag/20002511 Test: sts-tradefed run sts-dynamic-develop -m StsHostTestCases -t android.security.sts.Bug_244569759#testPocBug_244569759 Bug: 244569759 Change-Id: I493200ba090226b5362d758c5dcc4b81f94d24c0