commit 669a15353130d90213d8c483dd444728f86255d4
author Jim Miller <jaggies@google.com> Wed Aug 17 23:26:57 2016 +0000
committer android-build-merger <android-build-merger@google.com> Wed Aug 17 23:26:57 2016 +0000
tree c08b7bf7ac0ab270680fc9dbda7dcb42865b051d
parent 4fa4b29890a85da661403ac85fad56d21acc093f
parent e3457fc127593ed13040cf246bdfbc3c3bfdecfe

Fix vulnerability in LockSettings service am: 2d71384a13 am: 485fbda04c am: 229de7088e am: cb83f6188b
am: e3457fc127

Change-Id: I1bc40c141498e62cad36acc9568177cb88debc11

services/core/java/com/android/server/LockSettingsService.java

diff --git a/services/core/java/com/android/server/LockSettingsService.java b/services/core/java/com/android/server/LockSettingsService.java
index 2de09a3..a91e205 100644
--- a/services/core/java/com/android/server/LockSettingsService.java
+++ b/services/core/java/com/android/server/LockSettingsService.java
@@ -1222,6 +1222,9 @@
             long challenge, int userId, ICheckCredentialProgressCallback progressCallback)
             throws RemoteException {
        checkPasswordReadPermission(userId);
+       if (TextUtils.isEmpty(pattern)) {
+           throw new IllegalArgumentException("Pattern can't be null or empty");
+       }
        CredentialHash storedHash = mStorage.readPatternHash(userId);
        return doVerifyPattern(pattern, storedHash, hasChallenge, challenge, userId,
                progressCallback);
@@ -1323,6 +1326,9 @@
             long challenge, int userId, ICheckCredentialProgressCallback progressCallback)
             throws RemoteException {
        checkPasswordReadPermission(userId);
+       if (TextUtils.isEmpty(password)) {
+           throw new IllegalArgumentException("Password can't be null or empty");
+       }
        CredentialHash storedHash = mStorage.readPasswordHash(userId);
        return doVerifyPassword(password, storedHash, hasChallenge, challenge, userId,
                progressCallback);