Android security 9.0.0 release 64
Check metadata size in payload.

Detect overflow for unsigned integer addition.

Bug: 113118184
Test: manual test with a hand crafted payload
Change-Id: I0155de49c241c392fb74f3d830ceebdb4174f872
(cherry picked from commit 08769f9c05199f96b257eded926975fd83c6edbf)
(cherry picked from commit 3e9410898d2687d7df3bdb03c6830d3ec428c2c6)
2 files changed
tree: 2e832fa33f6249e11659f1eeae0255fe37fc8b56
  1. binder_bindings/
  2. client_library/
  3. common/
  4. dbus_bindings/
  5. init/
  6. payload_consumer/
  7. payload_generator/
  8. sample_images/
  9. scripts/
  10. update_manager/
  11. update_payload_key/
  12. .gitignore
  13. Android.bp
  14. Android.mk
  15. binder_service_android.cc
  16. binder_service_android.h
  17. binder_service_brillo.cc
  18. binder_service_brillo.h
  19. boot_control_android.cc
  20. boot_control_android.h
  21. boot_control_chromeos.cc
  22. boot_control_chromeos.h
  23. boot_control_chromeos_unittest.cc
  24. boot_control_recovery.cc
  25. boot_control_recovery.h
  26. boot_control_recovery_stub.cc
  27. certificate_checker.cc
  28. certificate_checker.h
  29. certificate_checker_unittest.cc
  30. chrome_browser_proxy_resolver.cc
  31. chrome_browser_proxy_resolver.h
  32. COMMIT-QUEUE.ini
  33. common_service.cc
  34. common_service.h
  35. common_service_unittest.cc
  36. connection_manager.cc
  37. connection_manager.h
  38. connection_manager_android.cc
  39. connection_manager_android.h
  40. connection_manager_interface.h
  41. connection_manager_unittest.cc
  42. connection_utils.cc
  43. connection_utils.h
  44. CPPLINT.cfg
  45. daemon.cc
  46. daemon.h
  47. daemon_state_android.cc
  48. daemon_state_android.h
  49. daemon_state_interface.h
  50. dbus_connection.cc
  51. dbus_connection.h
  52. dbus_service.cc
  53. dbus_service.h
  54. dbus_test_utils.h
  55. fake_file_writer.h
  56. fake_p2p_manager.h
  57. fake_p2p_manager_configuration.h
  58. fake_shill_proxy.cc
  59. fake_shill_proxy.h
  60. fake_system_state.cc
  61. fake_system_state.h
  62. generate_pc_file.sh
  63. hardware_android.cc
  64. hardware_android.h
  65. hardware_chromeos.cc
  66. hardware_chromeos.h
  67. hardware_chromeos_unittest.cc
  68. image_properties.h
  69. image_properties_android.cc
  70. image_properties_android_unittest.cc
  71. image_properties_chromeos.cc
  72. image_properties_chromeos_unittest.cc
  73. libcurl_http_fetcher.cc
  74. libcurl_http_fetcher.h
  75. libupdate_engine-client-test.pc.in
  76. libupdate_engine-client.pc.in
  77. local_coverage_rate
  78. main.cc
  79. metrics_constants.h
  80. metrics_reporter_android.cc
  81. metrics_reporter_android.h
  82. metrics_reporter_interface.h
  83. metrics_reporter_omaha.cc
  84. metrics_reporter_omaha.h
  85. metrics_reporter_omaha_unittest.cc
  86. metrics_reporter_stub.cc
  87. metrics_reporter_stub.h
  88. metrics_utils.cc
  89. metrics_utils.h
  90. metrics_utils_unittest.cc
  91. mock_certificate_checker.h
  92. mock_connection_manager.h
  93. mock_file_writer.h
  94. mock_metrics_reporter.h
  95. mock_omaha_request_params.h
  96. mock_p2p_manager.h
  97. mock_payload_state.h
  98. mock_power_manager.h
  99. mock_proxy_resolver.h
  100. mock_service_observer.h
  101. mock_update_attempter.h
  102. MODULE_LICENSE_APACHE2
  103. network_selector.h
  104. network_selector_android.cc
  105. network_selector_android.h
  106. network_selector_interface.h
  107. network_selector_stub.cc
  108. network_selector_stub.h
  109. NOTICE
  110. omaha_request_action.cc
  111. omaha_request_action.h
  112. omaha_request_action_unittest.cc
  113. omaha_request_params.cc
  114. omaha_request_params.h
  115. omaha_request_params_unittest.cc
  116. omaha_response.h
  117. omaha_response_handler_action.cc
  118. omaha_response_handler_action.h
  119. omaha_response_handler_action_unittest.cc
  120. omaha_utils.cc
  121. omaha_utils.h
  122. omaha_utils_unittest.cc
  123. OWNERS
  124. p2p_manager.cc
  125. p2p_manager.h
  126. p2p_manager_unittest.cc
  127. parcelable_update_engine_status.cc
  128. parcelable_update_engine_status.h
  129. parcelable_update_engine_status_unittest.cc
  130. payload_state.cc
  131. payload_state.h
  132. payload_state_interface.h
  133. payload_state_unittest.cc
  134. power_manager_android.cc
  135. power_manager_android.h
  136. power_manager_chromeos.cc
  137. power_manager_chromeos.h
  138. power_manager_interface.h
  139. PRESUBMIT.cfg
  140. PREUPLOAD.cfg
  141. proxy_resolver.cc
  142. proxy_resolver.h
  143. proxy_resolver_unittest.cc
  144. pylintrc
  145. real_system_state.cc
  146. real_system_state.h
  147. run_unittests
  148. sample_omaha_v3_response.xml
  149. service_delegate_android_interface.h
  150. service_observer_interface.h
  151. shill_proxy.cc
  152. shill_proxy.h
  153. shill_proxy_interface.h
  154. sideload_main.cc
  155. system_state.h
  156. tar_bunzip2.gypi
  157. test_http_server.cc
  158. test_subprocess.cc
  159. testrunner.cc
  160. unittest_key.pem
  161. unittest_key2.pem
  162. update_attempter.cc
  163. update_attempter.h
  164. update_attempter_android.cc
  165. update_attempter_android.h
  166. update_attempter_android_unittest.cc
  167. update_attempter_unittest.cc
  168. update_engine-client.gyp
  169. update_engine.conf
  170. update_engine.gyp
  171. update_engine.rc
  172. update_engine_client.cc
  173. update_engine_client_android.cc
  174. update_metadata.proto
  175. update_status_utils.cc
  176. update_status_utils.h
  177. UpdateEngine.conf
  178. utils_android.cc
  179. utils_android.h
  180. WATCHLISTS