replicant/frameworks_base - Patches not merged yet, used for building and testing them

diff options

author	rtmitchell@google.com <rtmitchell@google.com>	2018-04-05 17:57:27 -0700
committer	Tim Schumacher <timschumi@gmx.de>	2018-06-19 19:33:06 +0200
commit	59941bdc226a2b779613701f221f76d65ffa40ba (patch)
tree	d4487aa2a0b7c189d102f3a6cdea6cbf888ad797 /keystore
parent	f625911138d99203939ae256a48619b4883bb9cc (diff)
download	frameworks_base-59941bdc226a2b779613701f221f76d65ffa40ba.tar.gz frameworks_base-59941bdc226a2b779613701f221f76d65ffa40ba.tar.bz2 frameworks_base-59941bdc226a2b779613701f221f76d65ffa40ba.zip

ResStringPool: Fix security vulnerability

Adds detection of attacker-modified size and data fields passed to ResStringPool::setTo(). These attacks are modified apks that AAPT would not normally generate. In the rare case this occurs, the installation cannot be allowed to continue. Bug: 71361168 Bug: 71360999 Test: run cts -m CtsAppSecurityHostTestCases \ -t android.appsecurity.cts.CorruptApkTests Change-Id: If7eb93a9e723b16c8a0556fc4e20006aa0391d57 Merged-In: If7eb93a9e723b16c8a0556fc4e20006aa0391d57 (cherry picked from commit 7e54c3f261d81316b75cb734075319108d8bc1d1) CVE-2018-9338, CVE-2018-9340

Diffstat (limited to 'keystore')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: