Gitiles
Code Review Sign In
review.evervolv.com / android_frameworks_av / b1f8c80d3a0c144407d1bd6b63eb6ac9e90112f2
commitb1f8c80d3a0c144407d1bd6b63eb6ac9e90112f2[log] [tgz]
authorJeff Tinker <jtinker@google.com>Thu Apr 19 16:23:21 2018 -0700
committerJeff Tinker <jtinker@google.com>Thu May 10 23:23:39 2018 +0000
treea97d00e9565b2e7276dafa3aac15b823c952cfc2
parent1ab07d1de9875dab00960d3939d0a00bc2ec5864 [diff]
Fix security vulnerability in CryptoHal

CryptoHal was not checking that the memory heap set by setHeap
was the same one that was actually used for the decrypt call, allowing
the caller to spoof the decrypt call into accessing arbitrary memory.

bug:76221123
test: mediadrmserverpoc included in the bug & GTS media tests
Change-Id: I35214a1a6d0a4b864123e147d1a1adc2377bfbc5
2 files changed
tree: a97d00e9565b2e7276dafa3aac15b823c952cfc2
  1. Android.bp
  2. CleanSpec.mk
  3. MODULE_LICENSE_APACHE2
  4. NOTICE
  5. OWNERS
  6. camera/
  7. cmds/
  8. drm/
  9. include/
  10. media/
  11. packages/
  12. services/
  13. soundtrigger/
  14. tools/