diff options
author | Jeff Tinker <jtinker@google.com> | 2015-09-21 18:57:36 +0000 |
---|---|---|
committer | Android Git Automerger <android-git-automerger@android.com> | 2015-09-21 18:57:36 +0000 |
commit | 0af5008096c9562f63808e37a60e5df150137526 (patch) | |
tree | 700f844f74c0005e7189792d38e95f41ef7e06b0 | |
parent | 24328843b09dbc5afe69e0834b5c72b277c0f8e6 (diff) | |
parent | 8ba28c840589bcc7fa4dfcb26606748a0c0b7eb5 (diff) | |
download | frameworks_av-0af5008096c9562f63808e37a60e5df150137526.zip frameworks_av-0af5008096c9562f63808e37a60e5df150137526.tar.gz frameworks_av-0af5008096c9562f63808e37a60e5df150137526.tar.bz2 |
am 8ba28c84: am d61dbb36: am 38281f1c: am d386c5be: Merge "Fix heap data leak vulnerability" into klp-dev
* commit '8ba28c840589bcc7fa4dfcb26606748a0c0b7eb5':
Fix heap data leak vulnerability
-rw-r--r-- | drm/common/IDrmManagerService.cpp | 16 |
1 files changed, 10 insertions, 6 deletions
diff --git a/drm/common/IDrmManagerService.cpp b/drm/common/IDrmManagerService.cpp index db41e0b..c235201 100644 --- a/drm/common/IDrmManagerService.cpp +++ b/drm/common/IDrmManagerService.cpp @@ -741,9 +741,11 @@ status_t BpDrmManagerService::decrypt( const status_t status = reply.readInt32(); ALOGV("Return value of decrypt() is %d", status); - const int size = reply.readInt32(); - (*decBuffer)->length = size; - reply.read((void *)(*decBuffer)->data, size); + if (status == NO_ERROR) { + const int size = reply.readInt32(); + (*decBuffer)->length = size; + reply.read((void *)(*decBuffer)->data, size); + } return status; } @@ -1438,9 +1440,11 @@ status_t BnDrmManagerService::onTransact( reply->writeInt32(status); - const int size = decBuffer->length; - reply->writeInt32(size); - reply->write(decBuffer->data, size); + if (status == NO_ERROR) { + const int size = decBuffer->length; + reply->writeInt32(size); + reply->write(decBuffer->data, size); + } clearDecryptHandle(&handle); delete encBuffer; encBuffer = NULL; |