您的位置:首页 > 其它

CTS-testIMemoryElevationOfPrivilegeExploit

2017-03-14 11:42 435 查看 
android.security.cts.IMemoryHeapCorruptionTest
-- testIMemoryElevationOfPrivilegeExploit
fail
junit.framework.AssertionFailedError: Device is vulnerable to bug #26877992!! For more information, refer - https://android.googlesource.com/platform/frameworks/native/+/f3199c228aced7858b75a8070b8358c155ae0149 at junit.framework.Assert.fail(Assert.java:50)


修改方法:

--- a/idh.code/frameworks/native/libs/binder/IMemory.cpp
+++ b/idh.code/frameworks/native/libs/binder/IMemory.cpp
@@ -187,15 +187,26 @@ sp<IMemoryHeap> BpMemory::getMemory(ssize_t* offset, size_t* size) const
if (heap != 0) {
mHeap = interface_cast<IMemoryHeap>(heap);
if (mHeap != 0) {
-                    mOffset = o;
-                    mSize = s;
+                    size_t heapSize = mHeap->getSize();
+                    if (s <= heapSize
+                            && o >= 0
+                            && (static_cast<size_t>(o) <= heapSize - s)) {
+                        mOffset = o;
+                        mSize = s;
+                    } else {
+                        // Hm.
+                        android_errorWriteWithInfoLog(0x534e4554,
+                            "26877992", -1, NULL, 0);
+                        mOffset = 0;
+                        mSize = 0;
+                    }
}
}
}
}
if (offset) *offset = mOffset;
if (size) *size = mSize;
-    return mHeap;
+    return (mSize > 0) ? mHeap : 0;
}
内容来自用户分享和网络整理,不保证内容的准确性,如有侵权内容,可联系管理员处理 点击这里给我发消息
标签: 
相关文章推荐
新的分享
章节导航