2. IT
    3. CTS-testIMemoryElevationOfPrivilegeExploit

    CTS-testIMemoryElevationOfPrivilegeExploit

    xiaoxiao2021-03-25  67
    android.security.cts.IMemoryHeapCorruptionTest -- testIMemoryElevationOfPrivilegeExploit fail junit.framework.AssertionFailedError: Device is vulnerable to bug #26877992!! For more information, refer - https://android.googlesource.com/platform/frameworks/native/+/f3199c228aced7858b75a8070b8358c155ae0149 at junit.framework.Assert.fail(Assert.java:50)

    修改方法:

    --- a/idh.code/frameworks/native/libs/binder/IMemory.cpp +++ b/idh.code/frameworks/native/libs/binder/IMemory.cpp @@ -187,15 +187,26 @@ sp<IMemoryHeap> BpMemory::getMemory(ssize_t* offset, size_t* size) const if (heap != 0) { mHeap = interface_cast<IMemoryHeap>(heap); if (mHeap != 0) { - mOffset = o; - mSize = s; + size_t heapSize = mHeap->getSize(); + if (s <= heapSize + && o >= 0 + && (static_cast<size_t>(o) <= heapSize - s)) { + mOffset = o; + mSize = s; + } else { + // Hm. + android_errorWriteWithInfoLog(0x534e4554, + "26877992", -1, NULL, 0); + mOffset = 0; + mSize = 0; + } } } } } if (offset) *offset = mOffset; if (size) *size = mSize; - return mHeap; + return (mSize > 0) ? mHeap : 0; }
    转载请注明原文地址: https://ju.6miu.com/read-50056.html

    技术

    最新回复(0)