From e8d2835d8ddb980eb8fd52e36bc8507f802fccba Mon Sep 17 00:00:00 2001
From: Janis Danisevskis <jdanis@google.com>
Date: Thu, 14 Mar 2019 13:48:30 -0700
Subject: [PATCH] gatekeeperd: fixed potential nullptr deref

gatekeeperd verifyChallenge may use several pointer parameters
unchecked.

Also fixed broken length parameter check.

Bug: 127909982
Test: Not yet
Change-Id: I708bdc8afcb30f252385e51c4aa4bcefe1ef1045
---
 gatekeeperd/gatekeeperd.cpp | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/gatekeeperd/gatekeeperd.cpp b/gatekeeperd/gatekeeperd.cpp
index 8700c3446..54518193d 100644
--- a/gatekeeperd/gatekeeperd.cpp
+++ b/gatekeeperd/gatekeeperd.cpp
@@ -273,7 +273,8 @@ public:
         }
 
         // can't verify if we're missing either param
-        if ((enrolled_password_handle_length | provided_password_length) == 0)
+        if (enrolled_password_handle == nullptr || provided_password == nullptr ||
+            enrolled_password_handle_length == 0 || provided_password_length == 0)
             return -EINVAL;
 
         int ret;
@@ -322,7 +323,7 @@ public:
 
                 if (ret == 0) {
                     // success! re-enroll with HAL
-                    *request_reenroll = true;
+                    if (request_reenroll != nullptr) *request_reenroll = true;
                 }
             }
         } else {