From 8c63536ded48bf803db9d98d46837bd7fcad9dc0 Mon Sep 17 00:00:00 2001
From: Alexey Polyudov <apolyudov@google.com>
Date: Wed, 7 Sep 2016 18:51:28 -0700
Subject: [PATCH] gatekeeperd: protect from invalid data passed by HAL

Bug: 31349112
Change-Id: I6c0656f85e44054147f8795c98baab7a98f575b9
Signed-off-by: Alexey Polyudov <apolyudov@google.com>
---
 gatekeeperd/gatekeeperd.cpp | 9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)

diff --git a/gatekeeperd/gatekeeperd.cpp b/gatekeeperd/gatekeeperd.cpp
index b4fdab0c5..1cec0fa36 100644
--- a/gatekeeperd/gatekeeperd.cpp
+++ b/gatekeeperd/gatekeeperd.cpp
@@ -169,7 +169,14 @@ public:
                     enrolled_password_handle, enrolled_password_handle_length);
         }
 
-        if (ret == 0) {
+        if (ret == GATEKEEPER_RESPONSE_OK && (*enrolled_password_handle == nullptr ||
+            *enrolled_password_handle_length != sizeof(password_handle_t))) {
+            ret = GATEKEEPER_RESPONSE_ERROR;
+            ALOGE("HAL: password_handle=%p size_of_handle=%" PRIu32 "\n",
+                  *enrolled_password_handle, *enrolled_password_handle_length);
+        }
+
+        if (ret == GATEKEEPER_RESPONSE_OK) {
             gatekeeper::password_handle_t *handle =
                     reinterpret_cast<gatekeeper::password_handle_t *>(*enrolled_password_handle);
             store_sid(uid, handle->user_id);