am 0af50080: am 8ba28c84: am d61dbb36: am 38281f1c: am d386c5be: Merge "Fix heap data leak vulnerability" into klp-dev

* commit '0af5008096c9562f63808e37a60e5df150137526': Fix heap data leak vulnerability
2015-09-21 19:06:14 +00:00
parent a323e9c20b 0af5008096
commit 7b642b0854
1 changed files with 10 additions and 6 deletions
--- a/drm/common/IDrmManagerService.cpp
+++ b/drm/common/IDrmManagerService.cpp
@@ -741,9 +741,11 @@ status_t BpDrmManagerService::decrypt(
    const status_t status = reply.readInt32();
    ALOGV("Return value of decrypt() is %d", status);

-    const int size = reply.readInt32();
-    (*decBuffer)->length = size;
-    reply.read((void *)(*decBuffer)->data, size);
+    if (status == NO_ERROR) {
+        const int size = reply.readInt32();
+        (*decBuffer)->length = size;
+        reply.read((void *)(*decBuffer)->data, size);
+    }

    return status;
 }
@@ -1438,9 +1440,11 @@ status_t BnDrmManagerService::onTransact(

        reply->writeInt32(status);

-        const int size = decBuffer->length;
-        reply->writeInt32(size);
-        reply->write(decBuffer->data, size);
+        if (status == NO_ERROR) {
+            const int size = decBuffer->length;
+            reply->writeInt32(size);
+            reply->write(decBuffer->data, size);
+        }

        clearDecryptHandle(&handle);
        delete encBuffer; encBuffer = NULL;