- 23 Aug, 2016 1 commit
-
-
gitbuildkicker authored
-
- 22 Aug, 2016 39 commits
-
-
Andre Furtado authored
30481342: Security Vulnerability - TOCTOU in MmsProvider allows access to files as phone (radio) uid - DO NOT MERGE am: fd9be337 am: a8ae1375 am: b028c61f -s ours am: 7153a883 -s ours am: 6af14788 am: 2fe0b17c am: fae6fcbf -s ours am: f0694fe1 am: 02506d63 am: 138308b6 am: dd8ccb56 -s ours am: 6e30cd12 am: 899c10a5 Change-Id: I01db64b42d63bc9f11b8b74020a511910b5ff457
-
Andre Furtado authored
30481342: Security Vulnerability - TOCTOU in MmsProvider allows access to files as phone (radio) uid - DO NOT MERGE am: fd9be337 am: a8ae1375 am: b028c61f -s ours am: 7153a883 -s ours am: 6af14788 am: 2fe0b17c am: fae6fcbf -s ours am: f0694fe1 am: 02506d63 am: 138308b6 am: dd8ccb56 -s ours am: 6e30cd12 Change-Id: Ibbfdc44fbeb41ee790735bc85c6cfe16ae744a16
-
Andre Furtado authored
30481342: Security Vulnerability - TOCTOU in MmsProvider allows access to files as phone (radio) uid - DO NOT MERGE am: fd9be337 am: a8ae1375 am: b028c61f -s ours am: 7153a883 -s ours am: 6af14788 am: 2fe0b17c am: fae6fcbf -s ours am: f0694fe1 am: 02506d63 am: 138308b6 am: dd8ccb56 -s ours Change-Id: If99bf13839fdbe4299f5fb406d48547351a9eccb
-
Andre Furtado authored
30481342: Security Vulnerability - TOCTOU in MmsProvider allows access to files as phone (radio) uid - DO NOT MERGE am: fd9be337 am: a8ae1375 am: b028c61f -s ours am: 7153a883 -s ours am: 6af14788 am: 2fe0b17c am: fae6fcbf -s ours am: f0694fe1 am: 02506d63 am: 138308b6 Change-Id: Iba03d4845e2596bbc2540397ddaa566eaca8b7c4
-
Andre Furtado authored
30481342: Security Vulnerability - TOCTOU in MmsProvider allows access to files as phone (radio) uid - DO NOT MERGE am: fd9be337 am: a8ae1375 am: b028c61f -s ours am: 7153a883 -s ours am: 6af14788 am: 2fe0b17c am: fae6fcbf -s ours am: f0694fe1 am: 02506d63 Change-Id: If493cec425928b5c6ee9c8f735cb9899c19cde43
-
Andre Furtado authored
30481342: Security Vulnerability - TOCTOU in MmsProvider allows access to files as phone (radio) uid - DO NOT MERGE am: fd9be337 am: a8ae1375 am: b028c61f -s ours am: 7153a883 -s ours am: 6af14788 am: 2fe0b17c am: fae6fcbf -s ours am: f0694fe1 Change-Id: I402e817c129530d791e2da71e52977f59198c53c
-
Andre Furtado authored
30481342: Security Vulnerability - TOCTOU in MmsProvider allows access to files as phone (radio) uid - DO NOT MERGE am: fd9be337 am: a8ae1375 am: b028c61f -s ours am: 7153a883 -s ours am: 6af14788 am: 2fe0b17c am: fae6fcbf -s ours Change-Id: I286d44e323d782c6b709cca97abe260c91de93b3
-
-
Andre Furtado authored
30481342: Security Vulnerability - TOCTOU in MmsProvider allows access to files as phone (radio) uid - DO NOT MERGE am: 8ce0cad1 -s ours am: c4cded17 am: ba689bea am: e3615f85 -s ours am: e7918d59 am: 7f07953f am: 0b4552fe am: 20eea1d7 -s ours am: 1a6f1e60 am: 032813be Change-Id: I09f38edc57df341ee273ea67a6a96f7d7aece9d1
-
Andre Furtado authored
30481342: Security Vulnerability - TOCTOU in MmsProvider allows access to files as phone (radio) uid - DO NOT MERGE am: 53ff7691 am: 20903846 am: 37e2a4dc -s ours am: 8c659fb2 am: 916c01a5 am: d379a795 am: f393a8dd -s ours am: 412f2f60 am: fe2d5453 Change-Id: I9329e3a12398fba7e233911ff285ce27b0f14b09
-
-
Andre Furtado authored
30481342: Security Vulnerability - TOCTOU in MmsProvider allows access to files as phone (radio) uid - DO NOT MERGE am: 8ce0cad1 -s ours am: c4cded17 am: ba689bea am: e3615f85 -s ours am: e7918d59 am: 7f07953f am: 0b4552fe am: 20eea1d7 -s ours am: 1a6f1e60 Change-Id: I150d7f2ec8085673fd36d64deae1fa1e2ac18839
-
-
Andre Furtado authored
30481342: Security Vulnerability - TOCTOU in MmsProvider allows access to files as phone (radio) uid - DO NOT MERGE am: 53ff7691 am: 20903846 am: 37e2a4dc -s ours am: 8c659fb2 am: 916c01a5 am: d379a795 am: f393a8dd -s ours am: 412f2f60 Change-Id: I5eddf8b0e0738436febb5f09cdefea901700e709
-
Andre Furtado authored
30481342: Security Vulnerability - TOCTOU in MmsProvider allows access to files as phone (radio) uid - DO NOT MERGE am: 8ce0cad1 -s ours am: c4cded17 am: ba689bea am: e3615f85 -s ours am: e7918d59 am: 7f07953f am: 0b4552fe am: 20eea1d7 -s ours Change-Id: I6a1b45e07f6252581492056328f738c2973dbfe6
-
-
-
-
-
-
Andre Furtado authored
30481342: Security Vulnerability - TOCTOU in MmsProvider allows access to files as phone (radio) uid am: 5bc7f968 am: d076dc30 am: a5612a4a am: 30316a95 Change-Id: Ia294fb4a8b8da9607f22eb56173346360df08b66
-
-
-
Andre Furtado authored
30481342: Security Vulnerability - TOCTOU in MmsProvider allows access to files as phone (radio) uid - DO NOT MERGE am: 53ff7691 am: 20903846 am: 37e2a4dc -s ours am: 8c659fb2 Change-Id: Iece1e46af8102faad9dd9f27834b364e1549cb05
-
Andre Furtado authored
30481342: Security Vulnerability - TOCTOU in MmsProvider allows access to files as phone (radio) uid - DO NOT MERGE am: fd9be337 am: a8ae1375 am: b028c61f -s ours am: 7153a883 -s ours Change-Id: I0d8d7cf58297e49273dc05cd2fde9bd45547deb2
-
Andre Furtado authored
30481342: Security Vulnerability - TOCTOU in MmsProvider allows access to files as phone (radio) uid - DO NOT MERGE am: 8ce0cad1 -s ours am: c4cded17 am: ba689bea am: e3615f85 -s ours Change-Id: Ida0e20985c5f674a9fc4c202ed28915cecac4079
-
Andre Furtado authored
30481342: Security Vulnerability - TOCTOU in MmsProvider allows access to files as phone (radio) uid am: 5bc7f968 am: d076dc30 am: a5612a4a Change-Id: I16d859260994ac937a6fbae40e551e1ea6e10a8e
-
Andre Furtado authored
30481342: Security Vulnerability - TOCTOU in MmsProvider allows access to files as phone (radio) uid - DO NOT MERGE am: 53ff7691 am: 20903846 am: 37e2a4dc -s ours Change-Id: I3a555f3404a7b5ce111dc2802b4326f6ad015910
-
Andre Furtado authored
30481342: Security Vulnerability - TOCTOU in MmsProvider allows access to files as phone (radio) uid - DO NOT MERGE am: fd9be337 am: a8ae1375 am: b028c61f -s ours Change-Id: I3c8d4535c9db1a3dc3734ae7ea1e6c4976b3fe16
-
Andre Furtado authored
30481342: Security Vulnerability - TOCTOU in MmsProvider allows access to files as phone (radio) uid - DO NOT MERGE am: fd9be337 am: a8ae1375 Change-Id: I97efa48ee86ca92862b528b0803b0b4c28268e81
-
Andre Furtado authored
30481342: Security Vulnerability - TOCTOU in MmsProvider allows access to files as phone (radio) uid am: 5bc7f968 am: d076dc30 Change-Id: I79733eda87c44b0a2c39cb3dc8d762c6e93609cf
-
Andre Furtado authored
30481342: Security Vulnerability - TOCTOU in MmsProvider allows access to files as phone (radio) uid - DO NOT MERGE am: 8ce0cad1 -s ours am: c4cded17 am: ba689bea Change-Id: I1782e64fb54f8b82a0ef09642d2399c4a315564a
-
Andre Furtado authored
30481342: Security Vulnerability - TOCTOU in MmsProvider allows access to files as phone (radio) uid - DO NOT MERGE am: 53ff7691 am: 20903846 Change-Id: I8fa3907f62dcdb63c29f6770dd0ae0772394c008
-
Andre Furtado authored
30481342: Security Vulnerability - TOCTOU in MmsProvider allows access to files as phone (radio) uid - DO NOT MERGE am: 8ce0cad1 -s ours am: c4cded17 Change-Id: I00d2fe876cf3a0eaaf13e75bf2361edffde6c539
-
Andre Furtado authored
30481342: Security Vulnerability - TOCTOU in MmsProvider allows access to files as phone (radio) uid - DO NOT MERGE am: fd9be337 Change-Id: I6d000dae9b27336a466dfe49b30fe27084ca6943
-
Andre Furtado authored
30481342: Security Vulnerability - TOCTOU in MmsProvider allows access to files as phone (radio) uid - DO NOT MERGE am: 8ce0cad1 -s ours Change-Id: I4dd43e4bbda28ec1ed1dd3bf66a862ce012ce1b4
-
Andre Furtado authored
30481342: Security Vulnerability - TOCTOU in MmsProvider allows access to files as phone (radio) uid am: 5bc7f968 Change-Id: I7ddc3f48ee7d2675739277c13842fb0517f8bc4a
-
Andre Furtado authored
30481342: Security Vulnerability - TOCTOU in MmsProvider allows access to files as phone (radio) uid - DO NOT MERGE am: 53ff7691 Change-Id: Ibb6bf700c22e870c4351c7589fede41fe1f8146b
-
Andre Furtado authored
30481342: Security Vulnerability - TOCTOU in MmsProvider allows access to files as phone (radio) uid Problem: MmsProvider.openFile validated the current _data column in the DB and then called ContentProvider.openFileHelper which was again reading from the DB. A race condition could cause the second DB read to read an updated, malicious value. Fix: instead of doing the first DB check and calling ContentProvider.openFileHelper, we're now just calling MmsProvider.safeOpenFileHelper which does a single check. Test: used the POC provided for this incident. b/30481342 Change-Id: I653129359130b9fae59d4c355320b266c158a698
-
