diff options
author | Eric Biggers <ebiggers@google.com> | 2023-07-10 21:08:14 +0000 |
---|---|---|
committer | Eric Biggers <ebiggers@google.com> | 2023-08-09 03:47:30 +0000 |
commit | d890ee393b98ef22c6824d1790783e1a8135effc (patch) | |
tree | b928705b81cc4c915a08aeba104b841e9b5269f3 | |
parent | 5aba12faf86c853f397d05ad6d55018a7c72dd5b (diff) | |
download | setupwizard-d890ee393b98ef22c6824d1790783e1a8135effc.tar.gz |
InitialLockSetupHelper: fix chars <=> bytes conversion
InitialLockSetupService and KeyguardManager both expect the lockscreen
credential as a UTF-8 encoded byte[]. Yet, the byte[] being passed in
comes from InitialLockSetupHelper.charSequenceToByteArray(), which just
truncates 'chars' to 'bytes'. Fix this to use a real UTF-8 conversion.
This is necessary for non-ASCII characters in lockscreen credentials to
be correctly rejected. With the truncation bug, a non-ASCII character
could be truncated to an ASCII character and unexpectedly be accepted.
Bug: 219511761
Bug: 232900169
Bug: 243881358
Test: presubmit
Change-Id: I5c00186b3eeffac4f257247b889f8deed6f7a2bf
Merged-In: I5c00186b3eeffac4f257247b889f8deed6f7a2bf
(cherry picked from commit e5e33a76c0cd1c9997a038e1b896d64c8ae4fd5f)
-rw-r--r-- | library/utils/src/com/android/car/setupwizardlib/InitialLockSetupHelper.java | 17 |
1 files changed, 5 insertions, 12 deletions
diff --git a/library/utils/src/com/android/car/setupwizardlib/InitialLockSetupHelper.java b/library/utils/src/com/android/car/setupwizardlib/InitialLockSetupHelper.java index 191ddbc..f4c6385 100644 --- a/library/utils/src/com/android/car/setupwizardlib/InitialLockSetupHelper.java +++ b/library/utils/src/com/android/car/setupwizardlib/InitialLockSetupHelper.java @@ -18,6 +18,8 @@ package com.android.car.setupwizardlib; import com.android.car.setupwizardlib.InitialLockSetupConstants.ValidateLockFlags; +import java.nio.charset.StandardCharsets; + /** * Provides helper methods for the usage of the InitialLockSetupService. */ @@ -54,18 +56,13 @@ public class InitialLockSetupHelper { } /** - * Converts a {@link CharSequence} into an array of bytes. This is for security reasons to avoid - * storing strings in memory. + * Converts a {@link CharSequence} into an array of bytes. */ public static byte[] charSequenceToByteArray(CharSequence chars) { if (chars == null) { return null; } - byte[] byteArray = new byte[chars.length()]; - for (int i = 0; i < chars.length(); i++) { - byteArray[i] = (byte) chars.charAt(i); - } - return byteArray; + return chars.toString().getBytes(StandardCharsets.UTF_8); } /** @@ -75,11 +72,7 @@ public class InitialLockSetupHelper { if (input == null) { return null; } - StringBuffer charSequence = new StringBuffer(); - for (int i = 0; i < input.length; i++) { - charSequence.append((char) input[i]); - } - return charSequence; + return new String(input, StandardCharsets.UTF_8); } /** Return an ASCII-equivalent array of character digits for a numeric byte input. */ |