br0kenpixel/ReZygisk
1
0
Fork 0
mirror of https://github.com/PerformanC/ReZygisk.git synced 2025-09-06 06:37:01 +00:00
Code Issues Packages Projects Releases 1 Wiki Activity

fix: memory leak and use-after-free in APatch Zygiskd code

Browse Source 
This commit fixes a memory leak and a user-after-free vulnerability in APatch code of Zygiskd.
This commit is contained in:
ThePedroo
2024-11-08 17:18:49 -03:00
parent 135ebbb9ba
commit c4ab77ed9e
1 changed files with 16 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

24
zygiskd/src/root_impl/apatch.c
View File

@@ -140,13 +140,18 @@ bool apatch_uid_granted_root(uid_t uid) {
} }
for (size_t i = 0; i < config.size; i++) { for (size_t i = 0; i < config.size; i++) {
if (config.configs[i].uid == uid) { if (config.configs[i].uid != uid) continue;
_apatch_free_package_config(&config);
return config.configs[i].root_granted; /* INFO: This allow us to copy the information to avoid use-after-free */
} bool root_granted = config.configs[i].root_granted;
_apatch_free_package_config(&config);
return root_granted;
} }
_apatch_free_package_config(&config);
return false; return false;
} }
@@ -159,11 +164,14 @@ bool apatch_uid_should_umount(uid_t uid) {
} }
for (size_t i = 0; i < config.size; i++) { for (size_t i = 0; i < config.size; i++) {
if (config.configs[i].uid == uid) { if (config.configs[i].uid != uid) continue;
_apatch_free_package_config(&config);
return config.configs[i].umount_needed; /* INFO: This allow us to copy the information to avoid use-after-free */
} bool umount_needed = config.configs[i].umount_needed;
_apatch_free_package_config(&config);
return umount_needed;
} }
_apatch_free_package_config(&config); _apatch_free_package_config(&config);