Check the proper file for bug 23881715

Fuzion24 · Fuzion24 · commit d9166bae54e0 · 2015-11-16T16:25:38.000-05:00
diff --git a/app/src/main/java/fuzion24/device/vulnerability/vulnerabilities/framework/media/CVE_2015_6608.java b/app/src/main/java/fuzion24/device/vulnerability/vulnerabilities/framework/media/CVE_2015_6608.java
@@ -2,6 +2,7 @@
 
 import android.content.Context;
 import android.os.Build;
+import android.util.Log;
 
 import java.io.ByteArrayOutputStream;
 import java.io.File;
@@ -32,6 +33,8 @@
 
 public class CVE_2015_6608 implements VulnerabilityTest {
 
+    private static final String TAG = "CVE-2015-6608";
+
     @Override
     public String getCVEorID() {
         return "CVE-2015-6608";
@@ -50,6 +53,8 @@ public boolean isVulnerable(Context context) throws Exception {
 
         File softAAClib = new File("/system/lib/libstagefright_soft_aacdec.so");
 
+        File libvorbisidec = new File("/system/lib/libvorbisidec.so");
+
         if(!stagefrightlib.exists() || !stagefrightlib.isFile()){
             throw new Exception("libstagefright.so doesn't exist or is not a file");
         }
@@ -58,6 +63,11 @@ public boolean isVulnerable(Context context) throws Exception {
             throw new Exception("libstagefright_soft_aacdec.so does not exist");
         }
 
+        if(!libvorbisidec.exists()){
+            throw new Exception("libvorbisidec.so does not exist");
+        }
+
+
         ByteArrayOutputStream libStageFrightBAOS = new ByteArrayOutputStream((int)stagefrightlib.length());
         BinaryAssets.copy(new FileInputStream(stagefrightlib), libStageFrightBAOS);
         byte[] libstagefrightSO = libStageFrightBAOS.toByteArray();
@@ -67,15 +77,25 @@ public boolean isVulnerable(Context context) throws Exception {
         BinaryAssets.copy(new FileInputStream(softAAClib), libaacdecBAOS);
         byte[] libaacdecSO = libaacdecBAOS.toByteArray();
 
+        ByteArrayOutputStream libvorbisidecBAOS = new ByteArrayOutputStream((int)libvorbisidec.length());
+        BinaryAssets.copy(new FileInputStream(libvorbisidec), libvorbisidecBAOS);
+        byte[] libvorbisidecSO = libvorbisidecBAOS.toByteArray();
+
+
 
         KMPMatch binMatcher = new KMPMatch();
 
         int indexOf = binMatcher.indexOf(libstagefrightSO, "b/23680780".getBytes());
         boolean libstagefrightVulnerableToBug23680780 = indexOf == -1;
-        indexOf = binMatcher.indexOf(libstagefrightSO, "b/23881715".getBytes());
+        indexOf = binMatcher.indexOf(libvorbisidecSO, "b/23881715".getBytes());
         boolean libstagefrightvulnerableToBug23881715 = indexOf == -1;
         indexOf = binMatcher.indexOf(libaacdecSO, "b/23876444".getBytes());
-        boolean libstagerightVulnerableToBug23876444 = indexOf == -1;
+        boolean libstagefrightVulnerableToBug23876444 = indexOf == -1;
+
+
+        Log.d(TAG, "libstagefrightVulnerableToBug23680780: " + libstagefrightVulnerableToBug23680780);
+        Log.d(TAG, "libstagefrightvulnerableToBug23881715: " + libstagefrightvulnerableToBug23881715);
+        Log.d(TAG, "libstagefrightVulnerableToBug23876444: " + libstagefrightVulnerableToBug23876444);
 
         //Only affects L and M
         if(Build.VERSION.SDK_INT != Build.VERSION_CODES.M && Build.VERSION.SDK_INT != Build.VERSION_CODES.LOLLIPOP){
@@ -84,7 +104,7 @@ public boolean isVulnerable(Context context) throws Exception {
 
         return  libstagefrightVulnerableToBug23680780 ||
                 libstagefrightvulnerableToBug23881715 ||
-                libstagerightVulnerableToBug23876444;
+                libstagefrightVulnerableToBug23876444;
 
     }
 
