From 4feb8cd28404a5aa8a65cfa8ca00c63816eb0e2a Mon Sep 17 00:00:00 2001 From: josephjang Date: Fri, 3 Jul 2020 17:48:06 +0800 Subject: Keymaster: Fix potential bug in extractUint32()/extractUint64() In deserializeVerificationToken(), we use extractUint64() to extract VerificationToken.challenge. A potential bug was found in extractUint64() that will cause VerificationToken.challenge() incorrect. Bug: 160198696 Merged-In: Ie0d2c0127cc34f1bb90455e4f7869e15e5542173 Change-Id: Ie0d2c0127cc34f1bb90455e4f7869e15e5542173 --- keymaster/4.0/support/keymaster_utils.cpp | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/keymaster/4.0/support/keymaster_utils.cpp b/keymaster/4.0/support/keymaster_utils.cpp index 366cd0e553..bcfa75729a 100644 --- a/keymaster/4.0/support/keymaster_utils.cpp +++ b/keymaster/4.0/support/keymaster_utils.cpp @@ -121,8 +121,8 @@ void appendUint64(std::vector& vec, uint64_t value) { uint64_t extractUint64(const std::vector& data, size_t offset) { uint64_t value = 0; for (size_t n = 0; n < sizeof(uint64_t); n++) { - uint8_t byte = data[offset + n]; - value |= byte << (n * 8); + uint64_t tmp = data[offset + n]; + value |= (tmp << (n * 8)); } return value; } @@ -137,8 +137,8 @@ void appendUint32(std::vector& vec, uint32_t value) { uint32_t extractUint32(const std::vector& data, size_t offset) { uint32_t value = 0; for (size_t n = 0; n < sizeof(uint32_t); n++) { - uint8_t byte = data[offset + n]; - value |= byte << (n * 8); + uint32_t tmp = data[offset + n]; + value |= (tmp << (n * 8)); } return value; } -- cgit v1.2.3