diff options
| author | Chad Brubaker <cbrubaker@google.com> | 2015-08-12 13:40:31 -0700 |
|---|---|---|
| committer | Chad Brubaker <cbrubaker@google.com> | 2015-08-12 14:04:11 -0700 |
| commit | 0d5935262dbbcaf2cf6145529ffd71a728ef4609 (patch) | |
| tree | f481f3c3cdac3573c8557fee6bf64380e37da7cf | |
| parent | b124c9e86a5f8466f527501c6677b4b1b165c0b1 (diff) | |
| download | android_system_security-0d5935262dbbcaf2cf6145529ffd71a728ef4609.tar.gz android_system_security-0d5935262dbbcaf2cf6145529ffd71a728ef4609.tar.bz2 android_system_security-0d5935262dbbcaf2cf6145529ffd71a728ef4609.zip | |
Properly check for Blob max length
sizeof(mBlob.value) is incorrect because writeBlob pads up to the next
AES_BLOCK_SIZE
Bug:22802399
Change-Id: I377edca2c7ea2cf4455f22f5f927fdad79893729
| -rw-r--r-- | keystore/keystore.cpp | 8 |
1 files changed, 4 insertions, 4 deletions
diff --git a/keystore/keystore.cpp b/keystore/keystore.cpp index 031f4c8..64809ad 100644 --- a/keystore/keystore.cpp +++ b/keystore/keystore.cpp @@ -412,12 +412,12 @@ class Blob { public: Blob(const uint8_t* value, size_t valueLength, const uint8_t* info, uint8_t infoLength, BlobType type) { - if (valueLength > sizeof(mBlob.value)) { - valueLength = sizeof(mBlob.value); + if (valueLength > VALUE_SIZE) { + valueLength = VALUE_SIZE; ALOGW("Provided blob length too large"); } - if (infoLength + valueLength > sizeof(mBlob.value)) { - infoLength = sizeof(mBlob.value) - valueLength; + if (infoLength + valueLength > VALUE_SIZE) { + infoLength = VALUE_SIZE - valueLength; ALOGW("Provided info length too large"); } mBlob.length = valueLength; |