diff options
| author | Chad Brubaker <cbrubaker@google.com> | 2015-08-05 18:28:31 +0000 |
|---|---|---|
| committer | Android Git Automerger <android-git-automerger@android.com> | 2015-08-05 18:28:31 +0000 |
| commit | c761a1ed08d110348bdc897804f3ba59d746579f (patch) | |
| tree | c43f050dcdf2079af85a17339db8d8c263fcaf9b | |
| parent | a680a0ca52d252c3a420c4e31752afe12ebbe81c (diff) | |
| parent | 63bc525c24efc3a1f6386a4e0e395a4c70a335ca (diff) | |
| download | android_system_security-c761a1ed08d110348bdc897804f3ba59d746579f.tar.gz android_system_security-c761a1ed08d110348bdc897804f3ba59d746579f.tar.bz2 android_system_security-c761a1ed08d110348bdc897804f3ba59d746579f.zip | |
am 63bc525c: am 853b8d79: am fd1ad379: am 1c73457a: am b124c9e8: Fix unchecked length in Blob creation
* commit '63bc525c24efc3a1f6386a4e0e395a4c70a335ca':
Fix unchecked length in Blob creation
| -rw-r--r-- | keystore/keystore.cpp | 10 |
1 files changed, 9 insertions, 1 deletions
diff --git a/keystore/keystore.cpp b/keystore/keystore.cpp index 8db8dab..bdc7645 100644 --- a/keystore/keystore.cpp +++ b/keystore/keystore.cpp @@ -493,8 +493,16 @@ static const uint8_t CURRENT_BLOB_VERSION = 2; class Blob { public: - Blob(const uint8_t* value, int32_t valueLength, const uint8_t* info, uint8_t infoLength, + Blob(const uint8_t* value, size_t valueLength, const uint8_t* info, uint8_t infoLength, BlobType type) { + if (valueLength > sizeof(mBlob.value)) { + valueLength = sizeof(mBlob.value); + ALOGW("Provided blob length too large"); + } + if (infoLength + valueLength > sizeof(mBlob.value)) { + infoLength = sizeof(mBlob.value) - valueLength; + ALOGW("Provided info length too large"); + } mBlob.length = valueLength; memcpy(mBlob.value, value, valueLength); |