keymaster: don't shrink input size on updateupstream-master

We should not shrink the input size when: Request size + Input size > OPTEE_KEYMASTER_SEND_BUF_SIZE Otherwise we may return incorrect/unexpected data when we perform an UpdateOperation. Instead we should set the response error to KM_ERROR_INVALID_INPUT_LENGTH and return. Reviewed-by: Joakim Bech <joakim.bech@linaro.org> Signed-off-by: Julien Masson <jmasson@baylibre.com>
author: Julien Masson <jmasson@baylibre.com> 2024-02-29 18:07:42 +0100
committer: Joakim Bech <joakim.bech@linaro.org> 2024-03-05 10:28:43 +0100
commit: d69daa9407d2e2f68c9e7fafdd774e7670226018 (patch)
tree: b761f83a957ec48753e2176fcf633e75c3d66e7d
parent: a7169b05c236ff877547aeb51f50d6a3b7741b63 (diff)
download: apps-upstream-master.tar.gz
1 files changed, 1 insertions, 4 deletions
diff --git a/keymaster/3.0/OpteeKeymaster3Device.cpp b/keymaster/3.0/OpteeKeymaster3Device.cpp
index e923c07..5e7eff3 100644
--- a/keymaster/3.0/OpteeKeymaster3Device.cpp
+++ b/keymaster/3.0/OpteeKeymaster3Device.cpp
@@ -408,12 +408,9 @@ Return<void> OpteeKeymaster3Device::update(uint64_t operationHandle,
     size_t inp_size = input.size();
     size_t ser_size = request.SerializedSize();
 
-    if (ser_size > OPTEE_KEYMASTER_SEND_BUF_SIZE) {
+    if (ser_size + inp_size > OPTEE_KEYMASTER_SEND_BUF_SIZE) {
         response.error = KM_ERROR_INVALID_INPUT_LENGTH;
     } else {
-        if (ser_size + inp_size > OPTEE_KEYMASTER_SEND_BUF_SIZE) {
-            inp_size = OPTEE_KEYMASTER_SEND_BUF_SIZE - ser_size;
-        }
         request.input.Reinitialize(input.data(), inp_size);
 
         impl_->UpdateOperation(request, &response);
author	Julien Masson <jmasson@baylibre.com>	2024-02-29 18:07:42 +0100
committer	Joakim Bech <joakim.bech@linaro.org>	2024-03-05 10:28:43 +0100
commit	d69daa9407d2e2f68c9e7fafdd774e7670226018 (patch)
tree	b761f83a957ec48753e2176fcf633e75c3d66e7d
parent	a7169b05c236ff877547aeb51f50d6a3b7741b63 (diff)
download	apps-upstream-master.tar.gz