diff options
author | Matthew Maurer <mmaurer@google.com> | 2019-03-28 14:51:45 -0700 |
---|---|---|
committer | hamzeh <hamzeh@google.com> | 2019-05-10 16:06:33 -0700 |
commit | 0d9bdfd2cbfb2ce13f16c49edb9169e4866d1d57 (patch) | |
tree | 585d447f1a700e4ea33efe52147ded1bc61a717b | |
parent | c8bf0869f15a0e326d72cde41c9e9c8bfb7209cf (diff) | |
download | gatekeeper-0d9bdfd2cbfb2ce13f16c49edb9169e4866d1d57.tar.gz |
Remove potential double freeandroid-security-9.0.0_r76android-security-9.0.0_r75android-security-9.0.0_r74android-security-9.0.0_r73android-security-9.0.0_r72android-security-9.0.0_r71android-security-9.0.0_r70android-security-9.0.0_r69android-security-9.0.0_r68android-security-9.0.0_r67android-security-9.0.0_r66android-security-9.0.0_r65android-security-9.0.0_r64android-security-9.0.0_r63android-security-9.0.0_r62android-9.0.0_r61android-9.0.0_r60android-9.0.0_r59android-9.0.0_r58android-9.0.0_r57android-9.0.0_r56android-9.0.0_r55android-9.0.0_r54android-9.0.0_r53android-9.0.0_r52android-9.0.0_r51android-9.0.0_r50android-9.0.0_r49android-9.0.0_r48security-pi-releasepie-security-release
Janis noticed that GetAuthTokenKey has ownership retained by the
implementer, but the caller in libgatekeeper is delete[]ing it.
Bug: 120610663
Bug: 129768470
Test: gatekeeper-unit-tests, Gatekeeper 1.0 VTS against Trusty
Change-Id: I67171d707706b1ebe5caad47447762144495e28b
(cherry picked from commit 6d2ee18a9af8eb9d8580850e434d21e4481fa36e)
(cherry picked from commit 303e6db4d5fbdd42be5bfda1419c759f8e8e4626)
(cherry picked from commit 9d4b63592231755c52124b2ea7d57ee2b2c35ef6)
-rw-r--r-- | gatekeeper.cpp | 1 |
1 files changed, 0 insertions, 1 deletions
diff --git a/gatekeeper.cpp b/gatekeeper.cpp index 0d19816..fe427bd 100644 --- a/gatekeeper.cpp +++ b/gatekeeper.cpp @@ -241,7 +241,6 @@ void GateKeeper::MintAuthToken(UniquePtr<uint8_t> *auth_token, uint32_t *length, uint32_t hash_len = (uint32_t)((uint8_t *)&token->hmac - (uint8_t *)token); ComputeSignature(token->hmac, sizeof(token->hmac), auth_token_key, key_len, reinterpret_cast<uint8_t *>(token), hash_len); - delete[] auth_token_key; } else { memset(token->hmac, 0, sizeof(token->hmac)); } |