diff options
author | Keith Mok <keithmok@google.com> | 2022-08-29 23:26:23 +0000 |
---|---|---|
committer | Hasini Gunasinghe <hasinitg@google.com> | 2022-08-30 22:54:38 +0000 |
commit | d78ef2348cadeb9a707a1b87f98ef4d0b0aac7ab (patch) | |
tree | 1bbc2a3964e8e8350f97b9fdfaaba1220529ed20 | |
parent | 3fc6c4ba987c442afd7bafe63b1736ed55f748e1 (diff) | |
download | keymaster-d78ef2348cadeb9a707a1b87f98ef4d0b0aac7ab.tar.gz |
Fix OOB write in authToken2AidlVecandroid-13.0.0_r82android-13.0.0_r81android-13.0.0_r80android-13.0.0_r74android-13.0.0_r73android-13.0.0_r72android-13.0.0_r66android-13.0.0_r65android-13.0.0_r64android-13.0.0_r60android-13.0.0_r59android-13.0.0_r58android13-qpr3-c-s8-releaseandroid13-qpr3-c-s7-releaseandroid13-qpr3-c-s6-releaseandroid13-qpr3-c-s5-releaseandroid13-qpr3-c-s4-releaseandroid13-qpr3-c-s3-releaseandroid13-qpr3-c-s2-releaseandroid13-qpr3-c-s12-releaseandroid13-qpr3-c-s11-releaseandroid13-qpr3-c-s10-releaseandroid13-qpr3-c-s1-release
The boundary check is wrong
Bug: 242702451
Test: manual
Ignore-AOSP-First: security
Change-Id: I2b312916604e051fa4d8cb6e3e461a1f874bfa6d
(cherry picked from commit 03bd6c29cd9b5cfb9c6bb83d165defc700e0ba7c)
-rw-r--r-- | ng/KeyMintUtils.cpp | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/ng/KeyMintUtils.cpp b/ng/KeyMintUtils.cpp index 45967fd..0d9c324 100644 --- a/ng/KeyMintUtils.cpp +++ b/ng/KeyMintUtils.cpp @@ -108,7 +108,7 @@ vector<uint8_t> authToken2AidlVec(const std::optional<HardwareAuthToken>& token) vector<uint8_t> result; if (!token.has_value()) return result; - if (token->mac.size() < 32) return result; + if (token->mac.size() != 32) return result; result.resize(sizeof(hw_auth_token_t)); auto pos = result.begin(); |