diff options
| author | Shawn Willden <swillden@google.com> | 2015-06-20 09:16:30 -0600 |
|---|---|---|
| committer | Shawn Willden <swillden@google.com> | 2015-06-22 15:34:23 -0600 |
| commit | 0f906ec40f6ade7955c6b967ea522aade54ea2e4 (patch) | |
| tree | 17593f61259b566713e099fe750668281b35d444 /ecdsa_operation.cpp | |
| parent | b5508298cdb1d42eaf8c81aa8a6ac2cbfdeef3c7 (diff) | |
| download | keymaster-0f906ec40f6ade7955c6b967ea522aade54ea2e4.tar.gz | |
Add buffer wrap checks and disable throwing of std::bad_alloc.
Android is built with exceptions disabled, but "operator new" and
"operator new[]" still throw std::bad_alloc on failure rather than
returning new. In general this is a good thing, because it will cause
an immediate crash of the process rather than assigning a null pointer
which is probably not checked. But most memory allocations in Keymaster
are checked, because it's written to run in an environment where new
does *not* throw. This CL updates the code to explicitly use the
non-throwing new.
A handful of throwing news remain, but only in places where a crash on
failure is appropriate.
In addition, this CL also inserts buffer wrap checks in key locations
and changes the development-machine Makefile to build in 32-bit mode, to
make memory problems more apparent.
Bug: 21888473
Change-Id: I8ebc5ec12053e4f5274f6f57ce312abc10611cef
Diffstat (limited to 'ecdsa_operation.cpp')
| -rw-r--r-- | ecdsa_operation.cpp | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/ecdsa_operation.cpp b/ecdsa_operation.cpp index dcbf73f..89bcfa1 100644 --- a/ecdsa_operation.cpp +++ b/ecdsa_operation.cpp @@ -156,7 +156,8 @@ keymaster_error_t EcdsaSignOperation::Finish(const AuthorizationSet& /* addition if (EVP_DigestSignFinal(&digest_ctx_, output->peek_write(), &siglen) <= 0) return TranslateLastOpenSslError(); } - output->advance_write(siglen); + if (!output->advance_write(siglen)) + return KM_ERROR_UNKNOWN_ERROR; return KM_ERROR_OK; } |