diff options
author | Shawn Willden <swillden@google.com> | 2015-06-20 09:16:30 -0600 |
---|---|---|
committer | Shawn Willden <swillden@google.com> | 2015-06-22 15:34:23 -0600 |
commit | 0f906ec40f6ade7955c6b967ea522aade54ea2e4 (patch) | |
tree | 17593f61259b566713e099fe750668281b35d444 /hmac_key.cpp | |
parent | b5508298cdb1d42eaf8c81aa8a6ac2cbfdeef3c7 (diff) | |
download | keymaster-0f906ec40f6ade7955c6b967ea522aade54ea2e4.tar.gz |
Add buffer wrap checks and disable throwing of std::bad_alloc.
Android is built with exceptions disabled, but "operator new" and
"operator new[]" still throw std::bad_alloc on failure rather than
returning new. In general this is a good thing, because it will cause
an immediate crash of the process rather than assigning a null pointer
which is probably not checked. But most memory allocations in Keymaster
are checked, because it's written to run in an environment where new
does *not* throw. This CL updates the code to explicitly use the
non-throwing new.
A handful of throwing news remain, but only in places where a crash on
failure is appropriate.
In addition, this CL also inserts buffer wrap checks in key locations
and changes the development-machine Makefile to build in 32-bit mode, to
make memory problems more apparent.
Bug: 21888473
Change-Id: I8ebc5ec12053e4f5274f6f57ce312abc10611cef
Diffstat (limited to 'hmac_key.cpp')
-rw-r--r-- | hmac_key.cpp | 4 |
1 files changed, 3 insertions, 1 deletions
diff --git a/hmac_key.cpp b/hmac_key.cpp index ac6c482..2e814a6 100644 --- a/hmac_key.cpp +++ b/hmac_key.cpp @@ -16,6 +16,8 @@ #include "hmac_key.h" +#include <new> + #include <openssl/err.h> #include <openssl/rand.h> @@ -45,7 +47,7 @@ keymaster_error_t HmacKeyFactory::LoadKey(const KeymasterKeyBlob& key_material, return KM_ERROR_OUTPUT_PARAMETER_NULL; keymaster_error_t error; - key->reset(new HmacKey(key_material, hw_enforced, sw_enforced, &error)); + key->reset(new (std::nothrow) HmacKey(key_material, hw_enforced, sw_enforced, &error)); if (!key->get()) error = KM_ERROR_MEMORY_ALLOCATION_FAILED; return error; |