diff options
| author | Janis Danisevskis <jdanis@google.com> | 2017-09-20 15:08:49 -0700 |
|---|---|---|
| committer | Janis Danisevskis <jdanis@google.com> | 2017-10-02 09:57:29 -0700 |
| commit | 00f94598c73b9b30a6855862b514dc53789b564c (patch) | |
| tree | c73b2ab3263702d2986b3efb2164bdcd9d3569a3 | |
| parent | 687d8925ffb82902ea678a86aed875451b920b5d (diff) | |
| download | security-00f94598c73b9b30a6855862b514dc53789b564c.tar.gz | |
Fix misnomer and resulting bug in keystore.cpp
On the upgrade path from keystore blobs version 0, the userId was
interpreted as uid which resulted in it being converted to a userId a
second time. This would result in keys belonging to other users
being assigned to the main user.
This patch fixes the bug and the misnomer that lead to the confusion.
Bug: 65851049
Merged-In: I91975310b6140929dcb6820aa8bd4c28b8e5de5e
Change-Id: I91975310b6140929dcb6820aa8bd4c28b8e5de5e
| -rw-r--r-- | keystore/keystore.cpp | 10 |
1 files changed, 5 insertions, 5 deletions
diff --git a/keystore/keystore.cpp b/keystore/keystore.cpp index 8037335f..5451ace3 100644 --- a/keystore/keystore.cpp +++ b/keystore/keystore.cpp @@ -573,7 +573,7 @@ const UserState* KeyStore::getUserStateByUid(uid_t uid) const { } bool KeyStore::upgradeBlob(const char* filename, Blob* blob, const uint8_t oldVersion, - const BlobType type, uid_t uid) { + const BlobType type, uid_t userId) { bool updated = false; uint8_t version = oldVersion; @@ -583,7 +583,7 @@ bool KeyStore::upgradeBlob(const char* filename, Blob* blob, const uint8_t oldVe blob->setType(type); if (type == TYPE_KEY_PAIR) { - importBlobAsKey(blob, filename, uid); + importBlobAsKey(blob, filename, userId); } version = 1; updated = true; @@ -615,7 +615,7 @@ struct BIO_Delete { }; typedef std::unique_ptr<BIO, BIO_Delete> Unique_BIO; -ResponseCode KeyStore::importBlobAsKey(Blob* blob, const char* filename, uid_t uid) { +ResponseCode KeyStore::importBlobAsKey(Blob* blob, const char* filename, uid_t userId) { // We won't even write to the blob directly with this BIO, so const_cast is okay. Unique_BIO b(BIO_new_mem_buf(const_cast<uint8_t*>(blob->getValue()), blob->getLength())); if (b.get() == NULL) { @@ -643,13 +643,13 @@ ResponseCode KeyStore::importBlobAsKey(Blob* blob, const char* filename, uid_t u return ResponseCode::SYSTEM_ERROR; } - ResponseCode rc = importKey(pkcs8key.get(), len, filename, get_user_id(uid), + ResponseCode rc = importKey(pkcs8key.get(), len, filename, userId, blob->isEncrypted() ? KEYSTORE_FLAG_ENCRYPTED : KEYSTORE_FLAG_NONE); if (rc != ResponseCode::NO_ERROR) { return rc; } - return get(filename, blob, TYPE_KEY_PAIR, uid); + return get(filename, blob, TYPE_KEY_PAIR, userId); } void KeyStore::readMetaData() { |