identity: Fix "possible" overflow when converting current time to milliseconds.

On ubsan targets an overflow bug caused credstore to fail when
converting current time since the Epoch to milliseconds. Fix this by
using __builtin_mul_overflow() which detects overflow and bail if that
were to happen. The error path is not going to get hit until for
another 292 million years at which time credstore may or may not be
around but better safe than sorry.

Test: atest VtsHalIdentityTargetTest
Test: atest android.security.identity.cts
Bug: 262860870
Bug: 262910256
Bug: 264728880
Bug: 264729215
Change-Id: I5efb036f078cae9e4e03406bbdf4ce66572ad716

1 files changed, 7 insertions, 3 deletions

diff --git a/identity/CredentialData.cpp b/identity/CredentialData.cpp
index fb083333..1bf1527b 100644
--- a/identity/CredentialData.cpp
+++ b/identity/CredentialData.cpp
@@ -581,13 +581,17 @@ CredentialData::getAuthKeysNeedingCertification(const sp<IIdentityCredential>& h
 
     vector<vector<uint8_t>> keysNeedingCert;
 
-    int64_t nowMilliSeconds =
-        std::chrono::system_clock::to_time_t(std::chrono::system_clock::now()) * 1000;
+    time_t now = std::chrono::system_clock::to_time_t(std::chrono::system_clock::now());
+    int64_t nowMilliseconds;
+    if (__builtin_mul_overflow(int64_t(now), int64_t(1000), &nowMilliseconds)) {
+        LOG(ERROR) << "Overflow converting " << now << " to milliseconds";
+        return {};
+    }
 
     for (AuthKeyData& data : authKeyDatas_) {
         bool keyExceedUseCount = (data.useCount >= maxUsesPerKey_);
         int64_t expirationDateAdjusted = data.expirationDateMillisSinceEpoch - minValidTimeMillis_;
-        bool keyBeyondAdjustedExpirationDate = (nowMilliSeconds > expirationDateAdjusted);
+        bool keyBeyondAdjustedExpirationDate = (nowMilliseconds > expirationDateAdjusted);
         bool newKeyNeeded =
             (data.certificate.size() == 0) || keyExceedUseCount || keyBeyondAdjustedExpirationDate;
         bool certificationPending = (data.pendingCertificate.size() > 0);