aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authornagendra modadugu <ngm@google.com>2019-04-05 18:33:26 -0700
committernagendra modadugu <ngm@google.com>2019-04-05 18:35:53 -0700
commit00f965be0cdfeeed441eb2a7e7166f8c1998b681 (patch)
treee283e175d986488d4521b937a570219ee15580d4
parentddf67e047a973f6f805cc25e9dc01093c422f3da (diff)
downloadandroid-00f965be0cdfeeed441eb2a7e7166f8c1998b681.tar.gz
keymaster: address UAF bug in attest()
This bug detected by HWSan. Bug: 129562815 Test: builds Change-Id: Ia9ebcd99213cd0d8d954b574b850ca563092d91b Signed-off-by: nagendra modadugu <ngm@google.com>
Diffstat
-rw-r--r--hals/keymaster/KeymasterDevice.cpp8
1 files changed, 4 insertions, 4 deletions
diff --git a/hals/keymaster/KeymasterDevice.cpp b/hals/keymaster/KeymasterDevice.cpp
index cb3d6ff..61614e9 100644
--- a/hals/keymaster/KeymasterDevice.cpp
+++ b/hals/keymaster/KeymasterDevice.cpp
@@ -807,13 +807,13 @@ Return<void> KeymasterDevice::attestKey(
}
vector<hidl_vec<uint8_t> > chain;
+ string attestation_str = ss.str();
{
hidl_vec<uint8_t> attestation_certificate;
attestation_certificate.setToExternal(
- reinterpret_cast<uint8_t*>(
- const_cast<char*>(ss.str().data())),
- ss.str().size(), false);
-
+ reinterpret_cast<uint8_t*>(
+ const_cast<char*>(attestation_str.data())),
+ attestation_str.size(), false);
chain.push_back(std::move(attestation_certificate));
generated by cgit v1.2.3 (git 2.25.1) at 2024-05-27 22:11:46 +0000