Merge remote-tracking branch 'goog/upstream-pixel18' into pi-dev-uaf-fix

* goog/upstream-pixel18:
  keymaster: address UAF bug in attest()

Bug: 133197843
Bug: 129562815
Test: manual
Change-Id: If990030f5cff02c241a88a51d63bc2b9dbfc365f
Signed-off-by: Garret Kelly <gdk@google.com>
(cherry picked from commit 15361469739d69efba81b06198c01e09581e5d4e)

1 files changed, 4 insertions, 4 deletions

diff --git a/hals/keymaster/KeymasterDevice.cpp b/hals/keymaster/KeymasterDevice.cpp
index cb3d6ff..61614e9 100644
--- a/hals/keymaster/KeymasterDevice.cpp
+++ b/hals/keymaster/KeymasterDevice.cpp
@@ -807,13 +807,13 @@ Return<void> KeymasterDevice::attestKey(
     }
 
     vector<hidl_vec<uint8_t> > chain;
+    string attestation_str = ss.str();
     {
         hidl_vec<uint8_t> attestation_certificate;
         attestation_certificate.setToExternal(
-            reinterpret_cast<uint8_t*>(
-                const_cast<char*>(ss.str().data())),
-            ss.str().size(), false);
-
+                reinterpret_cast<uint8_t*>(
+                        const_cast<char*>(attestation_str.data())),
+                attestation_str.size(), false);
 
         chain.push_back(std::move(attestation_certificate));