Skip to content
Permalink
Browse files

Properly check for Blob max length

sizeof(mBlob.value) is incorrect because writeBlob pads up to the next
AES_BLOCK_SIZE

Bug:22802399
Change-Id: I377edca2c7ea2cf4455f22f5f927fdad79893729
  • Loading branch information...
chadbrubaker authored and andi34 committed Aug 12, 2015
1 parent 72eade5 commit 269371019ffb84c353e874fd616a884c9e4e6d4b
Showing with 4 additions and 4 deletions.
  1. +4 −4 keystore/keystore.cpp
@@ -412,12 +412,12 @@ class Blob {
public:
Blob(const uint8_t* value, size_t valueLength, const uint8_t* info, uint8_t infoLength,
BlobType type) {
if (valueLength > sizeof(mBlob.value)) {
valueLength = sizeof(mBlob.value);
if (valueLength > VALUE_SIZE) {
valueLength = VALUE_SIZE;
ALOGW("Provided blob length too large");
}
if (infoLength + valueLength > sizeof(mBlob.value)) {
infoLength = sizeof(mBlob.value) - valueLength;
if (infoLength + valueLength > VALUE_SIZE) {
infoLength = VALUE_SIZE - valueLength;
ALOGW("Provided info length too large");
}
mBlob.length = valueLength;

0 comments on commit 2693710

Please sign in to comment.
You can’t perform that action at this time.