commit 7612fd4d5f477adc7365c98e01c82f374338423c
author Janis Danisevskis <jdanis@google.com> Thu Sep 01 11:50:02 2016 +0100
committer Janis Danisevskis <jdanis@google.com> Thu Sep 01 15:01:33 2016 +0100
tree 1723b2a99d80d33061cf0d9d009411d9c4f7f2df
parent 011675d26cbe4b25c351666407ea2c759ee50d98

Limit the size of the app ID to 1KiB

Change-Id: I4e49bca1126f3a33eb8ab08b803ce1d76a3ff7e0

keystore/key_store_service.cpp

diff --git a/keystore/key_store_service.cpp b/keystore/key_store_service.cpp
index ed30401..a4a211b 100644
--- a/keystore/key_store_service.cpp
+++ b/keystore/key_store_service.cpp
@@ -21,6 +21,7 @@
 #include <fcntl.h>
 #include <sys/stat.h>
 
+#include <algorithm>
 #include <sstream>
 
 #include <binder/IPCThreadState.h>
@@ -1130,6 +1131,8 @@
     return ::NO_ERROR;
 }
 
+constexpr size_t KEY_ATTESTATION_APPLICATION_ID_MAX_SIZE = 1024;
+
 int32_t KeyStoreService::attestKey(const String16& name, const KeymasterArguments& params,
                                    KeymasterCertificateChain* outChain) {
     if (!outChain) return KM_ERROR_OUTPUT_PARAMETER_NULL;
@@ -1169,7 +1172,7 @@
     mutable_params.push_back(
         {.tag = KM_TAG_ATTESTATION_APPLICATION_ID,
          .blob = {asn1_attestation_id.data(),
-                  asn1_attestation_id.size()}});
+                  std::min(asn1_attestation_id.size(), KEY_ATTESTATION_APPLICATION_ID_MAX_SIZE)}});
 
     const keymaster_key_param_set_t in_params = {
         const_cast<keymaster_key_param_t*>(mutable_params.data()), mutable_params.size()};