Gitiles
Code Review Sign In
gerrit.omnirom.org / android_system_security / 7e6916b6c6019f0f61a4ef757863ca16693128f5^2..7e6916b6c6019f0f61a4ef757863ca16693128f5 / .
commit7e6916b6c6019f0f61a4ef757863ca16693128f5[log] [tgz]
authorChad Brubaker <cbrubaker@google.com>Wed Apr 15 21:42:45 2015 +0000
committerAndroid Git Automerger <android-git-automerger@android.com>Wed Apr 15 21:42:45 2015 +0000
treedd22900a2843f09d5c376e7bac23f9ff39e51cae
parent28bfa10673ae0bef2b9500214510e2beb0d506fd [diff]
parenta1581c4e1778b31d4fd8cfe9a1219b93d5276df2 [diff]
am a1581c4e: am 83ee2e7a: am f1b8f6bf: Merge "Refactor permission and state checking"

* commit 'a1581c4e1778b31d4fd8cfe9a1219b93d5276df2':
  Refactor permission and state checking

diff --git a/keystore/IKeystoreService.cpp b/keystore/IKeystoreService.cpp
index d58f5ec..855790e 100644
--- a/keystore/IKeystoreService.cpp
+++ b/keystore/IKeystoreService.cpp

@@ -30,6 +30,7 @@
 
 namespace android {
 
+const ssize_t MAX_GENERATE_ARGS = 3;
 static keymaster_key_param_t* readParamList(const Parcel& in, size_t* length);
 
 KeystoreArg::KeystoreArg(const void* data, size_t len)
@@ -1418,6 +1419,9 @@
             int32_t argsPresent = data.readInt32();
             if (argsPresent == 1) {
                 ssize_t numArgs = data.readInt32();
+                if (numArgs > MAX_GENERATE_ARGS) {
+                    return BAD_VALUE;
+                }
                 if (numArgs > 0) {
                     for (size_t i = 0; i < (size_t) numArgs; i++) {
                         ssize_t inSize = data.readInt32();

diff --git a/keystore/keystore.cpp b/keystore/keystore.cpp
index 03212ed..2a1641b 100644
--- a/keystore/keystore.cpp
+++ b/keystore/keystore.cpp

@@ -495,6 +495,7 @@
 public:
     Blob(const uint8_t* value, int32_t valueLength, const uint8_t* info, uint8_t infoLength,
             BlobType type) {
+        memset(&mBlob, 0, sizeof(mBlob));
         mBlob.length = valueLength;
         memcpy(mBlob.value, value, valueLength);
 
@@ -515,7 +516,9 @@
         mBlob = b;
     }
 
-    Blob() {}
+    Blob() {
+        memset(&mBlob, 0, sizeof(mBlob));
+    }
 
     const uint8_t* getValue() const {
         return mBlob.value;