commit 9ac7a27ae009692a5f8b630c79017e43e24a37e0
author Chad Brubaker <cbrubaker@google.com> Wed Jun 03 17:22:54 2015 +0000
committer Android (Google) Code Review <android-gerrit@google.com> Wed Jun 03 17:22:54 2015 +0000
tree 311619f021fea50c448e9a9629e3ab97b8bf1ff8
parent 57e106dc183744cdc05c62bea11bc285b3346846
parent 999f1b05261837d6571fa4effa357a9af1d8d01a

Merge "Fix potential use-after-free in hw auth token handling." into mnc-dev

keystore/operation.cpp

diff --git a/keystore/operation.cpp b/keystore/operation.cpp
index 667f456..74d65f6 100644
--- a/keystore/operation.cpp
+++ b/keystore/operation.cpp
@@ -115,11 +115,7 @@
     if (entry == mMap.end()) {
         return false;
     }
-    if (entry->second.authToken.get() != NULL) {
-        *outToken = *entry->second.authToken;
-    } else {
-        *outToken = NULL;
-    }
+    *outToken = entry->second.authToken.get();
     return true;
 }
 
@@ -128,8 +124,8 @@
     if (entry == mMap.end()) {
         return false;
     }
-    entry->second.authToken.reset(new const hw_auth_token_t*);
-    *entry->second.authToken = authToken;
+    entry->second.authToken.reset(new hw_auth_token_t);
+    *entry->second.authToken = *authToken;
     return true;
 }
 

keystore/operation.h

diff --git a/keystore/operation.h b/keystore/operation.h
index fb9583f..07238d1 100644
--- a/keystore/operation.h
+++ b/keystore/operation.h
@@ -71,7 +71,7 @@
         const keymaster1_device_t* device;
         Unique_keymaster_key_characteristics characteristics;
         sp<IBinder> appToken;
-        std::unique_ptr<const hw_auth_token_t*> authToken;
+        std::unique_ptr<hw_auth_token_t> authToken;
     };
     std::map<sp<IBinder>, struct Operation> mMap;
     std::vector<sp<IBinder>> mLru;