Add buffer wrap checks and disable throwing of std::bad_alloc.
Android is built with exceptions disabled, but "operator new" and
"operator new[]" still throw std::bad_alloc on failure rather than
returning new. In general this is a good thing, because it will cause
an immediate crash of the process rather than assigning a null pointer
which is probably not checked. But most memory allocations in Keymaster
are checked, because it's written to run in an environment where new
does *not* throw. This CL updates the code to explicitly use the
non-throwing new.
A handful of throwing news remain, but only in places where a crash on
failure is appropriate.
In addition, this CL also inserts buffer wrap checks in key locations
and changes the development-machine Makefile to build in 32-bit mode, to
make memory problems more apparent.
Bug: 21888473
Change-Id: I8ebc5ec12053e4f5274f6f57ce312abc10611cef
diff --git a/ec_keymaster0_key.cpp b/ec_keymaster0_key.cpp
index 25e550a..08e4434 100644
--- a/ec_keymaster0_key.cpp
+++ b/ec_keymaster0_key.cpp
@@ -109,7 +109,8 @@
return KM_ERROR_UNKNOWN_ERROR;
keymaster_error_t error;
- key->reset(new EcKeymaster0Key(ec_key.release(), hw_enforced, sw_enforced, engine_, &error));
+ key->reset(new (std::nothrow)
+ EcKeymaster0Key(ec_key.release(), hw_enforced, sw_enforced, engine_, &error));
if (error != KM_ERROR_OK)
return error;
@@ -132,10 +133,9 @@
return KM_ERROR_UNKNOWN_ERROR;
*size = blob->key_material_size;
- material->reset(new uint8_t[*size]);
+ material->reset(dup_buffer(blob->key_material, *size));
if (!material->get())
return KM_ERROR_MEMORY_ALLOCATION_FAILED;
- memcpy(material->get(), blob->key_material, *size);
return KM_ERROR_OK;
}