Improve authorization_set test coverage. Change-Id: I8dd1830db8c19be07cef768c63c9ecfa3e16ae21

commit: 834e80747cbb960f8a4028c5c8604bf5218ecdb9 [log] [tgz]
author: Shawn Willden <swillden@google.com> Sat Aug 09 16:38:53 2014 -0600
committer: Shawn Willden <swillden@google.com> Mon Aug 11 07:34:41 2014 -0600
tree: 138fe45d8e42653e515ea82fafd54ad31c22c4a6
parent: 8d336ae10df66da4c0433f17c2d42e85baea32c5 [diff] [blame]
diff --git a/authorization_set.cpp b/authorization_set.cpp
index 61bfa6a..d147ef3 100644
--- a/authorization_set.cpp
+++ b/authorization_set.cpp

@@ -294,6 +294,13 @@
         return false;
     }
 
+    // Note that the following validation of elements_count is weak, but it prevents allocation of
+    // elems_ arrays which are clearly too large to be reasonable.
+    if (elements_size > end - *buf || elements_count * sizeof(uint32_t) > elements_size) {
+        set_invalid(MALFORMED_DATA);
+        return false;
+    }
+
     elems_ = new keymaster_key_param_t[elements_count];
     if (elems_ == NULL) {
         set_invalid(ALLOCATION_FAILURE);
commit	834e80747cbb960f8a4028c5c8604bf5218ecdb9	[log] [tgz]
author	Shawn Willden <swillden@google.com>	Sat Aug 09 16:38:53 2014 -0600
committer	Shawn Willden <swillden@google.com>	Mon Aug 11 07:34:41 2014 -0600
tree	138fe45d8e42653e515ea82fafd54ad31c22c4a6
parent	8d336ae10df66da4c0433f17c2d42e85baea32c5 [diff] [blame]