Add some "fuzzing" tests for deserialization, and fixes for all of the
problems discovered.
Change-Id: I050344f6c6d0a19b7f3304d23729b4ca71c05042
diff --git a/google_keymaster_utils.cpp b/google_keymaster_utils.cpp
index e478f05..c229f59 100644
--- a/google_keymaster_utils.cpp
+++ b/google_keymaster_utils.cpp
@@ -25,18 +25,15 @@
return retval;
}
-Buffer::~Buffer() {
- delete[] buffer_;
-}
-
bool Buffer::reserve(size_t size) {
if (available_write() < size) {
size_t new_size = buffer_size_ + size - available_write();
uint8_t* new_buffer = new uint8_t[new_size];
if (!new_buffer)
return false;
- memcpy(new_buffer, buffer_ + read_position_, available_read());
- buffer_ = new_buffer;
+ memcpy(new_buffer, buffer_.get() + read_position_, available_read());
+ memset_s(buffer_.get(), 0, buffer_size_);
+ buffer_.reset(new_buffer);
buffer_size_ = new_size;
write_position_ -= read_position_;
read_position_ = 0;
@@ -45,10 +42,9 @@
}
bool Buffer::Reinitialize(size_t size) {
- delete[] buffer_;
-
- buffer_ = new uint8_t[size];
- if (buffer_ == NULL)
+ Clear();
+ buffer_.reset(new uint8_t[size]);
+ if (buffer_.get() == NULL)
return false;
buffer_size_ = size;
read_position_ = 0;
@@ -57,13 +53,12 @@
}
bool Buffer::Reinitialize(const void* data, size_t data_len) {
- delete[] buffer_;
-
- buffer_ = new uint8_t[data_len];
- if (buffer_ == NULL)
+ Clear();
+ buffer_.reset(new uint8_t[data_len]);
+ if (buffer_.get() == NULL)
return false;
buffer_size_ = data_len;
- memcpy(buffer_, data, data_len);
+ memcpy(buffer_.get(), data, data_len);
read_position_ = 0;
write_position_ = buffer_size_;
return true;
@@ -80,7 +75,7 @@
bool Buffer::write(const uint8_t* src, size_t write_length) {
if (available_write() < write_length)
return false;
- memcpy(buffer_ + write_position_, src, write_length);
+ memcpy(buffer_.get() + write_position_, src, write_length);
write_position_ += write_length;
return true;
}
@@ -88,7 +83,7 @@
bool Buffer::read(uint8_t* dest, size_t read_length) {
if (available_read() < read_length)
return false;
- memcpy(dest, buffer_ + read_position_, read_length);
+ memcpy(dest, buffer_.get() + read_position_, read_length);
read_position_ += read_length;
return true;
}
@@ -102,14 +97,25 @@
}
bool Buffer::Deserialize(const uint8_t** buf_ptr, const uint8_t* end) {
- delete[] buffer_;
- if (!copy_size_and_data_from_buf(buf_ptr, end, &buffer_size_, &buffer_))
+ Clear();
+ if (!copy_size_and_data_from_buf(buf_ptr, end, &buffer_size_, &buffer_)) {
+ buffer_.reset();
+ buffer_size_ = 0;
return false;
- read_position_ = 0;
+ }
write_position_ = buffer_size_;
return true;
}
+void Buffer::Clear() {
+ if (buffer_.get())
+ memset_s(buffer_.get(), 0, buffer_size_);
+ buffer_.reset();
+ read_position_ = 0;
+ write_position_ = 0;
+ buffer_size_ = 0;
+}
+
int memcmp_s(const void* p1, const void* p2, size_t length) {
const uint8_t* s1 = static_cast<const uint8_t*>(p1);
const uint8_t* s2 = static_cast<const uint8_t*>(p2);