Limit dup_buffer to 16 MiB allocations.
Bug: 21888473
Change-Id: I14c658f5c57bd551e4d136b7d6146b8efdfacf27
diff --git a/android_keymaster_utils.cpp b/android_keymaster_utils.cpp
index b0f3ad2..053e72a 100644
--- a/android_keymaster_utils.cpp
+++ b/android_keymaster_utils.cpp
@@ -20,7 +20,13 @@
namespace keymaster {
+// Keymaster never manages enormous buffers, so anything particularly large is bad data or the
+// result of a bug. We arbitrarily set a 16 MiB limit.
+const size_t kMaxDupBufferSize = 16 * 1024 * 1024;
+
uint8_t* dup_buffer(const void* buf, size_t size) {
+ if (size >= kMaxDupBufferSize)
+ return nullptr;
uint8_t* retval = new (std::nothrow) uint8_t[size];
if (retval)
memcpy(retval, buf, size);
diff --git a/key_blob_test.cpp b/key_blob_test.cpp
index 20349c0..1e590f0 100644
--- a/key_blob_test.cpp
+++ b/key_blob_test.cpp
@@ -328,29 +328,33 @@
TEST_F(KeyBlobTest, UnderflowTest) {
uint8_t buf[0];
keymaster_key_blob_t blob = {buf, 0};
- KeymasterKeyBlob key_blob1(blob);
- EXPECT_NE(nullptr, key_blob1.key_material);
- EXPECT_EQ(0U, key_blob1.key_material_size);
+ KeymasterKeyBlob key_blob(blob);
+ EXPECT_NE(nullptr, key_blob.key_material);
+ EXPECT_EQ(0U, key_blob.key_material_size);
EXPECT_EQ(KM_ERROR_INVALID_KEY_BLOB,
- DeserializeIntegrityAssuredBlob(key_blob1, hidden_, &key_material_, &hw_enforced_,
+ DeserializeIntegrityAssuredBlob(key_blob, hidden_, &key_material_, &hw_enforced_,
&sw_enforced_));
EXPECT_EQ(KM_ERROR_INVALID_KEY_BLOB,
- DeserializeAuthEncryptedBlob(key_blob1, &ciphertext_, &hw_enforced_, &sw_enforced_,
+ DeserializeAuthEncryptedBlob(key_blob, &ciphertext_, &hw_enforced_, &sw_enforced_,
&nonce_, &tag_));
+}
- blob.key_material_size = UINT32_MAX;
- KeymasterKeyBlob key_blob2(blob);
- EXPECT_EQ(nullptr, key_blob2.key_material);
- EXPECT_EQ(0U, key_blob2.key_material_size);
+TEST_F(KeyBlobTest, DupBufferToolarge) {
+ uint8_t buf[0];
+ keymaster_key_blob_t blob = {buf, 0};
+ blob.key_material_size = 16 * 1024 * 1024 + 1;
+ KeymasterKeyBlob key_blob(blob);
+ EXPECT_EQ(nullptr, key_blob.key_material);
+ EXPECT_EQ(0U, key_blob.key_material_size);
ASSERT_EQ(KM_ERROR_INVALID_KEY_BLOB,
- DeserializeIntegrityAssuredBlob(key_blob2, hidden_, &key_material_, &hw_enforced_,
+ DeserializeIntegrityAssuredBlob(key_blob, hidden_, &key_material_, &hw_enforced_,
&sw_enforced_));
EXPECT_EQ(KM_ERROR_INVALID_KEY_BLOB,
- DeserializeAuthEncryptedBlob(key_blob2, &ciphertext_, &hw_enforced_, &sw_enforced_,
+ DeserializeAuthEncryptedBlob(key_blob, &ciphertext_, &hw_enforced_, &sw_enforced_,
&nonce_, &tag_));
}