Fixed unchecked key blob access in attestKey In attestKey we did not check a return value after retrieving a key blob. This results in a segfault if an attestation is requested on a non existent or corrupted key. Bug: 135907940 Bug: 138146601 Change-Id: I1e84d334bb93ac878b63e15a59c35631f9e6e397 Merged-In: I1e84d334bb93ac878b63e15a59c35631f9e6e397

commit: 83aa272cae58ad2be32b946f5d4011abefcb07e8 [log] [tgz]
author: Janis Danisevskis <jdanis@google.com> Wed Jul 10 14:08:06 2019 -0700
committer: Janis Danisevskis <jdanis@google.com> Mon Sep 16 20:17:10 2019 +0000
tree: 295c6cf6010185a210e2f857231c67eb1fdb9b9a
parent: 48a4d0f64a0882959a0a7965131b5ccfd32e153e [diff]
diff --git a/keystore/key_store_service.cpp b/keystore/key_store_service.cpp
index 5e7efab..e1b1a66 100644
--- a/keystore/key_store_service.cpp
+++ b/keystore/key_store_service.cpp

@@ -1039,6 +1039,10 @@
     std::tie(rc, keyBlob, charBlob, lockedEntry) =
         mKeyStore->getKeyForName(name8, callingUid, TYPE_KEYMASTER_10);
 
+    if (!rc.isOk()) {
+        return AIDL_RETURN(rc);
+    }
+
     auto dev = mKeyStore->getDevice(keyBlob);
     auto hidlKey = blob2hidlVec(keyBlob);
     dev->attestKey(
commit	83aa272cae58ad2be32b946f5d4011abefcb07e8	[log] [tgz]
author	Janis Danisevskis <jdanis@google.com>	Wed Jul 10 14:08:06 2019 -0700
committer	Janis Danisevskis <jdanis@google.com>	Mon Sep 16 20:17:10 2019 +0000
tree	295c6cf6010185a210e2f857231c67eb1fdb9b9a
parent	48a4d0f64a0882959a0a7965131b5ccfd32e153e [diff]