system/core
| Revision | da6c753a2bbc2b2e5a8809250a38f3fc2019d365 (tree) |
|---|---|
| Time | 2019-07-12 04:08:54 |
| Author | Janis Danisevskis <jdanis@goog...> |
| Commiter | Arjun Garg |
Fix a memory leak in gatekeeper.
In violation to the documentation of GateKeeper::GetAuthTokenKey and
GateKeeper::GetPasswordKey, the implementations in SoftGateKeeper
allocate and return buffers and relinquish ownership causing a memory
leak, because the caller expects the implementation to retain ownership.
Bug: 129768470
Bug: 134557251
Test: gatekeeper-unit-tests
Change-Id: I0af9539d3dcd47dfd1e7d80cdee700ea0c2d6d0f
Merged-In: I0af9539d3dcd47dfd1e7d80cdee700ea0c2d6d0f
(cherry picked from commit 6a9c4e7968e73393110b169b33fb636531fe7fc2)
gatekeeperd/SoftGateKeeper.h (diff)| @@ -58,23 +58,16 @@ public: | ||
| 58 | 58 | virtual ~SoftGateKeeper() { |
| 59 | 59 | } |
| 60 | 60 | |
| 61 | - virtual bool GetAuthTokenKey(const uint8_t **auth_token_key, | |
| 62 | - uint32_t *length) const { | |
| 61 | + virtual bool GetAuthTokenKey(const uint8_t** auth_token_key, uint32_t* length) const { | |
| 63 | 62 | if (auth_token_key == NULL || length == NULL) return false; |
| 64 | - uint8_t *auth_token_key_copy = new uint8_t[SIGNATURE_LENGTH_BYTES]; | |
| 65 | - memcpy(auth_token_key_copy, key_.get(), SIGNATURE_LENGTH_BYTES); | |
| 66 | - | |
| 67 | - *auth_token_key = auth_token_key_copy; | |
| 63 | + *auth_token_key = key_.get(); | |
| 68 | 64 | *length = SIGNATURE_LENGTH_BYTES; |
| 69 | 65 | return true; |
| 70 | 66 | } |
| 71 | 67 | |
| 72 | - virtual void GetPasswordKey(const uint8_t **password_key, uint32_t *length) { | |
| 68 | + virtual void GetPasswordKey(const uint8_t** password_key, uint32_t* length) { | |
| 73 | 69 | if (password_key == NULL || length == NULL) return; |
| 74 | - uint8_t *password_key_copy = new uint8_t[SIGNATURE_LENGTH_BYTES]; | |
| 75 | - memcpy(password_key_copy, key_.get(), SIGNATURE_LENGTH_BYTES); | |
| 76 | - | |
| 77 | - *password_key = password_key_copy; | |
| 70 | + *password_key = key_.get(); | |
| 78 | 71 | *length = SIGNATURE_LENGTH_BYTES; |
| 79 | 72 | } |
| 80 | 73 |
Fork