diff options
author | Chia-chi Yeh <chiachi@android.com> | 2009-12-22 17:02:45 +0800 |
---|---|---|
committer | Chia-chi Yeh <chiachi@android.com> | 2009-12-22 17:26:42 +0800 |
commit | ced66258e11cf87277aa2ceaa02903d1c1f132c9 (patch) | |
tree | 8f4826f017d53bf9aa84d38c539f77b1ac8a49ee /cmds | |
parent | cbc7399f773664fee7246fd5113885fa970960b6 (diff) | |
download | frameworks_native-ced66258e11cf87277aa2ceaa02903d1c1f132c9.zip frameworks_native-ced66258e11cf87277aa2ceaa02903d1c1f132c9.tar.gz frameworks_native-ced66258e11cf87277aa2ceaa02903d1c1f132c9.tar.bz2 |
keystore: Add paddings before checksumming.
Also fix a file descriptor leak when file system is nearly full.
Bug: 2339184
Diffstat (limited to 'cmds')
-rw-r--r-- | cmds/keystore/keystore.c | 23 |
1 files changed, 13 insertions, 10 deletions
diff --git a/cmds/keystore/keystore.c b/cmds/keystore/keystore.c index ba74c78..37155e4 100644 --- a/cmds/keystore/keystore.c +++ b/cmds/keystore/keystore.c @@ -163,19 +163,23 @@ static struct __attribute__((packed)) { static int8_t encrypt_blob(char *name, AES_KEY *aes_key) { uint8_t vector[AES_BLOCK_SIZE]; - int length = blob.length; + int length; int fd; if (read(the_entropy, vector, AES_BLOCK_SIZE) != AES_BLOCK_SIZE) { return SYSTEM_ERROR; } - length += blob.value - blob.digested; + length = (blob.length + blob.value - blob.encrypted) % AES_BLOCK_SIZE; + if (length) { + length = AES_BLOCK_SIZE - length; + } + + length += blob.length + blob.value - blob.digested; blob.length = htonl(blob.length); MD5(blob.digested, length, blob.digest); length += blob.digested - blob.encrypted; - length = (length + AES_BLOCK_SIZE - 1) / AES_BLOCK_SIZE * AES_BLOCK_SIZE; memcpy(vector, blob.vector, AES_BLOCK_SIZE); AES_cbc_encrypt(blob.encrypted, blob.encrypted, length, aes_key, vector, AES_ENCRYPT); @@ -184,11 +188,9 @@ static int8_t encrypt_blob(char *name, AES_KEY *aes_key) length += blob.encrypted - (uint8_t *)&blob; fd = open(".tmp", O_WRONLY | O_TRUNC | O_CREAT, S_IRUSR | S_IWUSR); - if (fd == -1 || write(fd, &blob, length) != length) { - return SYSTEM_ERROR; - } + length -= write(fd, &blob, length); close(fd); - return rename(".tmp", name) ? SYSTEM_ERROR : NO_ERROR; + return (length || rename(".tmp", name)) ? SYSTEM_ERROR : NO_ERROR; } static int8_t decrypt_blob(char *name, AES_KEY *aes_key) @@ -210,14 +212,15 @@ static int8_t decrypt_blob(char *name, AES_KEY *aes_key) AES_cbc_encrypt(blob.encrypted, blob.encrypted, length, aes_key, blob.vector, AES_DECRYPT); length -= blob.digested - blob.encrypted; - if (!memcmp(blob.digest, MD5(blob.digested, length, NULL), - MD5_DIGEST_LENGTH)) { + if (memcmp(blob.digest, MD5(blob.digested, length, NULL), + MD5_DIGEST_LENGTH)) { return VALUE_CORRUPTED; } length -= blob.value - blob.digested; blob.length = ntohl(blob.length); - return (length < blob.length) ? VALUE_CORRUPTED : NO_ERROR; + return (blob.length < 0 || blob.length > length) ? VALUE_CORRUPTED : + NO_ERROR; } /* Here are the actions. Each of them is a function without arguments. All |