Skip to content

GitLab

T
tangled
Commit 294678e4 authored by Josh Nohle's avatar Josh Nohle Committed by Commit Bot
Browse files
Options

Fix container overflow in CryptAuthKeyCreatorImpl 

In CryptAuthKeyCreatorImpl, elements of a flat_map were being erased
while the flat_map was still being iterated through. This caused a
container overflow ASAN error in http://crrev.com/c/1504121.

Verified locally that this CL fixes the ASAN error seen in
http://crrev.com/c/1504121, using the same gn args as the
linux_chromium_chromeos_asan_rel_ng builder.

Bug: 899080
Change-Id: I6f25d795545548ed108e95e2e1ec70f6de20941b
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/1507314Reviewed-by: default avatarKyle Horimoto <khorimoto@chromium.org>
Commit-Queue: Josh Nohle <nohle@chromium.org>
Cr-Commit-Position: refs/heads/master@{#638694}
parent 8421f880
Hide whitespace changes
Inline Side-by-side
Showing with 9 additions and 7 deletions
chromeos/services/device_sync/cryptauth_key_creator_impl.cc
View file @ 294678e4
...@@ -116,9 +116,10 @@ void CryptAuthKeyCreatorImpl::CreateKeys( ...@@ -116,9 +116,10 @@ void CryptAuthKeyCreatorImpl::CreateKeys(
DCHECK(!keys_to_create.empty()); DCHECK(!keys_to_create.empty());
// Fail if CreateKeys() has already been called. // Fail if CreateKeys() has already been called.
DCHECK(keys_to_create_.empty() && new_keys_.empty() && DCHECK(num_keys_to_create_ == 0 && new_keys_.empty() &&
!create_keys_callback_); !create_keys_callback_);
num_keys_to_create_ = keys_to_create.size();
keys_to_create_ = keys_to_create; keys_to_create_ = keys_to_create;
server_ephemeral_dh_ = server_ephemeral_dh; server_ephemeral_dh_ = server_ephemeral_dh;
create_keys_callback_ = std::move(create_keys_callback); create_keys_callback_ = std::move(create_keys_callback);
...@@ -195,7 +196,7 @@ void CryptAuthKeyCreatorImpl::OnAsymmetricKeyPairGenerated( ...@@ -195,7 +196,7 @@ void CryptAuthKeyCreatorImpl::OnAsymmetricKeyPairGenerated(
CryptAuthKeyBundle::Name bundle_name, CryptAuthKeyBundle::Name bundle_name,
const std::string& public_key, const std::string& public_key,
const std::string& private_key) { const std::string& private_key) {
DCHECK(keys_to_create_.size() > 0); DCHECK(num_keys_to_create_ > 0);
DCHECK(!public_key.empty() && !private_key.empty()); DCHECK(!public_key.empty() && !private_key.empty());
const CryptAuthKeyCreator::CreateKeyData& create_key_data = const CryptAuthKeyCreator::CreateKeyData& create_key_data =
...@@ -205,8 +206,8 @@ void CryptAuthKeyCreatorImpl::OnAsymmetricKeyPairGenerated( ...@@ -205,8 +206,8 @@ void CryptAuthKeyCreatorImpl::OnAsymmetricKeyPairGenerated(
create_key_data.status, create_key_data.type, create_key_data.status, create_key_data.type,
create_key_data.handle); create_key_data.handle);
keys_to_create_.erase(bundle_name); --num_keys_to_create_;
if (keys_to_create_.empty()) if (num_keys_to_create_ == 0)
std::move(create_keys_callback_).Run(new_keys_, client_ephemeral_dh_); std::move(create_keys_callback_).Run(new_keys_, client_ephemeral_dh_);
} }
...@@ -214,7 +215,7 @@ void CryptAuthKeyCreatorImpl::OnSymmetricKeyDerived( ...@@ -214,7 +215,7 @@ void CryptAuthKeyCreatorImpl::OnSymmetricKeyDerived(
CryptAuthKeyBundle::Name bundle_name, CryptAuthKeyBundle::Name bundle_name,
const std::string& symmetric_key, const std::string& symmetric_key,
const std::string& handle) { const std::string& handle) {
DCHECK(keys_to_create_.size() > 0); DCHECK(num_keys_to_create_ > 0);
DCHECK(!symmetric_key.empty()); DCHECK(!symmetric_key.empty());
const CryptAuthKeyCreator::CreateKeyData& create_key_data = const CryptAuthKeyCreator::CreateKeyData& create_key_data =
...@@ -223,8 +224,8 @@ void CryptAuthKeyCreatorImpl::OnSymmetricKeyDerived( ...@@ -223,8 +224,8 @@ void CryptAuthKeyCreatorImpl::OnSymmetricKeyDerived(
new_keys_.try_emplace(bundle_name, symmetric_key, create_key_data.status, new_keys_.try_emplace(bundle_name, symmetric_key, create_key_data.status,
create_key_data.type, handle); create_key_data.type, handle);
keys_to_create_.erase(bundle_name); --num_keys_to_create_;
if (keys_to_create_.empty()) if (num_keys_to_create_ == 0)
std::move(create_keys_callback_).Run(new_keys_, client_ephemeral_dh_); std::move(create_keys_callback_).Run(new_keys_, client_ephemeral_dh_);
} }
......
chromeos/services/device_sync/cryptauth_key_creator_impl.h
View file @ 294678e4
...@@ -63,6 +63,7 @@ class CryptAuthKeyCreatorImpl : public CryptAuthKeyCreator { ...@@ -63,6 +63,7 @@ class CryptAuthKeyCreatorImpl : public CryptAuthKeyCreator {
const std::string& symmetric_key, const std::string& symmetric_key,
const std::string& handle); const std::string& handle);
size_t num_keys_to_create_ = 0;
base::flat_map<CryptAuthKeyBundle::Name, CreateKeyData> keys_to_create_; base::flat_map<CryptAuthKeyBundle::Name, CreateKeyData> keys_to_create_;
base::flat_map<CryptAuthKeyBundle::Name, CryptAuthKey> new_keys_; base::flat_map<CryptAuthKeyBundle::Name, CryptAuthKey> new_keys_;
base::Optional<CryptAuthKey> server_ephemeral_dh_; base::Optional<CryptAuthKey> server_ephemeral_dh_;
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment