Fix container overflow in CryptAuthKeyCreatorImpl

In CryptAuthKeyCreatorImpl, elements of a flat_map were being erased while the flat_map was still being iterated through. This caused a container overflow ASAN error in http://crrev.com/c/1504121. Verified locally that this CL fixes the ASAN error seen in http://crrev.com/c/1504121, using the same gn args as the linux_chromium_chromeos_asan_rel_ng builder. Bug: 899080 Change-Id: I6f25d795545548ed108e95e2e1ec70f6de20941b Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/1507314Reviewed-by: Kyle Horimoto <khorimoto@chromium.org> Commit-Queue: Josh Nohle <nohle@chromium.org> Cr-Commit-Position: refs/heads/master@{#638694}

Fix container overflow in CryptAuthKeyCreatorImpl
In CryptAuthKeyCreatorImpl, elements of a flat_map were being erased while the flat_map was still being iterated through. This caused a container overflow ASAN error in http://crrev.com/c/1504121. Verified locally that this CL fixes the ASAN error seen in http://crrev.com/c/1504121, using the same gn args as the linux_chromium_chromeos_asan_rel_ng builder. Bug: 899080 Change-Id: I6f25d795545548ed108e95e2e1ec70f6de20941b Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/1507314Reviewed-by: Kyle Horimoto <khorimoto@chromium.org> Commit-Queue: Josh Nohle <nohle@chromium.org> Cr-Commit-Position: refs/heads/master@{#638694}
294678e4 · Josh Nohle · Commit Bot · 8421f880 · 294678e4 · 294678e4
Commit 294678e4 authored Mar 07, 2019 by Josh Nohle Committed by Commit Bot Mar 07, 2019
2 changed files
--- a/chromeos/services/device_sync/cryptauth_key_creator_impl.cc
+++ b/chromeos/services/device_sync/cryptauth_key_creator_impl.cc
@@ -116,9 +116,10 @@ void CryptAuthKeyCreatorImpl::CreateKeys(
  DCHECK(!keys_to_create.empty());

  // Fail if CreateKeys() has already been called.
-  DCHECK(keys_to_create_.empty() && new_keys_.empty() &&
+  DCHECK(num_keys_to_create_ == 0 && new_keys_.empty() &&
         !create_keys_callback_);

+  num_keys_to_create_ = keys_to_create.size();
  keys_to_create_ = keys_to_create;
  server_ephemeral_dh_ = server_ephemeral_dh;
  create_keys_callback_ = std::move(create_keys_callback);
@@ -195,7 +196,7 @@ void CryptAuthKeyCreatorImpl::OnAsymmetricKeyPairGenerated(
    CryptAuthKeyBundle::Name bundle_name,
    const std::string& public_key,
    const std::string& private_key) {
-  DCHECK(keys_to_create_.size() > 0);
+  DCHECK(num_keys_to_create_ > 0);
  DCHECK(!public_key.empty() && !private_key.empty());

  const CryptAuthKeyCreator::CreateKeyData& create_key_data =
@@ -205,8 +206,8 @@ void CryptAuthKeyCreatorImpl::OnAsymmetricKeyPairGenerated(
                        create_key_data.status, create_key_data.type,
                        create_key_data.handle);

-  keys_to_create_.erase(bundle_name);
-  if (keys_to_create_.empty())
+  --num_keys_to_create_;
+  if (num_keys_to_create_ == 0)
    std::move(create_keys_callback_).Run(new_keys_, client_ephemeral_dh_);
 }

@@ -214,7 +215,7 @@ void CryptAuthKeyCreatorImpl::OnSymmetricKeyDerived(
    CryptAuthKeyBundle::Name bundle_name,
    const std::string& symmetric_key,
    const std::string& handle) {
-  DCHECK(keys_to_create_.size() > 0);
+  DCHECK(num_keys_to_create_ > 0);
  DCHECK(!symmetric_key.empty());

  const CryptAuthKeyCreator::CreateKeyData& create_key_data =
@@ -223,8 +224,8 @@ void CryptAuthKeyCreatorImpl::OnSymmetricKeyDerived(
  new_keys_.try_emplace(bundle_name, symmetric_key, create_key_data.status,
                        create_key_data.type, handle);

-  keys_to_create_.erase(bundle_name);
-  if (keys_to_create_.empty())
+  --num_keys_to_create_;
+  if (num_keys_to_create_ == 0)
    std::move(create_keys_callback_).Run(new_keys_, client_ephemeral_dh_);
 }


--- a/chromeos/services/device_sync/cryptauth_key_creator_impl.h
+++ b/chromeos/services/device_sync/cryptauth_key_creator_impl.h
@@ -63,6 +63,7 @@ class CryptAuthKeyCreatorImpl : public CryptAuthKeyCreator {
                             const std::string& symmetric_key,
                             const std::string& handle);

+  size_t num_keys_to_create_ = 0;
  base::flat_map<CryptAuthKeyBundle::Name, CreateKeyData> keys_to_create_;
  base::flat_map<CryptAuthKeyBundle::Name, CryptAuthKey> new_keys_;
  base::Optional<CryptAuthKey> server_ephemeral_dh_;