Untitled
unknown
plain_text
a month ago
1.4 kB
3
Indexable
Never
Summary There is Null pointer dereference vulnerability in generateServiceKeyV1(). Details cryptoPlatform.c ... int32_t generateServiceKeyV1(struct KeyInfo *keyInfo, const uint8_t *drkBlob, const uint32_t drkBlobLen, uint8_t *serviceBlob, uint32_t *serviceBlobLen, const uint8_t *attrs, const uint32_t attrsLen, KeyType_t keyType) { int32_t ret = NOT_ERROR; ServiceKeyInfo_t serviceKeyInfo; uint8_t plainBlob[MAX_SKM_BUF_SIZE], targetTid[MAX_TID_SIZE]; uint32_t plainBlobLen = sizeof(plainBlob), targetTidLen = sizeof(targetTid); #if (defined USE_QSEE_SFS) const char dirPath[] = COMMON_DIR"/prov_data/"; #endif // End of USE_QSEE_SFS LOGI("%s start...", __func__); if(keyInfo == NULL) { LOGE("%s : Invalid argument.", __func__); return ERR_TA_INVALID_ARGUMENT; } memset(plainBlob, 0, sizeof(plainBlob)); memset(&serviceKeyInfo, 0, sizeof(serviceKeyInfo)); //Null pointer dereference memcpy(serviceKeyInfo.serviceName, keyInfo->serviceName, MAX_SERVICE_NAME); serviceKeyInfo.serviceName[MAX_SERVICE_NAME]='\0'; memcpy(serviceKeyInfo.model, keyInfo->model, sizeof(serviceKeyInfo.model)); memcpy(serviceKeyInfo.serialNo, keyInfo->serialno, sizeof(serviceKeyInfo.serialNo)); serviceKeyInfo.keyLength = keyInfo->keyLen; serviceKeyInfo.keyType = keyType;
Leave a Comment