ARMmbed
/
mbed-os
mirror of https://github.com/ARMmbed/mbed-os.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Added missing check for replay protection pointer before allocating new variable 

Problem: If a key with write-once flag is being set in a SecureStore without rollback-protection store (i.e. _rbp_kv == NULL), additional memory will be allocated for the variable _ih->key. The memory will not be deleted, though, as the delete in line 434 only happens if a rollback-protection store exists (i.e. _rbp_kv != NULL)

Solution: Only allocate the memory if _rbp_kv != NULL

Contribution is provided on behalf of BIOTRONIK.
pull/15513/head
Matthias Goebel 2024-05-03 10:55:35 +02:00
parent 95fee2f75a
commit 5fc4abe57b
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
storage/kvstore/securestore/source/SecureStore.cpp
View File

@ -290,7 +290,7 @@ int SecureStore::set_start(set_handle_t *handle, const char *key, size_t final_d
goto fail;
}
if (create_flags & (REQUIRE_REPLAY_PROTECTION_FLAG | WRITE_ONCE_FLAG)) {
if (_rbp_kv && (create_flags & (REQUIRE_REPLAY_PROTECTION_FLAG | WRITE_ONCE_FLAG))) {
_ih->key = new char[strlen(key) + 1];
strcpy(_ih->key, key);
}