diff --git a/services/implementation/include/attest/dm_auth_attest_common.h b/services/implementation/include/attest/dm_auth_attest_common.h index 2e42f5a8928b85ea615d44f209dc9c47caf33f05..49a635ada3b889e41d147d0ff3a318abe7e429e5 100644 --- a/services/implementation/include/attest/dm_auth_attest_common.h +++ b/services/implementation/include/attest/dm_auth_attest_common.h @@ -52,6 +52,7 @@ public: std::string SerializeDmCertChain(const DmCertChain *chain); bool DeserializeDmCertChain(const std::string &data, DmCertChain *outChain); + void FreeCertChain(DmCertChain *chain); }; } // namespace DistributedHardware } // namespace OHOS diff --git a/services/implementation/include/attest/dm_auth_generate_attest.h b/services/implementation/include/attest/dm_auth_generate_attest.h index 204a577e4d689e4b58d0eaac1345a3195ad46273..b78ce8bd8bcb15e5e3139a1ab29a16fb929decd7 100644 --- a/services/implementation/include/attest/dm_auth_generate_attest.h +++ b/services/implementation/include/attest/dm_auth_generate_attest.h @@ -1,4 +1,4 @@ -/* +/* * Copyright (c) 2025 Huawei Device Co., Ltd. * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. diff --git a/services/implementation/src/attest/dm_auth_attest_common.cpp b/services/implementation/src/attest/dm_auth_attest_common.cpp index 92acee7de5562eb1e5aa36c4103bd95a9b444973..3dc79bf54f3b43de2b5c5031d3f8c6b8384671b9 100644 --- a/services/implementation/src/attest/dm_auth_attest_common.cpp +++ b/services/implementation/src/attest/dm_auth_attest_common.cpp @@ -107,11 +107,17 @@ bool AuthAttestCommon::DeserializeDmCertChain(const std::string &data, DmCertCha const uint32_t certCount = jsonObject[TAG_CERT_COUNT].Get(); JsonObject jsonArrayObj(JsonCreateType::JSON_CREATE_TYPE_ARRAY); jsonArrayObj.Parse(jsonObject[TAG_CERT].Dump()); - DmBlob *certs = new DmBlob[certCount]{0}; + DmBlob *certs = new DmBlob[certCount]; if (certs == nullptr) { LOGE("Memory allocation failed for certs array"); return false; } + if (memset_s(certs, sizeof(DmBlob) * certCount, 0, sizeof(DmBlob) * certCount) != DM_OK) { + LOGE("memset_s failed."); + delete[] certs; + certs = nullptr; + return false; + } bool success = true; uint32_t processedIndex = 0; for (const auto &item : jsonArrayObj.Items()) { @@ -138,5 +144,22 @@ bool AuthAttestCommon::DeserializeDmCertChain(const std::string &data, DmCertCha outChain->certCount = certCount; return true; } + +void AuthAttestCommon::FreeCertChain(DmCertChain *chain) +{ + if (chain == nullptr) { + LOGI("chain is nullptr!"); + return; + } + for (uint32_t i = 0; i < chain->certCount; ++i) { + delete[] chain->cert[i].data; + chain->cert[i].data = nullptr; + chain->cert[i].size = 0; + } + delete[] chain->cert; + chain->cert = nullptr; + chain->certCount = 0; + delete chain; +} } // namespace DistributedHardware } // namespace OHOS \ No newline at end of file diff --git a/services/implementation/src/attest/dm_auth_generate_attest.cpp b/services/implementation/src/attest/dm_auth_generate_attest.cpp index 914c4876e053467c40f3efc28dde287f45452378..96842a5b2ff60b2effdaa548eb5465a631f98907 100644 --- a/services/implementation/src/attest/dm_auth_generate_attest.cpp +++ b/services/implementation/src/attest/dm_auth_generate_attest.cpp @@ -49,6 +49,7 @@ int32_t AuthGenerateAttest::GenerateCertificate(DmCertChain &dmCertChain) return ret; } FreeCertChain(dcmCertChain); + LOGI("Success."); return DM_OK; } @@ -114,7 +115,7 @@ int32_t ValidateInput(const DcmCertChain &dcmCertChain) int32_t CopyCertificates(const DcmCertChain &dcmCertChain, DmBlob *newCertArray, uint32_t &allocatedCerts) { - if (newCertArray == nullptr || newCertArray->length != dcmCertChain.certCount) { + if (newCertArray == nullptr) { LOGE("newCertArray is invalid param."); return ERR_DM_INPUT_PARA_INVALID; } @@ -169,6 +170,10 @@ int32_t AuthGenerateAttest::ConvertDcmCertChainToDmCertChain(const DcmCertChain } dmCertChain.cert = newCertArray; dmCertChain.certCount = dcmCertChain.certCount; + for (uint32_t i = 0; i < dcmCertChain.certCount; ++i) { + delete[] newCertArray[i].data; + } + delete[] newCertArray; return DM_OK; } } // namespace DistributedHardware diff --git a/services/implementation/src/attest/dm_auth_validate_attest.cpp b/services/implementation/src/attest/dm_auth_validate_attest.cpp index a6ff7051dbfcfa3488bea78cce083e03fe71b73e..fdf810b44b01b1924f8c115736ab2efac80ea205 100644 --- a/services/implementation/src/attest/dm_auth_validate_attest.cpp +++ b/services/implementation/src/attest/dm_auth_validate_attest.cpp @@ -21,7 +21,8 @@ namespace OHOS { namespace DistributedHardware { -int32_t ProcessValidationResult(const char *deviceIdHash, char *udidStr, uint64_t randNum, const HksParamSet *outputParam) +int32_t ProcessValidationResult(const char *deviceIdHash, char *udidStr, + uint64_t randNum, const HksParamSet *outputParam) { if (deviceIdHash == nullptr || udidStr == nullptr || outputParam == nullptr) { LOGE("input param is nullptr."); @@ -29,6 +30,10 @@ int32_t ProcessValidationResult(const char *deviceIdHash, char *udidStr, uint64_ } uint32_t cnt = 0; HksBlob *blob = &outputParam->params[cnt].blob; + if (blob == nullptr) { + LOGE("outputParam blob is nullptr"); + return ERR_DM_GET_PARAM_FAILED; + } if (memcpy_s(&randNum, sizeof(uint64_t), blob->data, blob->size) != EOK) { LOGE("memcpy randNum failed"); return ERR_DM_GET_PARAM_FAILED; @@ -39,6 +44,8 @@ int32_t ProcessValidationResult(const char *deviceIdHash, char *udidStr, uint64_ return ERR_DM_GET_PARAM_FAILED; } std::string certDeviceIdHash = Crypto::GetUdidHash(std::string(udidStr)); + LOGI("accesser udidHash=%{public}s, certudidHash=%{public}s", + GetAnonyString(std::string(deviceIdHash)).c_str(), GetAnonyString(certDeviceIdHash).c_str()); if (strcmp(deviceIdHash, certDeviceIdHash.c_str()) != 0) { LOGE("verifyCertificate fail"); return ERR_DM_DESERIAL_CERT_FAILED;