From 61fb94794004e2f5a89ab8d13b80ad11661cb857 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=E7=8E=8B=E5=AE=87=E6=99=96?= <wangyuhui28@huawei.com>
Date: Mon, 9 Jun 2025 06:49:02 +0000
Subject: [PATCH 1/2] =?UTF-8?q?=E5=91=8A=E8=AD=A6=E4=BF=AE=E6=94=B9?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Signed-off-by: 王宇晖 <wangyuhui28@huawei.com>
---
 services/implementation/src/attest/dm_auth_attest_common.cpp | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/services/implementation/src/attest/dm_auth_attest_common.cpp b/services/implementation/src/attest/dm_auth_attest_common.cpp
index 50a43b60a..deec44d10 100644
--- a/services/implementation/src/attest/dm_auth_attest_common.cpp
+++ b/services/implementation/src/attest/dm_auth_attest_common.cpp
@@ -23,6 +23,7 @@ namespace DistributedHardware {
 
 const int32_t MAX_CERT_COUNT = 100;
 constexpr int32_t HEX_TO_UINT8 = 2;
+const int32_t MAX_LEN_PER_CERT = 8192;
 
 AuthAttestCommon::AuthAttestCommon()
 {
@@ -45,8 +46,8 @@ std::string AuthAttestCommon::SerializeDmCertChain(const DmCertChain *chain)
     JsonObject jsonArrayObj(JsonCreateType::JSON_CREATE_TYPE_ARRAY);
     for (uint32_t i = 0; i < chain->certCount; ++i) {
         const DmBlob &blob = chain->cert[i];
-        if (blob.data == nullptr || blob.size == 0) {
-            LOGE("blob data or size is empty.");
+        if (blob.data == nullptr || blob.size == 0 || blob.size > MAX_LEN_PER_CERT) {
+            LOGE("Invalid blob: null data or invalid size.");
             return "{}";
         }
         const uint32_t hexLen = blob.size * HEX_TO_UINT8 + 1; // 2*blob.size + 1
-- 
Gitee


From e8bc7a95514bf04eb55c08199872c38c6a2f217a Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=E7=8E=8B=E5=AE=87=E6=99=96?= <wangyuhui28@huawei.com>
Date: Mon, 9 Jun 2025 06:51:28 +0000
Subject: [PATCH 2/2] =?UTF-8?q?=E5=91=8A=E8=AD=A6=E4=BF=AE=E6=94=B9?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Signed-off-by: 王宇晖 <wangyuhui28@huawei.com>
---
 services/service/src/hichain/hichain_listener.cpp | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/services/service/src/hichain/hichain_listener.cpp b/services/service/src/hichain/hichain_listener.cpp
index b6ffdedb7..1779410c6 100644
--- a/services/service/src/hichain/hichain_listener.cpp
+++ b/services/service/src/hichain/hichain_listener.cpp
@@ -186,7 +186,7 @@ void HichainListener::OnCredentialDeleted(const char *credId, const char *credIn
     uint32_t credType = 0;
     std::string credTypeTag = "credType";
     if (IsInt32(jsonObject, credTypeTag)) {
-        credType = jsonObject[credTypeTag].Get<int32_t>();
+        credType = static_cast<uint32_t>(jsonObject[credTypeTag].Get<int32_t>());
     }
     if (credType != ACCOUNT_SHARED) {
         LOGE("credType %{public}d is invalid.", credType);
-- 
Gitee