From 9fae717b24f21c5af72aa36d6eee7f7f620cf0ee Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=E6=9D=8E=E5=B7=8D?= <liwei787@huawei.com>
Date: Tue, 5 Aug 2025 19:38:06 +0800
Subject: [PATCH 1/2] =?UTF-8?q?=E9=98=B2=E6=AD=A2=E5=A0=86=E6=BA=A2?=
 =?UTF-8?q?=E5=87=BA?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Signed-off-by: 李巍 <liwei787@huawei.com>
---
 .../implementation/src/attest/dm_auth_attest_common.cpp    | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/services/implementation/src/attest/dm_auth_attest_common.cpp b/services/implementation/src/attest/dm_auth_attest_common.cpp
index deec44d10..956d73d2e 100644
--- a/services/implementation/src/attest/dm_auth_attest_common.cpp
+++ b/services/implementation/src/attest/dm_auth_attest_common.cpp
@@ -82,6 +82,13 @@ bool ValidateInputJson(const std::string &data)
         LOGE("Invalid certCount value %{public}u", certCount);
         return false;
     }
+    JsonObject jsonArrayObj(JsonCreateType::JSON_CREATE_TYPE_ARRAY);
+    jsonArrayObj.Parse(jsonObject[TAG_CERT].Dump());
+    const uint32_t certSize = jsonArrayObj.Items().size();
+    if (certSize != certCount) {
+        LOGE("certSize = %{public}u is invalid.", certSize);
+        return false;
+    }
     return true;
 }
 
-- 
Gitee


From ec47dee06bc6497809fc634e1ebeb1e44df218fe Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=E6=9D=8E=E5=B7=8D?= <liwei787@huawei.com>
Date: Tue, 5 Aug 2025 21:33:43 +0800
Subject: [PATCH 2/2] =?UTF-8?q?=E5=A0=86=E6=BA=A2=E5=87=BA?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Signed-off-by: 李巍 <liwei787@huawei.com>
---
 services/implementation/src/attest/dm_auth_attest_common.cpp | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/services/implementation/src/attest/dm_auth_attest_common.cpp b/services/implementation/src/attest/dm_auth_attest_common.cpp
index 956d73d2e..16d2f7617 100644
--- a/services/implementation/src/attest/dm_auth_attest_common.cpp
+++ b/services/implementation/src/attest/dm_auth_attest_common.cpp
@@ -101,6 +101,10 @@ bool ValidateInputJson(const std::string &data)
         return false;
     }
     const uint32_t binSize = hexLen / HEX_TO_UINT8;
+    if (binSize > MAX_LEN_PER_CERT) {
+        LOGE("binSize = %{public}u is invalid.", binSize);
+        return false;
+    }
     cert.data = new uint8_t[binSize]{0};
     if (cert.data == nullptr) {
         LOGE("Data allocation failed at index %{public}u", processedIndex);
-- 
Gitee