Skip to content

SecureStore: Add missing check for rollback-protection pointer before allocating memory #15513

New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

#

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Jump to bottom
Merged
merged 1 commit into from
Jun 8, 2024
Merged

SecureStore: Add missing check for rollback-protection pointer before allocating memory #15513

merged 1 commit into from
Jun 8, 2024

Conversation

mattgbio
Copy link
Contributor

@mattgbio mattgbio commented May 7, 2024
edited
Loading

Summary of changes

Problem: If a key with write-once flag is being set in a SecureStore without rollback-protection store (i.e. _rbp_kv == NULL), additional memory will be allocated for the variable _ih->key. The memory will not be deleted, though, as the delete in line 434 only happens if a rollback-protection store exists (i.e. _rbp_kv != NULL)

Solution: Only allocate the memory if _rbp_kv != NULL

Contribution is provided on behalf of BIOTRONIK.

Impact of changes

Migration actions required

Documentation

None

Pull request type 

[X] Patch update (Bug fix / Target update / Docs update / Test update / Refactor)
[] Feature update (New feature / Functionality change / New API)
[] Major update (Breaking change E.g. Return code change / API behaviour change)

Test results 

[X] No Tests required for this change (E.g docs only update)
[] Covered by existing mbed-os tests (Greentea or Unittest)
[] Tests / results supplied as part of this PR

Reviewers

@mattgbio mattgbio changed the title Added missing check for rollback-protection pointer before allocating memory SecureStore: Added missing check for rollback-protection pointer before allocating memory May 7, 2024
@mattgbio mattgbio changed the title SecureStore: Added missing check for rollback-protection pointer before allocating memory SecureStore: Add missing check for rollback-protection pointer before allocating memory May 7, 2024
@0xc0170
Copy link
Contributor

0xc0170 commented May 15, 2024

Please add details to the commit message as well (from the description here).

@mattgbio
Added missing check for replay protection pointer before allocating n…
5fc4abe 
…ew variable

Problem: If a key with write-once flag is being set in a SecureStore without rollback-protection store (i.e. _rbp_kv == NULL), additional memory will be allocated for the variable _ih->key. The memory will not be deleted, though, as the delete in line 434 only happens if a rollback-protection store exists (i.e. _rbp_kv != NULL)

Solution: Only allocate the memory if _rbp_kv != NULL

Contribution is provided on behalf of BIOTRONIK.
@mattgbio mattgbio force-pushed the check-rbp-SecureStore branch from c26dede to 5fc4abe Compare May 16, 2024 08:52
@0xc0170 0xc0170 added needs: CI release-type: patch Indentifies a PR as containing just a patch labels May 21, 2024
@mbed-ci
Copy link

mbed-ci commented May 27, 2024

Jenkins CI Test : ❌ FAILED

Build Number: 1 | 🔒 Jenkins CI Job | 🌐 Logs & Artifacts

CLICK for Detailed Summary

jobs Status
jenkins-ci/mbed-os-ci_build-cloud-example-ARM ✔️
jenkins-ci/mbed-os-ci_build-cloud-example-GCC_ARM ✔️
jenkins-ci/mbed-os-ci_unittests ✔️
jenkins-ci/mbed-os-ci_build-greentea-GCC_ARM ✔️
jenkins-ci/mbed-os-ci_build-example-ARM ✔️
jenkins-ci/mbed-os-ci_build-greentea-ARM ✔️
jenkins-ci/mbed-os-ci_build-example-GCC_ARM ✔️
jenkins-ci/mbed-os-ci_greentea-test

@mergify mergify bot added needs: work and removed needs: CI labels May 27, 2024
@0xc0170 0xc0170 merged commit e3d2c56 into ARMmbed:master Jun 8, 2024
18 of 20 checks passed
@mergify mergify bot removed the ready for merge label Jun 8, 2024
@multiplemonomials multiplemonomials mentioned this pull request Jul 20, 2024
Merged
# for free to join this conversation on GitHub. Already have an account? # to comment
Reviewers

@0xc0170 0xc0170 0xc0170 approved these changes

Assignees
No one assigned
Labels
release-type: patch Indentifies a PR as containing just a patch
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@mattgbio @0xc0170 @mbed-ci