Added missing check for replay protection pointer before allocating n…

…ew variable Problem: If a key with write-once flag is being set in a SecureStore without rollback-protection store (i.e. _rbp_kv == NULL), additional memory will be allocated for the variable _ih->key. The memory will not be deleted, though, as the delete in line 434 only happens if a rollback-protection store exists (i.e. _rbp_kv != NULL) Solution: Only allocate the memory if _rbp_kv != NULL Contribution is provided on behalf of BIOTRONIK.
ARMmbed · May 16, 2024 · 5fc4abe · 5fc4abe
1 parent 95fee2f
commit 5fc4abe
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/storage/kvstore/securestore/source/SecureStore.cpp b/storage/kvstore/securestore/source/SecureStore.cpp
@@ -290,7 +290,7 @@ int SecureStore::set_start(set_handle_t *handle, const char *key, size_t final_d
         goto fail;
     }
 
-    if (create_flags & (REQUIRE_REPLAY_PROTECTION_FLAG | WRITE_ONCE_FLAG)) {
+    if (_rbp_kv && (create_flags & (REQUIRE_REPLAY_PROTECTION_FLAG | WRITE_ONCE_FLAG))) {
         _ih->key = new char[strlen(key) + 1];
         strcpy(_ih->key, key);
     }