test/rma_auth: Pad authcode before passing it to rma_try_authcode

rma_try_authcode expects a buffer that is at least RMA_AUTHCODE_CHARS long, so copy the input string to a buffer before calling the function, else AddressSanitizer will complain. BRANCH=none BUG=chromium:854924 TEST=make TEST_ASAN=y run-rma_auth -j Change-Id: Iff2b195a7c7b01b925df6d9f53e0055f98f59ded Signed-off-by: Nicolas Boichat <drinkcat@chromium.org> Reviewed-on: https://chromium-review.googlesource.com/1109658 Reviewed-by: Randall Spangler <rspangler@chromium.org>
author: Nicolas Boichat <drinkcat@chromium.org> 2018-06-21 09:10:30 +0800
committer: chrome-bot <chrome-bot@chromium.org> 2018-06-22 02:39:42 -0700
commit: 8032e90ccbceaf799eeabf6709ab66981b6cf720 (patch)
tree: 54350e25e55423d809b57e9ae1733465b2b3bfec /include/rma_auth.h
parent: 64aa8638f134f8aca4f48f3efc5fa7427caeb772 (diff)
download: chrome-ec-8032e90ccbceaf799eeabf6709ab66981b6cf720.tar.gz
1 files changed, 3 insertions, 1 deletions
diff --git a/include/rma_auth.h b/include/rma_auth.h
index 427e5c90de..698f4a71e9 100644
--- a/include/rma_auth.h
+++ b/include/rma_auth.h
@@ -61,7 +61,9 @@ const char *rma_get_challenge(void);
 /**
  * Try a RMA authorization code
  *
- * @param code		Authorization code to try
+ * @param code		Authorization code to try (buffer needs to be at least
+ * RMA_AUTHCODE_CHARS bytes long, no matter the actual string length, as the
+ * function uses safe_memcmp to prevent timing attacks).
  * @return EC_SUCCESS if the response was correct, or non-zero error code.
  */
 int rma_try_authcode(const char *code);
author	Nicolas Boichat <drinkcat@chromium.org>	2018-06-21 09:10:30 +0800
committer	chrome-bot <chrome-bot@chromium.org>	2018-06-22 02:39:42 -0700
commit	8032e90ccbceaf799eeabf6709ab66981b6cf720 (patch)
tree	54350e25e55423d809b57e9ae1733465b2b3bfec /include/rma_auth.h
parent	64aa8638f134f8aca4f48f3efc5fa7427caeb772 (diff)
download	chrome-ec-8032e90ccbceaf799eeabf6709ab66981b6cf720.tar.gz