From dad382dc0e33c2be575eeecccd2cc668a091c6f4 Mon Sep 17 00:00:00 2001
From: lukeman <lukeman@qq.com>
Date: Mon, 23 Sep 2024 21:23:46 +0800
Subject: [PATCH] =?UTF-8?q?=E4=BF=AE=E5=A4=8Dmemcheck=E5=86=85=E5=AD=98?=
 =?UTF-8?q?=E6=B3=84=E6=BC=8F=E9=97=AE=E9=A2=98?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 .../security/keymgr/localkms/security_file_enc.cpp   |  2 +-
 .../security/keymgr/localkms/security_localkms.cpp   | 12 +++++++++++-
 2 files changed, 12 insertions(+), 2 deletions(-)

diff --git a/src/gausskernel/security/keymgr/localkms/security_file_enc.cpp b/src/gausskernel/security/keymgr/localkms/security_file_enc.cpp
index 6af452596..580226002 100644
--- a/src/gausskernel/security/keymgr/localkms/security_file_enc.cpp
+++ b/src/gausskernel/security/keymgr/localkms/security_file_enc.cpp
@@ -219,7 +219,7 @@ CmkemErrCode encrypt_and_write_key(const char *key_file_path, CmkemUStr *key_pla
     unsigned char salt[KEY_METERIAL_LEN] = {0};
     unsigned char iv_salt_buf[sizeof(iv) + sizeof(salt)] = {0};
     unsigned char derived_key[DRIVED_KEY_LEN] = {0};
-    unsigned char tmp_cipher[RSA2048_KEN_LEN] = {0};
+    unsigned char tmp_cipher[RSA3072_KEN_LEN] = {0};
     int tmp_cipher_len = 0;
     char rand_file_path[PATH_MAX] = {0};
     errno_t rc = 0;
diff --git a/src/gausskernel/security/keymgr/localkms/security_localkms.cpp b/src/gausskernel/security/keymgr/localkms/security_localkms.cpp
index cf55fd08c..8b0352bff 100644
--- a/src/gausskernel/security/keymgr/localkms/security_localkms.cpp
+++ b/src/gausskernel/security/keymgr/localkms/security_localkms.cpp
@@ -541,6 +541,7 @@ KmUnStr kms_mk_decrypt(KeyMgr *kmgr, KeyInfo info, KmUnStr cipher)
     LocalKmsMgr *kms = (LocalKmsMgr *)(void *)kmgr;
     CmkemErrCode ret = CMKEM_UNKNOWN_ERR;
     KmUnStr plain = {0};
+    errno_t rc = EOK;
 
     CmkemUStr _cipher = {cipher.val, cipher.len};
     CmkemUStr *_plain = NULL;
@@ -562,8 +563,17 @@ KmUnStr kms_mk_decrypt(KeyMgr *kmgr, KeyInfo info, KmUnStr cipher)
         return plain;
     }
 
-    plain.val = _plain->ustr_val;
+    size_t ustrLen = _cipher.ustr_len * 2;
+    plain.val = (unsigned char *)km_alloc_zero(ustrLen);
+    if (plain.val == NULL) {
+        km_safe_free(_plain);
+        km_err_msg(kms->kmgr.err, "%s", get_cmkem_errmsg(CMKEM_MALLOC_MEM_ERR));
+        return plain;
+    }
+    rc = memcpy_s(plain.val, ustrLen, _plain->ustr_val, ustrLen);
+    km_securec_check(rc, "\0", "\0");
     plain.len = _plain->ustr_len;
+    free_cmkem_ustr_with_erase(_plain);
     return plain;
 }