Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit a9b9a30d authored by Edwin Wong's avatar Edwin Wong
Browse files

Check scopeId size in provideKeyResponse 

Need to check scopeId size before access.

bug: 144507096

Test: sts
ANDROID_BUILD_TOP= ./android-sts/tools/sts-tradefed run sts-engbuild-no-spl-lock -m StsHostTestCases --test android.security.sts.Poc19_11#testPocBug_144507096

Change-Id: I5d875f98e29c1115c156f7364c9c042426e17d7c
parent 684e4758

drm/mediadrm/plugins/clearkey/hidl/DrmPlugin.cpp

+5 −0
Original line number Diff line number Diff line
@@ -356,6 +356,11 @@ Return<void> DrmPlugin::provideKeyResponse( 


    Status status = Status::OK;

    bool isOfflineLicense = responseString.find(kOfflineLicense) != std::string::npos;

    if (scopeId.size() < kKeySetIdPrefix.size()) {

        android_errorWriteLog(0x534e4554, "144507096");

        _hidl_cb(Status::ERROR_DRM_CANNOT_HANDLE, hidl_vec<uint8_t>());

        return Void();

    }

    bool isRelease = (memcmp(scopeId.data(), kKeySetIdPrefix.data(), kKeySetIdPrefix.size()) == 0);

    if (isRelease) {

        keySetId.assign(scopeId.begin(), scopeId.end());