widevine-partner/android
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Added key_session_ guard to SelectKey.

Browse Source 
[ Merge of http://go/wvgerrit/148158 ]
[ Cherry pick of http://ag/16982989 ]

A rare race condition was found where a key is selected as the session
is closed.  This results in a null pointer dereference in
CryptoSession::SelectKey().  Two additional checks have been added to
SelectKey() to prevent this from occuring.

Bug: 217749078
Test: CDM unit tests, atest GtsMediaTestCases
Change-Id: Iec390cc7d1f28ddc18a30a68bc78922ec4fdbb89
(cherry picked from commit 1cd85a6b79)
This commit is contained in:
Alex Dale
2022-02-22 17:26:47 -08:00
parent cff6103321
commit 1fac6fa5de
1 changed files with 2 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
libwvdrmengine/cdm/core/src/crypto_session.cpp
View File

@@ -1539,7 +1539,9 @@ CdmResponseType CryptoSession::LoadOemCertificatePrivateKey(
// Private. // Private.
CdmResponseType CryptoSession::SelectKey(const std::string& key_id, CdmResponseType CryptoSession::SelectKey(const std::string& key_id,
CdmCipherMode cipher_mode) { CdmCipherMode cipher_mode) {
RETURN_IF_NOT_OPEN(CRYPTO_SESSION_NOT_OPEN);
const OEMCryptoResult sts = WithOecSessionLock("SelectKey", [&] { const OEMCryptoResult sts = WithOecSessionLock("SelectKey", [&] {
RETURN_IF_NULL(key_session_, OEMCrypto_ERROR_INVALID_SESSION);
return key_session_->SelectKey(key_id, cipher_mode); return key_session_->SelectKey(key_id, cipher_mode);
}); });