Fix out of bounds buffer error in CreateCoreLicenseResponse()

Merge from Widevine repo of http://go/wvgerrit/157777 (partially merged in http://go/ag/20031768) In CreateCoreLicenseResponse(), there seems to be an out of bounds potential error due to a missing check that the index used for license_response.parsed_license->key_array is valid. Adding a check for this here. Bug: 217677571 Test: tested with http://go/ag/20420224 PiperOrigin-RevId: 452114761 Change-Id: Id35ec48bebb564596b8e67c737bc13be9377891b
2022-11-08 13:35:05 -08:00
parent 0f32f41bd1
commit 78e4c4ba8a
2 changed files with 3 additions and 3 deletions
--- a/libwvdrmengine/oemcrypto/odk/include/core_message_features.h
+++ b/libwvdrmengine/oemcrypto/odk/include/core_message_features.h
@@ -26,9 +26,9 @@ struct CoreMessageFeatures {
  // This is the published version of the ODK Core Message library. The default
  // behavior is for the server to restrict messages to at most this version
  // number. The default is 16.5, the last version used by Chrome. This will
-  // change to 17.0 when v17 has been released.
+  // change to 17.1 when v17 has been released.
  uint32_t maximum_major_version = 17;
-  uint32_t maximum_minor_version = 0;
+  uint32_t maximum_minor_version = 1;

  bool operator==(const CoreMessageFeatures &other) const;
  bool operator!=(const CoreMessageFeatures &other) const {
--- a/libwvdrmengine/oemcrypto/odk/include/odk_structs.h
+++ b/libwvdrmengine/oemcrypto/odk/include/odk_structs.h
@@ -19,7 +19,7 @@ extern "C" {
 #define ODK_MINOR_VERSION 1

 /* ODK Version string. Date changed automatically on each release. */
-#define ODK_RELEASE_DATE "ODK v17.1 2022-06-17"
+#define ODK_RELEASE_DATE "ODK v17.1 2022-05-31"

 /* The lowest version number for an ODK message. */
 #define ODK_FIRST_VERSION 16