From 1c5ca642cb2021ffcdd253d929e40c393cf3fe07 Mon Sep 17 00:00:00 2001 From: Jeff Tinker Date: Thu, 19 Dec 2013 16:05:06 -0800 Subject: [PATCH] NULL terminate device unique ID before use bug: 12228689 If the device ID returned from OEMCrypto_GetDeviceUniqueId is not NULL terminated in the OEM code, trailing garbage characters may be included in the license request's client_identification field, which could be rejected by the server's utf8 parser if they are invalid characters, causing a license request failure. The code for CryptoSession::GetDeviceUniqueId should use the updated id_length from OEMCrypto_GetDeviceUniqueId to adjust the length of the *device_id string before returning the result to the caller. Change-Id: I659866d4234d4f21ec051590fc7bc6367904a48a --- libwvdrmengine/cdm/core/src/crypto_session.cpp | 3 +++ 1 file changed, 3 insertions(+) diff --git a/libwvdrmengine/cdm/core/src/crypto_session.cpp b/libwvdrmengine/cdm/core/src/crypto_session.cpp index f531763e..19a55f0b 100644 --- a/libwvdrmengine/cdm/core/src/crypto_session.cpp +++ b/libwvdrmengine/cdm/core/src/crypto_session.cpp @@ -155,6 +155,9 @@ bool CryptoSession::GetDeviceUniqueId(std::string* device_id) { return false; } + id.resize(id_length + 1); + id[id_length] = '\0'; + *device_id = reinterpret_cast(&id[0]); return true; }