From 1fac6fa5de3f0516f1f49c2016e93b016e7f1ca4 Mon Sep 17 00:00:00 2001
From: Alex Dale <sigquit@google.com>
Date: Tue, 22 Feb 2022 17:26:47 -0800
Subject: [PATCH] Added key_session_ guard to SelectKey.

[ Merge of http://go/wvgerrit/148158 ]
[ Cherry pick of http://ag/16982989 ]

A rare race condition was found where a key is selected as the session
is closed.  This results in a null pointer dereference in
CryptoSession::SelectKey().  Two additional checks have been added to
SelectKey() to prevent this from occuring.

Bug: 217749078
Test: CDM unit tests, atest GtsMediaTestCases
Change-Id: Iec390cc7d1f28ddc18a30a68bc78922ec4fdbb89
(cherry picked from commit 1cd85a6b7986e3e9842557accf41e6895ed432b3)
---
 libwvdrmengine/cdm/core/src/crypto_session.cpp | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/libwvdrmengine/cdm/core/src/crypto_session.cpp b/libwvdrmengine/cdm/core/src/crypto_session.cpp
index 6cefeaa3..665e9a98 100644
--- a/libwvdrmengine/cdm/core/src/crypto_session.cpp
+++ b/libwvdrmengine/cdm/core/src/crypto_session.cpp
@@ -1539,7 +1539,9 @@ CdmResponseType CryptoSession::LoadOemCertificatePrivateKey(
 // Private.
 CdmResponseType CryptoSession::SelectKey(const std::string& key_id,
                                          CdmCipherMode cipher_mode) {
+  RETURN_IF_NOT_OPEN(CRYPTO_SESSION_NOT_OPEN);
   const OEMCryptoResult sts = WithOecSessionLock("SelectKey", [&] {
+    RETURN_IF_NULL(key_session_, OEMCrypto_ERROR_INVALID_SESSION);
     return key_session_->SelectKey(key_id, cipher_mode);
   });