From f862f2a378945a815153f03824b8ed927b8c6a87 Mon Sep 17 00:00:00 2001
From: Fred Gylys-Colwell <fredgc@google.com>
Date: Tue, 8 Nov 2022 13:41:53 -0800
Subject: [PATCH] Prevent unpacking invalid enum values from ODK_Message

Merge from Widevine repo of http://go/wvgerrit/158102
Test: tested with http://go/ag/20420224
Bug: 247376339

Change-Id: I5b3ef3cfdee6870f6d58e5551fd6a74507ae1e81
---
 .../odk/include/OEMCryptoCENCCommon.h         |  1 +
 .../oemcrypto/odk/src/odk_serialize.c         |  4 ++--
 .../oemcrypto/odk/src/serialization_base.c    | 24 ++++++++++++++++---
 .../oemcrypto/odk/src/serialization_base.h    |  5 +++-
 4 files changed, 28 insertions(+), 6 deletions(-)

diff --git a/libwvdrmengine/oemcrypto/odk/include/OEMCryptoCENCCommon.h b/libwvdrmengine/oemcrypto/odk/include/OEMCryptoCENCCommon.h
index ce51b8d0..e94f1774 100644
--- a/libwvdrmengine/oemcrypto/odk/include/OEMCryptoCENCCommon.h
+++ b/libwvdrmengine/oemcrypto/odk/include/OEMCryptoCENCCommon.h
@@ -139,6 +139,7 @@ typedef enum OEMCrypto_LicenseType {
 typedef enum OEMCrypto_PrivateKeyType {
   OEMCrypto_RSA_Private_Key = 0,
   OEMCrypto_ECC_Private_Key = 1,
+  OEMCrypto_PrivateKeyType_MaxValue = OEMCrypto_ECC_Private_Key,
 } OEMCrypto_PrivateKeyType;
 
 /**
diff --git a/libwvdrmengine/oemcrypto/odk/src/odk_serialize.c b/libwvdrmengine/oemcrypto/odk/src/odk_serialize.c
index 5c582000..fd8d6a7e 100644
--- a/libwvdrmengine/oemcrypto/odk/src/odk_serialize.c
+++ b/libwvdrmengine/oemcrypto/odk/src/odk_serialize.c
@@ -212,7 +212,7 @@ static void Unpack_ODK_ParsedLicense(ODK_Message* msg, ODK_ParsedLicense* obj) {
   Unpack_OEMCrypto_Substring(msg, &obj->enc_mac_keys);
   Unpack_OEMCrypto_Substring(msg, &obj->pst);
   Unpack_OEMCrypto_Substring(msg, &obj->srm_restriction_data);
-  obj->license_type = (OEMCrypto_LicenseType)Unpack_enum(msg);
+  Unpack_OEMCrypto_LicenseType(msg, &obj->license_type);
   Unpack_bool(msg, &obj->nonce_required);
   Unpack_ODK_TimerLimits(msg, &obj->timer_limits);
   Unpack_uint32_t(msg, &obj->watermarking);
@@ -286,7 +286,7 @@ static void Unpack_ODK_ParsedLicenseV16(ODK_Message* msg,
 
 static void Unpack_ODK_ParsedProvisioning(ODK_Message* msg,
                                           ODK_ParsedProvisioning* obj) {
-  obj->key_type = (OEMCrypto_PrivateKeyType)Unpack_enum(msg);
+  Unpack_OEMCrypto_PrivateKeyType(msg, &obj->key_type);
   Unpack_OEMCrypto_Substring(msg, &obj->enc_private_key);
   Unpack_OEMCrypto_Substring(msg, &obj->enc_private_key_iv);
   Unpack_OEMCrypto_Substring(msg, &obj->encrypted_message_key);
diff --git a/libwvdrmengine/oemcrypto/odk/src/serialization_base.c b/libwvdrmengine/oemcrypto/odk/src/serialization_base.c
index 30af34cf..2ea30654 100644
--- a/libwvdrmengine/oemcrypto/odk/src/serialization_base.c
+++ b/libwvdrmengine/oemcrypto/odk/src/serialization_base.c
@@ -108,10 +108,28 @@ static void UnpackBytes(ODK_Message* message, uint8_t* ptr, size_t count) {
   }
 }
 
-int Unpack_enum(ODK_Message* message) {
-  uint32_t v32;
+void Unpack_OEMCrypto_LicenseType(ODK_Message* message,
+                                  OEMCrypto_LicenseType* value) {
+  assert(value);
+  uint32_t v32 = 0;
   Unpack_uint32_t(message, &v32);
-  return (int)v32;
+  if (v32 <= OEMCrypto_LicenseType_MaxValue) {
+    *value = (OEMCrypto_LicenseType)v32;
+  } else {
+    ODK_Message_SetStatus(message, MESSAGE_STATUS_PARSE_ERROR);
+  }
+}
+
+void Unpack_OEMCrypto_PrivateKeyType(ODK_Message* message,
+                                     OEMCrypto_PrivateKeyType* value) {
+  assert(value);
+  uint32_t v32 = 0;
+  Unpack_uint32_t(message, &v32);
+  if (v32 <= OEMCrypto_PrivateKeyType_MaxValue) {
+    *value = (OEMCrypto_PrivateKeyType)v32;
+  } else {
+    ODK_Message_SetStatus(message, MESSAGE_STATUS_PARSE_ERROR);
+  }
 }
 
 void Unpack_bool(ODK_Message* message, bool* value) {
diff --git a/libwvdrmengine/oemcrypto/odk/src/serialization_base.h b/libwvdrmengine/oemcrypto/odk/src/serialization_base.h
index 7b69e11f..f3979376 100644
--- a/libwvdrmengine/oemcrypto/odk/src/serialization_base.h
+++ b/libwvdrmengine/oemcrypto/odk/src/serialization_base.h
@@ -25,7 +25,10 @@ void PackArray(ODK_Message* message, const uint8_t* base, size_t size);
 void Pack_OEMCrypto_Substring(ODK_Message* message,
                               const OEMCrypto_Substring* obj);
 
-int Unpack_enum(ODK_Message* message);
+void Unpack_OEMCrypto_LicenseType(ODK_Message* message,
+                                  OEMCrypto_LicenseType* value);
+void Unpack_OEMCrypto_PrivateKeyType(ODK_Message* message,
+                                     OEMCrypto_PrivateKeyType* value);
 void Unpack_bool(ODK_Message* message, bool* value);
 void Unpack_uint8_t(ODK_Message* message, uint8_t* value);
 void Unpack_uint16_t(ODK_Message* message, uint16_t* value);