From 26bd0bc8ef0aca2b3064dbd0de9a2b61d9ce4810 Mon Sep 17 00:00:00 2001 From: Kilik Kuo Date: Fri, 7 Oct 2016 18:16:30 +0800 Subject: [PATCH] Bug 1308424-[Part1] Verify the license response size while updating session. r=cpearce MozReview-Commit-ID: IXZLWnbYTn9 --HG-- extra : rebase_source : fbf015e56443320c55960121e4d59379d9ffabcd --- media/gmp-clearkey/0.1/ClearKeySessionManager.cpp | 7 +++++++ media/gmp-clearkey/0.1/ClearKeyUtils.h | 4 ++++ 2 files changed, 11 insertions(+) diff --git a/media/gmp-clearkey/0.1/ClearKeySessionManager.cpp b/media/gmp-clearkey/0.1/ClearKeySessionManager.cpp index 6819a22223c9..74fe7d171147 100644 --- a/media/gmp-clearkey/0.1/ClearKeySessionManager.cpp +++ b/media/gmp-clearkey/0.1/ClearKeySessionManager.cpp @@ -217,6 +217,13 @@ ClearKeySessionManager::UpdateSession(uint32_t aPromiseId, } ClearKeySession* session = itr->second; + // Verify the size of session response. + if (aResponseSize >= kMaxSessionResponseLength) { + CK_LOGW("Session response size is not within a reasonable size."); + mCallback->RejectPromise(aPromiseId, kGMPInvalidAccessError, nullptr, 0); + return; + } + // Parse the response for any (key ID, key) pairs. vector keyPairs; if (!ClearKeyUtils::ParseJWK(aResponse, aResponseSize, keyPairs, session->Type())) { diff --git a/media/gmp-clearkey/0.1/ClearKeyUtils.h b/media/gmp-clearkey/0.1/ClearKeyUtils.h index b78ced00b9bf..9733521e998d 100644 --- a/media/gmp-clearkey/0.1/ClearKeyUtils.h +++ b/media/gmp-clearkey/0.1/ClearKeyUtils.h @@ -40,6 +40,10 @@ extern GMPPlatformAPI* GetPlatform(); typedef std::vector KeyId; typedef std::vector Key; +// The session response size should be within a reasonable limit. +// The size 64 KB is referenced from web-platform-test. +static const uint32_t kMaxSessionResponseLength = 65536; + // Provide limitation for KeyIds length and webm initData size. static const uint32_t kMaxWebmInitDataSize = 65536; static const uint32_t kMaxKeyIdsLength = 512;