Bug 1308424- Verify the license response size while updating session. r=cpearce

MozReview-Commit-ID: AmyCOutPvWn --HG-- extra : rebase_source : 8fd1c98ba5039fc55ee3e5ac8b9cfc61f9dee4e2
2016-10-07 18:16:30 +08:00 · 2016-10-07 18:16:30 +08:00 · d3d72c3b63
--- a/media/gmp-clearkey/0.1/ClearKeySessionManager.cpp
+++ b/media/gmp-clearkey/0.1/ClearKeySessionManager.cpp
@ -217,6 +217,13 @@ ClearKeySessionManager::UpdateSession(uint32_t aPromiseId,
  }
  ClearKeySession* session = itr->second;

+  // Verify the size of session response.
+  if (aResponseSize >= kMaxSessionResponseLength) {
+    CK_LOGW("Session response size is not within a reasonable size.");
+    mCallback->RejectPromise(aPromiseId, kGMPInvalidAccessError, nullptr, 0);
+    return;
+  }
+
  // Parse the response for any (key ID, key) pairs.
  vector<KeyIdPair> keyPairs;
  if (!ClearKeyUtils::ParseJWK(aResponse, aResponseSize, keyPairs, session->Type())) {
--- a/media/gmp-clearkey/0.1/ClearKeyUtils.h
+++ b/media/gmp-clearkey/0.1/ClearKeyUtils.h
@ -40,6 +40,10 @@ extern GMPPlatformAPI* GetPlatform();
 typedef std::vector<uint8_t> KeyId;
 typedef std::vector<uint8_t> Key;

+// The session response size should be within a reasonable limit.
+// The size 64 KB is referenced from web-platform-test.
+static const uint32_t kMaxSessionResponseLength = 65536;
+
 // Provide limitation for KeyIds length and webm initData size.
 static const uint32_t kMaxWebmInitDataSize = 65536;
 static const uint32_t kMaxKeyIdsLength = 512;