default hidl CryptoPlugin: security fixes am: 1e18883b72
am: 02ef6a6283
am: 4d3b73ee5e
Change-Id: I9a6dea5a04e2119954936501913d073c0d781bac
This commit is contained in:
commit
c1d79c8182
1 changed files with 26 additions and 4 deletions
|
@ -101,11 +101,20 @@ namespace implementation {
|
|||
std::unique_ptr<android::CryptoPlugin::SubSample[]> legacySubSamples =
|
||||
std::make_unique<android::CryptoPlugin::SubSample[]>(subSamples.size());
|
||||
|
||||
size_t destSize = 0;
|
||||
for (size_t i = 0; i < subSamples.size(); i++) {
|
||||
legacySubSamples[i].mNumBytesOfClearData
|
||||
= subSamples[i].numBytesOfClearData;
|
||||
legacySubSamples[i].mNumBytesOfEncryptedData
|
||||
= subSamples[i].numBytesOfEncryptedData;
|
||||
uint32_t numBytesOfClearData = subSamples[i].numBytesOfClearData;
|
||||
legacySubSamples[i].mNumBytesOfClearData = numBytesOfClearData;
|
||||
uint32_t numBytesOfEncryptedData = subSamples[i].numBytesOfEncryptedData;
|
||||
legacySubSamples[i].mNumBytesOfEncryptedData = numBytesOfEncryptedData;
|
||||
if (__builtin_add_overflow(destSize, numBytesOfClearData, &destSize)) {
|
||||
_hidl_cb(Status::BAD_VALUE, 0, "subsample clear size overflow");
|
||||
return Void();
|
||||
}
|
||||
if (__builtin_add_overflow(destSize, numBytesOfEncryptedData, &destSize)) {
|
||||
_hidl_cb(Status::BAD_VALUE, 0, "subsample encrypted size overflow");
|
||||
return Void();
|
||||
}
|
||||
}
|
||||
|
||||
AString detailMessage;
|
||||
|
@ -137,11 +146,24 @@ namespace implementation {
|
|||
_hidl_cb(Status::ERROR_DRM_CANNOT_HANDLE, 0, "invalid buffer size");
|
||||
return Void();
|
||||
}
|
||||
|
||||
if (destSize > destBuffer.size) {
|
||||
_hidl_cb(Status::BAD_VALUE, 0, "subsample sum too large");
|
||||
return Void();
|
||||
}
|
||||
|
||||
destPtr = static_cast<void *>(base + destination.nonsecureMemory.offset);
|
||||
} else if (destination.type == BufferType::NATIVE_HANDLE) {
|
||||
if (!secure) {
|
||||
_hidl_cb(Status::BAD_VALUE, 0, "native handle destination must be secure");
|
||||
return Void();
|
||||
}
|
||||
native_handle_t *handle = const_cast<native_handle_t *>(
|
||||
destination.secureMemory.getNativeHandle());
|
||||
destPtr = static_cast<void *>(handle);
|
||||
} else {
|
||||
_hidl_cb(Status::BAD_VALUE, 0, "invalid destination type");
|
||||
return Void();
|
||||
}
|
||||
ssize_t result = mLegacyPlugin->decrypt(secure, keyId.data(), iv.data(),
|
||||
legacyMode, legacyPattern, srcPtr, legacySubSamples.get(),
|
||||
|
|
Loading…
Reference in a new issue