e63e9163ff - platform/frameworks/av

commit	e63e9163ffdd4f198aaa8dbaba2f01f168e14484	[log] [tgz]
author	Edwin Wong <edwinwong@google.com>	Tue Sep 20 23:07:02 2022 +0000
committer	Edwin Wong <edwinwong@google.com>	Tue Sep 20 23:57:56 2022 +0000
tree	23c389c489ed66328d919a64b6b0b2428b759d83
parent	6edb934c2691521a15b67d8407b5a524aa681ec3 [diff]

[Fix vulnerability] Must validate input for decrypt.

There is a possible out of bounds read in Session::decrypt
due to lack of input validation.

Poc test is in http://go/ag/20002511

Test: sts-tradefed run  sts-dynamic-develop  -m StsHostTestCases -t android.security.sts.Bug_244569759#testPocBug_244569759

Bug: 244569759
Change-Id: I493200ba090226b5362d758c5dcc4b81f94d24c0

drm/mediadrm/plugins/clearkey/aidl/CryptoPlugin.cpp[diff]
drm/mediadrm/plugins/clearkey/hidl/CryptoPlugin.cpp[diff]

2 files changed

tree: 23c389c489ed66328d919a64b6b0b2428b759d83

aidl/
apex/
camera/
cmds/
drm/
include/
media/
services/
tools/
.clang-format
Android.bp
CleanSpec.mk
MainlineFiles.cfg
METADATA
MODULE_LICENSE_APACHE2
NOTICE
OWNERS
PREUPLOAD.cfg