Fixed bugs where the content of buffer holding keys was cleared using a wrong size...

Modified by James Dong <jdong@google.com>

Change-Id: Iaacfc79b2b26bdee7046d8555e3b4e0bc224c3c5

diff --git a/drm/libdrmframework/plugins/forward-lock/internal-format/converter/FwdLockConv.c b/drm/libdrmframework/plugins/forward-lock/internal-format/converter/FwdLockConv.c
index bb97abc..9d15835 100644 (file)
--- a/drm/libdrmframework/plugins/forward-lock/internal-format/converter/FwdLockConv.c
+++ b/drm/libdrmframework/plugins/forward-lock/internal-format/converter/FwdLockConv.c
@@ -245,7 +245,9 @@ static int FwdLockConv_DeriveKeys(FwdLockConv_Session_t *pSession) {
         AES_KEY sessionRoundKeys;
         unsigned char value[KEY_SIZE];
         unsigned char key[KEY_SIZE];
-    } *pData = malloc(sizeof *pData);
+    };
+    const size_t kSize = sizeof(struct FwdLockConv_DeriveKeys_Data);
+    struct FwdLockConv_DeriveKeys_Data *pData = malloc(kSize);
     if (pData == NULL) {
         status = FwdLockConv_Status_OutOfMemory;
     } else {
@@ -268,7 +270,7 @@ static int FwdLockConv_DeriveKeys(FwdLockConv_Session_t *pSession) {
                 status = FwdLockConv_Status_OK;
             }
         }
-        memset(pData, 0, sizeof pData); // Zero out key data.
+        memset(pData, 0, kSize); // Zero out key data.
         free(pData);
     }
     return status;

diff --git a/drm/libdrmframework/plugins/forward-lock/internal-format/decoder/FwdLockFile.c b/drm/libdrmframework/plugins/forward-lock/internal-format/decoder/FwdLockFile.c
index 7ff3c00..43b9e98 100644 (file)
--- a/drm/libdrmframework/plugins/forward-lock/internal-format/decoder/FwdLockFile.c
+++ b/drm/libdrmframework/plugins/forward-lock/internal-format/decoder/FwdLockFile.c
@@ -174,7 +174,10 @@ static int FwdLockFile_DeriveKeys(FwdLockFile_Session_t * pSession) {
         AES_KEY sessionRoundKeys;
         unsigned char value[KEY_SIZE];
         unsigned char key[KEY_SIZE];
-    } *pData = malloc(sizeof *pData);
+    };
+
+    const size_t kSize = sizeof(struct FwdLockFile_DeriveKeys_Data);
+    struct FwdLockFile_DeriveKeys_Data *pData = malloc(kSize);
     if (pData == NULL) {
         result = FALSE;
     } else {
@@ -202,7 +205,7 @@ static int FwdLockFile_DeriveKeys(FwdLockFile_Session_t * pSession) {
         if (!result) {
             errno = ENOSYS;
         }
-        memset(pData, 0, sizeof pData); // Zero out key data.
+        memset(pData, 0, kSize); // Zero out key data.
         free(pData);
     }
     return result;