From 2d45dbd1910a7e51d383e8583017e6f26cd3498a Mon Sep 17 00:00:00 2001
From: Hung Nguyen <hung.nguyen@sonymobile.com>
Date: Tue, 5 Jun 2012 13:19:53 +0200
Subject: Fixed bugs where the content of buffer holding keys was cleared using
 a wrong size in forward lock

Modified by James Dong <jdong@google.com>

Change-Id: Iaacfc79b2b26bdee7046d8555e3b4e0bc224c3c5
---
 .../plugins/forward-lock/internal-format/converter/FwdLockConv.c   | 6 ++++--
 .../plugins/forward-lock/internal-format/decoder/FwdLockFile.c     | 7 +++++--
 2 files changed, 9 insertions(+), 4 deletions(-)

(limited to 'drm')

diff --git a/drm/libdrmframework/plugins/forward-lock/internal-format/converter/FwdLockConv.c b/drm/libdrmframework/plugins/forward-lock/internal-format/converter/FwdLockConv.c
index bb97abc..9d15835 100644
--- a/drm/libdrmframework/plugins/forward-lock/internal-format/converter/FwdLockConv.c
+++ b/drm/libdrmframework/plugins/forward-lock/internal-format/converter/FwdLockConv.c
@@ -245,7 +245,9 @@ static int FwdLockConv_DeriveKeys(FwdLockConv_Session_t *pSession) {
         AES_KEY sessionRoundKeys;
         unsigned char value[KEY_SIZE];
         unsigned char key[KEY_SIZE];
-    } *pData = malloc(sizeof *pData);
+    };
+    const size_t kSize = sizeof(struct FwdLockConv_DeriveKeys_Data);
+    struct FwdLockConv_DeriveKeys_Data *pData = malloc(kSize);
     if (pData == NULL) {
         status = FwdLockConv_Status_OutOfMemory;
     } else {
@@ -268,7 +270,7 @@ static int FwdLockConv_DeriveKeys(FwdLockConv_Session_t *pSession) {
                 status = FwdLockConv_Status_OK;
             }
         }
-        memset(pData, 0, sizeof pData); // Zero out key data.
+        memset(pData, 0, kSize); // Zero out key data.
         free(pData);
     }
     return status;
diff --git a/drm/libdrmframework/plugins/forward-lock/internal-format/decoder/FwdLockFile.c b/drm/libdrmframework/plugins/forward-lock/internal-format/decoder/FwdLockFile.c
index 7ff3c00..43b9e98 100644
--- a/drm/libdrmframework/plugins/forward-lock/internal-format/decoder/FwdLockFile.c
+++ b/drm/libdrmframework/plugins/forward-lock/internal-format/decoder/FwdLockFile.c
@@ -174,7 +174,10 @@ static int FwdLockFile_DeriveKeys(FwdLockFile_Session_t * pSession) {
         AES_KEY sessionRoundKeys;
         unsigned char value[KEY_SIZE];
         unsigned char key[KEY_SIZE];
-    } *pData = malloc(sizeof *pData);
+    };
+
+    const size_t kSize = sizeof(struct FwdLockFile_DeriveKeys_Data);
+    struct FwdLockFile_DeriveKeys_Data *pData = malloc(kSize);
     if (pData == NULL) {
         result = FALSE;
     } else {
@@ -202,7 +205,7 @@ static int FwdLockFile_DeriveKeys(FwdLockFile_Session_t * pSession) {
         if (!result) {
             errno = ENOSYS;
         }
-        memset(pData, 0, sizeof pData); // Zero out key data.
+        memset(pData, 0, kSize); // Zero out key data.
         free(pData);
     }
     return result;
-- 
cgit v1.1