Chromium Code Reviews Chromium Code Reviews
Issue 890683002:
Fix buffer overflow due to unbounded strlen over a non-null terminated string. Detected by asan. (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master| Index: extensions/browser/api/cast_channel/cast_auth_util.cc |
| diff --git a/extensions/browser/api/cast_channel/cast_auth_util.cc b/extensions/browser/api/cast_channel/cast_auth_util.cc |
| index e2beca1870179241a76f4a2aab586859b8fca55b..3377a2fb129ba5cf2bc1b5b6910a75e026a88137 100644 |
| --- a/extensions/browser/api/cast_channel/cast_auth_util.cc |
| +++ b/extensions/browser/api/cast_channel/cast_auth_util.cc |
| @@ -137,8 +137,11 @@ AuthResult AuthenticateChallengeReply(const CastMessage& challenge_reply, |
| return result; |
| } |
| - if (response.client_auth_certificate().find(reinterpret_cast<const char*>( |
| - kAudioOnlyPolicy)) != std::string::npos) { |
| + std::string audio_policy = |
|
mark a. foltz
2015/01/30 00:22:42
const std::string&
Kevin M
2015/01/30 22:15:47
I didn't know this was legal. Cool.
|
| + std::string(reinterpret_cast<const char*>(kAudioOnlyPolicy), |
| + (arraysize(kAudioOnlyPolicy) / sizeof(unsigned char))); |
| + if (response.client_auth_certificate().find(audio_policy) != |
| + std::string::npos) { |
| result.channel_policies |= AuthResult::POLICY_AUDIO_ONLY; |
| } |
