Fix buffer overflow due to unbounded strlen over the non-null terminated audio...

Fix buffer overflow due to unbounded strlen over the non-null terminated audio policy string. Caught by asan. BUG= Review URL: https://codereview.chromium.org/890683002 Cr-Commit-Position: refs/heads/master@{#314019}

Fix buffer overflow due to unbounded strlen over the non-null terminated audio...
Fix buffer overflow due to unbounded strlen over the non-null terminated audio policy string. Caught by asan. BUG= Review URL: https://codereview.chromium.org/890683002 Cr-Commit-Position: refs/heads/master@{#314019}
e6b0fbf6 · kmarshall · Commit bot · 5500d58b · e6b0fbf6
Commit e6b0fbf6 authored Jan 30, 2015 by kmarshall Committed by Commit bot Jan 30, 2015
Show whitespace changes
Inline Side-by-side

Showing with 5 additions and 2 deletions

extensions/browser/api/cast_channel/cast_auth_util.cc extensions/browser/api/cast_channel/cast_auth_util.cc +5 -2

No files found.
--- a/extensions/browser/api/cast_channel/cast_auth_util.cc
+++ b/extensions/browser/api/cast_channel/cast_auth_util.cc
@@ -137,8 +137,11 @@ AuthResult AuthenticateChallengeReply(const CastMessage& challenge_reply,
    return result;
  }
-  if (response.client_auth_certificate().find(reinterpret_cast<const char*>(
+  const std::string& audio_policy =
-          kAudioOnlyPolicy)) != std::string::npos) {
+      std::string(reinterpret_cast<const char*>(kAudioOnlyPolicy),
+                  (arraysize(kAudioOnlyPolicy) / sizeof(unsigned char)));
+  if (response.client_auth_certificate().find(audio_policy) !=
+      std::string::npos) {
    result.channel_policies |= AuthResult::POLICY_AUDIO_ONLY;
  }