media: Allow printable ASCII characters in EME session ID

Currently we only allow alphanumerical characters in EME session ID. This is used as an example in the EME spec but not a requirement. There are key systems using Base64 encoded session IDs, which therefore use printable but non-alphanumeric characters. The EME session ID check is relaxed to allow any printable ASCII characters, to allow Base64 and similar encodings. In theory, we can allow all ASCII characters, but that will make logging/debugging hard. For the same reason, we also disallow space in session ID. We could also have key system specific session ID sanitization logic, but we choose to keep things simple. This CL also add base::IsAsciiPrintable() which is the same as WTF::IsASCIIPrintable(). Bug: 902828 Test: None. Change-Id: Ic0f7e47ad192aa80734f4b1f6a9e28fe74dff941 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/1574288 Commit-Queue: Xiaohan Wang <xhwang@chromium.org> Reviewed-by: John Rummell <jrummell@chromium.org> Reviewed-by: Wez <wez@chromium.org> Reviewed-by: Yuchen Liu <yucliu@chromium.org> Cr-Commit-Position: refs/heads/master@{#655398}
Denger-Network · Apr 30, 2019 · 5e2536b · 5e2536b
1 parent 995a780
commit 5e2536b
Show file tree

Hide file tree

Showing 3 changed files with 13 additions and 3 deletions.
diff --git a/base/strings/string_util.h b/base/strings/string_util.h
@@ -383,6 +383,10 @@ template <typename Char>
 inline bool IsAsciiDigit(Char c) {
   return c >= '0' && c <= '9';
 }
+template <typename Char>
+inline bool IsAsciiPrintable(Char c) {
+  return c >= ' ' && c <= '~';
+}
 
 template <typename Char>
 inline bool IsHexDigit(Char c) {

diff --git a/media/blink/webcontentdecryptionmodulesession_impl.cc b/media/blink/webcontentdecryptionmodulesession_impl.cc
@@ -152,8 +152,12 @@ bool SanitizeSessionId(const blink::WebString& session_id,
   if (sanitized_session_id->length() > limits::kMaxSessionIdLength)
     return false;
 
+  // Check that |sanitized_session_id| only contains non-space printable
+  // characters for easier logging. Note that checking alphanumeric is too
+  // strict because there are key systems using Base64 session IDs. See
+  // https://crbug.com/902828.
   for (const char c : *sanitized_session_id) {
-    if (!base::IsAsciiAlpha(c) && !base::IsAsciiDigit(c))
+    if (!base::IsAsciiPrintable(c) || c == ' ')
       return false;
   }
 

diff --git a/third_party/blink/renderer/modules/encryptedmedia/media_key_session.cc b/third_party/blink/renderer/modules/encryptedmedia/media_key_session.cc
@@ -76,9 +76,11 @@ static bool IsValidSessionId(const String& session_id) {
   if (!session_id.ContainsOnlyASCIIOrEmpty())
     return false;
 
-  // Check that the sessionId only contains alphanumeric characters.
+  // Check that |session_id| only contains non-space printable characters for
+  // easier logging. Note that checking alphanumeric is too strict because there
+  // are key systems using Base64 session IDs. See https://crbug.com/902828.
   for (unsigned i = 0; i < session_id.length(); ++i) {
-    if (!IsASCIIAlphanumeric(session_id[i]))
+    if (!IsASCIIPrintable(session_id[i]) || session_id[i] == ' ')
       return false;
   }