If a malicious client set a pin that was too long it would overflow
the pin code memory.
Bug:
27411268
Change-Id: I9197ac6fdaa92a4799dacb6364e04671a39450cc
uint8_t pin_len, bt_pin_code_t *pin_code)
{
BTIF_TRACE_EVENT("%s: accept=%d", __FUNCTION__, accept);
uint8_t pin_len, bt_pin_code_t *pin_code)
{
BTIF_TRACE_EVENT("%s: accept=%d", __FUNCTION__, accept);
+ if (pin_code == NULL || pin_len > PIN_CODE_LEN)
return BT_STATUS_FAIL;
#if (defined(BLE_INCLUDED) && (BLE_INCLUDED == TRUE))
return BT_STATUS_FAIL;
#if (defined(BLE_INCLUDED) && (BLE_INCLUDED == TRUE))