OSDN Git Service
(root)
/
android-x86
/
system-bt.git
/ commitdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
| commitdiff |
tree
raw
|
patch
| inline |
side by side
(parent:
5c59e8a
)
DO NOT MERGE Fix OOB read in process_l2cap_cmd
author
Hansong Zhang
<hsz@google.com>
Thu, 12 Jul 2018 17:51:30 +0000
(10:51 -0700)
committer
Max Spector
<mspector@google.com>
Fri, 20 Jul 2018 20:56:11 +0000
(13:56 -0700)
Test: manual
Bug:
79488381
Change-Id: I723866ed40d3647fed99875f659bb95df96a6969
(cherry picked from commit
54c6a9dfd52ac6711d6f2101d233b276b2e3bb53
)
stack/l2cap/l2c_main.cc
patch
|
blob
|
history
diff --git
a/stack/l2cap/l2c_main.cc
b/stack/l2cap/l2c_main.cc
index
7c1ef48
..
1f3fb8f
100644
(file)
--- a/
stack/l2cap/l2c_main.cc
+++ b/
stack/l2cap/l2c_main.cc
@@
-542,6
+542,10
@@
static void process_l2cap_cmd(tL2C_LCB* p_lcb, uint8_t* p, uint16_t pkt_len) {
default:
/* sanity check option length */
if ((cfg_len + L2CAP_CFG_OPTION_OVERHEAD) <= cmd_len) {
+ if (p + cfg_len > p_next_cmd) {
+ android_errorWriteLog(0x534e4554, "79488381");
+ return;
+ }
p += cfg_len;
if ((cfg_code & 0x80) == 0) {
cfg_rej_len += cfg_len + L2CAP_CFG_OPTION_OVERHEAD;