OSDN Git Service
(root)
/
android-x86
/
system-bt.git
/ commitdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
| commitdiff |
tree
raw
|
patch
| inline |
side by side
(parent:
1c5192c
)
Add packet length check in smp_proc_master_id
author
Ugo Yu
<ugoyu@google.com>
Wed, 8 Aug 2018 08:09:58 +0000
(16:09 +0800)
committer
android-build-team Robot
<android-build-team-robot@google.com>
Thu, 16 Aug 2018 01:24:25 +0000
(
01:24
+0000)
Bug:
111937027
Test: manual
Change-Id: I1144c9879e84fa79d68ad9d5fece4f58e2a3b075
(cherry picked from commit
c8294662d07a98e9b8b1cab1ab681ec0805ce4e8
)
stack/smp/smp_act.cc
patch
|
blob
|
history
diff --git
a/stack/smp/smp_act.cc
b/stack/smp/smp_act.cc
index
59045be
..
8533f2d
100644
(file)
--- a/
stack/smp/smp_act.cc
+++ b/
stack/smp/smp_act.cc
@@
-911,6
+911,14
@@
void smp_proc_master_id(tSMP_CB* p_cb, tSMP_INT_DATA* p_data) {
tBTM_LE_PENC_KEYS le_key;
SMP_TRACE_DEBUG("%s", __func__);
+
+ if (p_cb->rcvd_cmd_len < 11) { // 1(Code) + 2(EDIV) + 8(Rand)
+ android_errorWriteLog(0x534e4554, "111937027");
+ SMP_TRACE_ERROR("%s: Invalid command length: %d, should be at least 11",
+ __func__, p_cb->rcvd_cmd_len);
+ return;
+ }
+
smp_update_key_mask(p_cb, SMP_SEC_KEY_TYPE_ENC, true);
STREAM_TO_UINT16(le_key.ediv, p);