OSDN Git Service
(root)
/
android-x86
/
system-bt.git
/ commitdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
| commitdiff |
tree
raw
|
patch
| inline |
side by side
(parent:
ed01581
)
DO NOT MERGE Check size of pin before replying
author
Marie Janssen
<jamuraa@google.com>
Wed, 9 Mar 2016 23:31:48 +0000
(15:31 -0800)
committer
Marie Janssen
<jamuraa@google.com>
Fri, 18 Mar 2016 18:36:17 +0000
(11:36 -0700)
If a malicious client set a pin that was too long it would overflow
the pin code memory.
Bug:
27411268
Change-Id: I9197ac6fdaa92a4799dacb6364e04671a39450cc
btif/src/btif_dm.c
patch
|
blob
|
history
diff --git
a/btif/src/btif_dm.c
b/btif/src/btif_dm.c
index
dcee736
..
cf317d6
100644
(file)
--- a/
btif/src/btif_dm.c
+++ b/
btif/src/btif_dm.c
@@
-2436,7
+2436,7
@@
bt_status_t btif_dm_pin_reply( const bt_bdaddr_t *bd_addr, uint8_t accept,
uint8_t pin_len, bt_pin_code_t *pin_code)
{
BTIF_TRACE_EVENT("%s: accept=%d", __FUNCTION__, accept);
- if (pin_code == NULL)
+ if (pin_code == NULL
|| pin_len > PIN_CODE_LEN
)
return BT_STATUS_FAIL;
#if (defined(BLE_INCLUDED) && (BLE_INCLUDED == TRUE))