From: Hansong Zhang <hsz@google.com>
Date: Tue, 6 Oct 2020 21:48:27 +0000 (-0700)
Subject: Fix a security issue in sdp_server.cc
X-Git-Url: http://git.osdn.net/view?a=commitdiff_plain;h=d7573f4fa9;p=android-x86%2Fsystem-bt.git

Fix a security issue in sdp_server.cc

Bug: 169342531
Test: POC
Change-Id: I0e8cdb9a00184f62d11fb06bc30f07b2a35bc49e
---

diff --git a/stack/sdp/sdp_server.cc b/stack/sdp/sdp_server.cc
index 94c56d9c8..685c878db 100644
--- a/stack/sdp/sdp_server.cc
+++ b/stack/sdp/sdp_server.cc
@@ -126,9 +126,11 @@ void sdp_server_handle_client_req(tCONN_CB* p_ccb, BT_HDR* p_msg) {
 
   if (p_req + sizeof(pdu_id) + sizeof(trans_num) > p_req_end) {
     android_errorWriteLog(0x534e4554, "69384124");
+    android_errorWriteLog(0x534e4554, "169342531");
     trans_num = 0;
     sdpu_build_n_send_error(p_ccb, trans_num, SDP_INVALID_REQ_SYNTAX,
                             SDP_TEXT_BAD_HEADER);
+    return;
   }
 
   /* The first byte in the message is the pdu type */
@@ -139,8 +141,10 @@ void sdp_server_handle_client_req(tCONN_CB* p_ccb, BT_HDR* p_msg) {
 
   if (p_req + sizeof(param_len) > p_req_end) {
     android_errorWriteLog(0x534e4554, "69384124");
+    android_errorWriteLog(0x534e4554, "169342531");
     sdpu_build_n_send_error(p_ccb, trans_num, SDP_INVALID_REQ_SYNTAX,
                             SDP_TEXT_BAD_HEADER);
+    return;
   }
 
   BE_STREAM_TO_UINT16(param_len, p_req);