OSDN Git Service
Chih-Wei Huang [Sun, 10 Jun 2018 09:46:25 +0000 (17:46 +0800)]
Remove the unused function
Chih-Wei Huang [Wed, 6 Dec 2017 09:57:21 +0000 (17:57 +0800)]
HCI: don't abort on timeout
Timeout is normal. Especially when the device is suspending.
Don't abort it stupidly.
anitha3x [Tue, 16 Oct 2018 08:52:07 +0000 (14:22 +0530)]
A work around fix for incorrect controller response.
Reason: The controller did not send correct response
for read remote extended features for "page 1" request.
Since lmp extended features ssp was not true, the sm4
was not enabled. Therefore host did not initiate
authentication request. When L2CAP AVDTP connection
was established, the controller returned disconnect
complete with authentication failed reason.
Fix: Provided a retry of read remote extended features
request from host, when response for 'page 1' was
incorrect. This enabled authentication from host and
hence L2CAP AVDTP connection was successful.
Revert the changes, once contoller fix is available
Tracked-On: OAM-69566
Signed-off-by: anitha3x <anithax.h.chandrasekar@intel.com>
Jeevaka Prabu Badrappan [Mon, 27 Aug 2018 17:13:22 +0000 (22:43 +0530)]
Fix for Bluetooth device name reset to default name after reboot
Reason: When the BT device name is updated is getting saved
to the config data pointer but not to the persistent data
(i.e. bt_config.conf). So, when the reboot is happening it
is not able to get the updated device name from the persistent
data (i.e. bt_config.conf) as during reboot bt_config_flush is
not called. It is only called on the BT Enable Event.
Fix: Saving the BT Device name to persistent data using
btif_config_flush once it is set.
Tracked-On: OAM-67917
Signed-off-by: Gaganpreet kaur <gaganpreetx.kaur@intel.com>
Signed-off-by: Aiswarya Cyriac <aiswarya.cyriac@intel.com>
Aiswarya Cyriac [Mon, 26 Feb 2018 04:27:11 +0000 (09:57 +0530)]
Fix for BLE pairing failure in slave role
Pairing fails due to DHkey mismatch and this fix address the
mismatch
Change-Id: Ie09f6c4ef3e70cce3f3b57858b6e8945eb65e63c
Tracked-On:https://jira01.devtools.intel.com/browse/OAM-57377
Signed-Off-by: Aiswarya Cyriac <aiswarya.cyriac@intel.com>
Ugo Yu [Thu, 11 Jul 2019 12:12:42 +0000 (20:12 +0800)]
DO NOT MERGE Store BLE keys using the address from the ble_auth_cmpl_evt
Reading the peer address from btif_dm_ble_auth_cmpl_evt, instead
of using the value from the pairing control block in
btif_dm_save_ble_bonding_keys, ensures that BLE keys are stored with
the correct address.
Bug:
133234174
Bug:
79703832
Test: 1. Initiate crosskey pairing from BLE
2. Check whether BLE keys are stored correctly
Change-Id: I18b4a1d8e2cdcd6dd4a300f1dc9e6d3892a3baff
(cherry picked from commit
0d95651e8b22b1012f1ee103e4a0b8665a0c17d4)
(cherry picked from commit
b2334f05895e9926666904c41f13821210cbd6e9)
Ugo Yu [Thu, 23 May 2019 11:06:56 +0000 (19:06 +0800)]
DO NOT MERGE Separate SDP procedure from bonding state (1/2)
- Do not stay in bonding state if the device is paried but still
discovering service.
- Report BOND_BONDED to Java after authentication for a classic
Bluetooth device is completed.
- Send BONDING event to Java when static identity address is
first obtained during crosskey pairing
- Send BONDING event to Java for the initial random address
before send BONDED event
- Do not send bond event for static identity address when SDP is done.
- Make sure pairing control block always get cleaned up when both SDP
and pairing are done
- Send empty UUIDs to Java layer to unblock bonding intent broadcast
when SDP fails
Bug:
79703832
Test: runtest bluetooth, regression test
Change-Id: Ic33ca045b996c02a7c98e458f791a1747a8ea6d5
(cherry picked from commit
6628beb969f3f8e58972d2c2eb8b4bc053a11109)
Arjun Garg [Mon, 15 Jul 2019 20:00:08 +0000 (13:00 -0700)]
Revert "DO NOT MERGE Separate SDP procedure from bonding state (1/2)"
This reverts commit
12df1a2282e6d591bd0e1db75f0c38067a31ef40.
Jakub Pawlowski [Thu, 6 Jun 2019 11:54:55 +0000 (13:54 +0200)]
DO NOT MERGE Fix for Bluetooth connection being dropped after HCI Read Encryption Key Size
If remote device stop the encryption before we call "Read Encryption Key Size",
we might receive Insufficient Security, which means that link is no longer
encrypted.
In such cases we should stay connected, rather than disconnecting the
link.
Test: Connect to device that stop encryption right after encryption is
complete, i.e. to change roles.
Bug:
124301137
Bug:
132626699
Change-Id: Iab0fd9f357d18a6b048b971d0393fbb47fd4d793
Merged-In: Iab0fd9f357d18a6b048b971d0393fbb47fd4d793
(cherry picked from commit
c978f86b506f31567b5991c91cdbe4c142ca8edd)
Ugo Yu [Thu, 23 May 2019 11:06:56 +0000 (19:06 +0800)]
DO NOT MERGE Separate SDP procedure from bonding state (1/2)
- Do not stay in bonding state if the device is paried but still
discovering service.
- Report BOND_BONDED to Java after authentication for a classic
Bluetooth device is completed.
- Send BONDING event to Java when static identity address is
first obtained during crosskey pairing
- Send BONDING event to Java for the initial random address
before send BONDED event
- Do not send bond event for static identity address when SDP is done.
- Make sure pairing control block always get cleaned up when both SDP
and pairing are done
- Send empty UUIDs to Java layer to unblock bonding intent broadcast
when SDP fails
Bug:
79703832
Test: runtest bluetooth, regression test
Change-Id: Ic33ca045b996c02a7c98e458f791a1747a8ea6d5
(cherry picked from commit
6628beb969f3f8e58972d2c2eb8b4bc053a11109)
Martin Brabham [Thu, 4 Apr 2019 21:57:41 +0000 (14:57 -0700)]
DO NOT MERGE: osi: Offload mutex pointer to local scope
Create a shared_ptr for the callback_mutex in the alarm struct.
When performing the callback, make a local shared_ptr reference.
lock_guard on the local shared_ptr reference.
Bug:
117997080
Test: atest net_test_bluetooth
Change-Id: Iab800f720f4ccc4735e4d494e0d458eb97b40a4a
(cherry picked from commit
947c58718f93629f2fba6e16d5163b6da07d0056)
Ted Wang [Mon, 29 Apr 2019 02:11:04 +0000 (10:11 +0800)]
Fix potential OOB read in sdpu_get_len_from_type
Add boundary check in sdpu_get_len_from_type to prevent potential OOB read.
Bug:
117105007
Test: Manul
Merged-In: I3755e13ee0a7e22ffd5f48fca909610a26b09d0a
Change-Id: I3755e13ee0a7e22ffd5f48fca909610a26b09d0a
(cherry picked from commit
1243f8da338dadfe2a3c281a08297b431402d41c)
(cherry picked from commit
4d8e1d63e1a2116c47702d38d858f5a742e8292f)
Jakub Pawlowski [Mon, 11 Mar 2019 18:22:01 +0000 (19:22 +0100)]
DO NOT MERGE Don't persist bonds using sample LTK
Test: compilation, manual testing
Bug:
128843052
Change-Id: I52fd484d42bf87e96dbc9e6456090f231ed48111
(cherry picked from commit
250529d6f1110c5b6117508dc8f200eaaeedaae5)
Jack He [Thu, 21 Mar 2019 00:51:09 +0000 (17:51 -0700)]
DO NOT MERGE Log encryption key size
* Log result from HCI_READ_ENCR_KEY_SIZE command
Bug:
124301137
Test: test drive with statsd
Change-Id: I776a3c357fcd75623fba241f150d1afb58aa23fb
(cherry picked from commit
7e8dbcd40b97c731d797c8967a6d44db856bca15)
Jakub Pawlowski [Thu, 14 Feb 2019 11:44:06 +0000 (12:44 +0100)]
DO NOT MERGE Drop Bluetooth connection with weak encryption key
This patch requires Bluetooth chip to support HCI Read Encryption Key Size
command and will cause Bluetooth to crash if this command is not supported
on a device. Such device should not take this patch and should look for
alternative solution to drop Bluetooth connection with weak encryption key.
Bug:
124301137
Change-Id: Id4b6b4e765628397a79e6806f45c2cd27acebd5b
(cherry picked from commit
398473b74ebab9a47bf6f0615460f3c44ca09269)
Ajay Panicker [Fri, 14 Dec 2018 22:55:02 +0000 (14:55 -0800)]
DO NOT MERGE: Use a weak pointer to deliver updates to AVRCP devices.
If a device disconnects right before a update message gets queued, the
device becomes null and there is a crash when the callback for the
update executes on the disconnected device. This patch switches the
device reference from being Unretained to using a weak pointer so that
the callback just doesn't execute if the device is disconnected.
Bug:
120431125
Bug:
120445479
Test: Use the same test as b/
120477414 as that bug causes a disconnect
at the same time as a media update.
Change-Id: I1dcc08e5c9866106e7ec0dad52505e34b42da600
(cherry picked from commit
f083d1e076ea97e6feaa363f03dab3656bd03ee0)
JP Sugarbroad [Tue, 19 Mar 2019 21:58:40 +0000 (14:58 -0700)]
Revert "DO NOT MERGE Separate SDP procedure from bonding state (1/2)"
This reverts commit
583a7016e4f4167df2efe4e25dc80b6c4aa1f834.
Hansong Zhang [Sat, 2 Feb 2019 01:45:30 +0000 (17:45 -0800)]
resolve merge conflicts of
ec78d74706c3e81f91eee53e3d9f959f66e5d77f to pi-dev
Bug: None
Test: I solemnly swear I tested this conflict resolution.
Change-Id: Id658b3485fdc0025bc44850be9f23bb2d2146d9b
(cherry picked from commit
6c0f22f324ed0bdf9dea3e803e5ee6176d03fdb4)
Ugo Yu [Tue, 16 Oct 2018 06:53:35 +0000 (14:53 +0800)]
DO NOT MERGE Separate SDP procedure from bonding state (1/2)
- Do not stay in bonding state if the device is paried but still
discovering service.
- Report BOND_BONDED to Java after authentication is completed.
- Report empty UUID to Java if a classic Bluetooth device SDP
failed while pairing.
- Hold BOND_BONDED intent util SDP is findished.
- Only accept profile connection for the device is at bonded
state. Any attempt to connect while bonding would potentially
lead to an unauthorized connection.
Bug:
79703832
Test: runtest bluetooth, regression test
Change-Id: I023713e07308bfc0e5bb8d67f386bcc50f6a0f85
(cherry picked from commit
122e115b87fe98ca5e5e65b9765c146f9e52b65e)
(cherry picked from commit
dc14eb8ba01ee20dc44bcba7b3c0a17550e756fa)
Hansong Zhang [Thu, 10 Jan 2019 02:18:17 +0000 (18:18 -0800)]
btm_proc_smp_cback: Don't access p_dev_rec if freed
In btm_proc_smp_cback(), return after p_dev_rec is freed in the middle
to prevent use after free
Bug:
120612744
Test: Use ASAN build; connect to a LE device and wait for timeout
Change-Id: Ic9d0eaeb62a1a1b24884146ca82f4104fabc5bac
(cherry picked from commit
953dd279502980b1d8d30656eb78c6445a6e31f7)
Hansong Zhang [Wed, 16 Jan 2019 20:33:26 +0000 (12:33 -0800)]
btm_ble_multi_adv: Check data length in HCI interface
For BleAdvertiserVscHciInterfaceImpl and
BleAdvertiserLegacyHciInterfaceImpl, the maximum size of scan response
and advertising packet data length should be BTM_BLE_AD_DATA_LEN (31).
Bug:
121145627
Test: POC
Change-Id: I7653a6c186b7313ef2b1547bca120b9d41c90140
(cherry picked from commit
a99fe8a175a6d209e741871544ae3f857c8a7cbb)
Stanley Tng [Tue, 11 Dec 2018 22:45:13 +0000 (14:45 -0800)]
DO NOT MERGE A security fix to check buffer length in l2c_lcc_proc_pdu
Add check to make sure that data buffer is big enough to read the 2
bytes for length.
Also, fix a regression from the previous CL that checks the buffer length
before doing a memcpy. The previous check is too strict causing valid
sized buffers to be rejected. The length check is incorrect and off by the header size.
Bug:
120665616
Test: Run the SL4A Test for LE CoC, BleCoCTest
Merged-In: I30b7a8af11d3a5f974cb39e06b0e3463bebc8e9a
Change-Id: I30b7a8af11d3a5f974cb39e06b0e3463bebc8e9a
(cherry picked from commit
fcb1994de1f6ee34b8dc6804a2b32e20bf138073)
(cherry picked from commit
1f1d8b97d80d25023c4c7b04d2aa18d367f4158d)
(cherry picked from commit
c117a1c951c65033987ed51d53407b359204c187)
Ugo Yu [Tue, 13 Nov 2018 12:03:28 +0000 (20:03 +0800)]
Add OOB check in avrc_pars_browse_rsp
Bug:
111451066
Test: Manully
Change-Id: I068d218b8957bb8f053148d252a9119a8def28cc
(cherry picked from commit
f44cbb20e7658116472981bac0ffb0305f4a2c04)
Jakub Pawlowski [Tue, 27 Nov 2018 17:22:22 +0000 (18:22 +0100)]
Fix buffer overflow in btif_dm_data_copy
When we use a union, we should always define variables as the union type,
not as one of the field subtypes. If the latter is cast to the union type,
buffer overflow can happen.
Bug:
110166268
Test: compilation
Change-Id: I473c03b099ad5a326e7a3739f65efd33cf4775bd
Merged-In: I473c03b099ad5a326e7a3739f65efd33cf4775bd
(cherry picked from commit
ea90417d9965aec1c475418ca8f8f305af12de2d)
Jakub Pawlowski [Tue, 20 Nov 2018 21:31:31 +0000 (22:31 +0100)]
Fix potential usage of freed memory in btif_hl_proc_sdp_query_cfm
Bug:
116222069
Test: compilation
Change-Id: Iebe2c500dfc2806ca321fdcd170e20c680619d4d
(cherry picked from commit
889efd5b9165ed7641fcd75eabbbef56be2ef5df)
JP Sugarbroad [Thu, 10 Jan 2019 22:54:49 +0000 (14:54 -0800)]
Revert "Fix OOB in avrc_pars_browse_rsp"
This reverts commit
751fa58a13ce428de93bdb667e964510a13310da.
Myles Watson [Thu, 25 Oct 2018 00:05:12 +0000 (17:05 -0700)]
SDP: Check p_end in save_attr_seq and add_attr
Bug:
115900043
Test: Sanity pairing and SDP PTS
Change-Id: Ib642f79ed22b65ede5ff786cb1e163d172480f11
(cherry picked from commit
b8a5081b00fc9730092d8392786f3f4e659cb602)
Ugo Yu [Fri, 26 Oct 2018 10:15:17 +0000 (18:15 +0800)]
Fix OOB in avrc_pars_browse_rsp
- Check packet length before assign bytes to the pointer.
Bug:
111451066
Test: PoC test
Change-Id: I8ce4f4678a043fc16b0beeea2345253e7542b506
(cherry picked from commit
32a33dc12d4a9b21306510a98bcd039ca3be1dd3)
Ugo Yu [Mon, 29 Oct 2018 16:47:04 +0000 (00:47 +0800)]
Fix possible OOB when AVDT data channel recive ACL data
Bug:
111450156
Change-Id: Id23eeedcb7bde5866cd53a2f7f1c30f27c5352f6
(cherry picked from commit
baa9bf5bfe4a6f3e52ac927aaf4463f37f81294e)
Chienyuan [Tue, 18 Sep 2018 09:13:16 +0000 (17:13 +0800)]
HFP: Check AT command buffer boundary during parsing
* add p_end parameter to tBTA_AG_AT_CMD_CBACK, bta_ag_at_hsp_cback
and bta_ag_at_hfp_cback to indicate effective data range of p_arg
* add checks for buffer copy overflow in bta_ag_at_hsp_cback and
bta_ag_at_hfp_cback
* add packet legnth checks with p_end in bta_ag_parse_cmer
* add packet length checks with p_end in bta_ag_parse_bac
Bug:
112860487
Test: testplans/details/218593/3975
Change-Id: I6bbbc2ba29ad025c7d3ba023d8191af6a11c4aa9
(cherry picked from commit
28ddbe904bd15c9636063f5431a9360d8e9df8b9)
Myles Watson [Thu, 25 Oct 2018 22:27:03 +0000 (15:27 -0700)]
MCAP: Check response length in mca_ccb_hdl_rsp
Bug:
116319076
Test: Send a short MCAP response
Change-Id: I0452f7d2c0f4ecccc7a6501773e26b403b116179
(cherry picked from commit
0ab53ca2af26f70126d6d9d6600d090a720758fa)
Myles Watson [Thu, 25 Oct 2018 21:33:33 +0000 (14:33 -0700)]
HH: Check parameter length in bta_hh_ctrl_dat_act
Bug:
116108738
Test: send a malformed GET_IDLE command with no parameters
Change-Id: Ic57e748a06ea6d4fc16868310d3423ee71a7ac8c
(cherry picked from commit
b8fbe73f0d32686e8393bfe07a84b6f0e8829caf)
Jakub Pawlowski [Wed, 10 Oct 2018 17:35:37 +0000 (19:35 +0200)]
Fix possible OOB read
Bug:
74249842
Change-Id: I0dbe43f0da1f5a8f14bcb69659752de4bd70ca98
(cherry picked from commit
6e6c347e798bf8195a9a02457edf871a97b1cfad)
Hansong Zhang [Tue, 2 Oct 2018 23:26:38 +0000 (16:26 -0700)]
HIDD: Check descriptor length and increase buffer
Since maximum descriptor length is 2048, we need to assign 2054 bytes of
buffer for another 6 bytes of data. Also added a const for maximum
descriptor length.
Bug:
113572366
Test: manual
Change-Id: Ie2b25c9e1a9f2019cbc7e6fbecbb08b643c87946
Merged-In: Ie2b25c9e1a9f2019cbc7e6fbecbb08b643c87946
(cherry picked from commit
c0530b211e8a5b43e556c6d47d424b231afb8e99)
Ugo Yu [Mon, 17 Sep 2018 07:59:30 +0000 (15:59 +0800)]
Check SDU lower bound before allocate p_data
Bug:
112321180
Test: SL4A BleCocTest:test_coc_insecured_connection_write_ascii
Change-Id: Id0c9aa2097f0b6bdc2bb9fa9086daa9452188e1d
(cherry picked from commit
785e12ed58d020a0df075163c1831021c0cde218)
Myles Watson [Thu, 6 Sep 2018 17:57:47 +0000 (10:57 -0700)]
bta: Pass the correct UUID array size in bta_ag_do_disc
Bug:
113164621
Test: Connect HSP from a device to the phone
Change-Id: Iec875cd165ad1cea64c307602bb00b623967c7c7
(cherry picked from commit
9645b5dd62c8166f10798335768aa2a6c3e05e4c)
Pavlin Radoslavov [Thu, 6 Sep 2018 22:41:27 +0000 (15:41 -0700)]
Check AVRCP data length when parsing inside avrc_ctrl_pars_vendor_rsp()
Bug:
111450417
Test: PoC test program
Change-Id: Idd619e52dc7a2944d0d08af824505580e299c163
(cherry picked from commit
1c14e10cac53d5a5724dcf34c5679ad8819f9442)
(cherry picked from commit
f779ebe368d245c0d9ac954cf7b2b102e7da56be)
Hansong Zhang [Wed, 5 Sep 2018 23:39:16 +0000 (16:39 -0700)]
HID Device: Fix OOB in register_app
Bug:
113037220
Bug:
113111784
Test: manual
Change-Id: I91bcd5032959458b926c479160c7e391b8de313b
(cherry picked from commit
6aa2d0a5fab28c8829aab4099da0ad450e451c1e)
Pavlin Radoslavov [Thu, 6 Sep 2018 01:21:31 +0000 (18:21 -0700)]
Check data length when parsing AVRCP vendor specific command responses
Bug:
111450531
Bug:
111896861
Test: PoC test program
Change-Id: I564bee8f05efabc29383659a75e695b4da76c6aa
(cherry picked from commit
7439ea940354f65a147c4ecfce3bada49c688047)
Hansong Zhang [Wed, 8 Aug 2018 18:31:28 +0000 (11:31 -0700)]
Check remaining frame length in rfc_process_mx_message
Bug:
111936792
Bug:
80432928
Test: manual
Change-Id: Ie2c09f3d598fb230ce060c9043f5a88c241cdd79
(cherry picked from commit
0471355c8b035aaa2ce07a33eecad60ad49c5ad0)
Hansong Zhang [Fri, 13 Jul 2018 20:45:46 +0000 (13:45 -0700)]
Fix a wrong check in rfc_parse_data
Bug:
78288018
Bug:
111436796
Test: manual
Change-Id: I16e6026acbaac230fe1453bbac040d1b75bcea2a
(cherry picked from commit
d1ced302cd1066087588c891027b1756be31db46)
Hansong Zhang [Thu, 7 Jun 2018 23:18:52 +0000 (16:18 -0700)]
Add bound check for rfc_parse_data
Bug:
78288018
Test: manual
Change-Id: I44349cd22c141483d01bce0f5a2131b727d0feb0
(cherry picked from commit
6039cb7225733195192b396ad19c528800feb735)
Cheney Ni [Wed, 8 Aug 2018 14:20:08 +0000 (22:20 +0800)]
Checks the SMP length to fix OOB read
Bug:
111937065
Test: manual
Change-Id: I330880a6e1671d0117845430db4076dfe1aba688
Merged-In: I330880a6e1671d0117845430db4076dfe1aba688
(cherry picked from commit
fceb753bda651c4135f3f93a510e5fcb4c7542b8)
Ugo Yu [Wed, 8 Aug 2018 08:09:58 +0000 (16:09 +0800)]
Add packet length check in smp_proc_master_id
Bug:
111937027
Test: manual
Change-Id: I1144c9879e84fa79d68ad9d5fece4f58e2a3b075
(cherry picked from commit
c8294662d07a98e9b8b1cab1ab681ec0805ce4e8)
Pavlin Radoslavov [Thu, 9 Aug 2018 20:07:48 +0000 (13:07 -0700)]
Add missing AVRCP message length checks inside avrc_msg_cback
Explicitly check the length of the received message before
accessing the data.
Bug:
111803925
Bug:
79883824
Test: POC scripts
Change-Id: I00b1c6bd6dd7e18ac2c469ef2032c7ff10dcaecb
Merged-In: I00b1c6bd6dd7e18ac2c469ef2032c7ff10dcaecb
(cherry picked from commit
282deb3e27407aaa88b8ddbdbd7bb7d56ddc635f)
(cherry picked from commit
007868d05f4b761842c7345161aeda6fd40dd245)
Cheney Ni [Tue, 7 Aug 2018 13:32:07 +0000 (21:32 +0800)]
Add packet length checks in mca_ccb_hdl_req
Bug:
110791536
Test: manual
Change-Id: Ica5d8037246682fdb190b2747a86ed8d44c2869a
(cherry picked from commit
4de7ccdd914b7a178df9180d15f675b257ea6e02)
Chienyuan [Wed, 8 Aug 2018 03:21:28 +0000 (11:21 +0800)]
Check packet length in bta_av_proc_meta_cmd
Bug:
111893951
Test: manual - connect A2DP
Change-Id: Ibbf347863dfd29ea3385312e9dde1082bc90d2f3
(cherry picked from commit
ed51887f921263219bcd2fbf6650ead5ec8d334e)
Hansong Zhang [Mon, 6 Aug 2018 21:40:37 +0000 (14:40 -0700)]
Fix OOB read in avrc_ctrl_pars_vendor_rsp
Bug:
78526423
Test: manual
Change-Id: I0eeacc6a25b12f4b999098375d0d032cfa462a91
(cherry picked from commit
d945ada503ed9c9ea24e092df51faba57f5d589a)
Jakub Pawlowski [Mon, 16 Jul 2018 13:40:35 +0000 (06:40 -0700)]
Fix copy length calculation in sdp_copy_raw_data
Test: compilation
Bug:
110216176
Change-Id: Ic4a19c9f0fe8cd592bc6c25dcec7b1da49ff7459
(cherry picked from commit
23aa15743397b345f3d948289fe90efa2a2e2b3e)
Hansong Zhang [Thu, 12 Jul 2018 17:44:29 +0000 (10:44 -0700)]
Fix OOB read in process_l2cap_cmd
Test: manual
Bug:
79488381
Change-Id: I723866ed40d3647fed99875f659bb95df96a6969
(cherry picked from commit
5bb66307b555b17d1764e116316ce50c687c9653)
Jakub Pawlowski [Fri, 22 Jun 2018 11:46:39 +0000 (04:46 -0700)]
SDP: return error on offset bigger than atribute length
Test: none
Bug:
79217770
Change-Id: I8b594882dd07644b1a747c53d6166db466b7e998
(cherry picked from commit
0a74ffa44cbe48f674387cc951e6011c28ca003c)
Jakub Pawlowski [Wed, 11 Jul 2018 09:57:07 +0000 (02:57 -0700)]
Don't use Address after it was deleted
Bug:
110216173
Change-Id: Id3364cf53153eafed478546d7347ed1673217e91
(cherry picked from commit
9930f6f4e14e64966869b119994126283d645fd0)
Hansong Zhang [Wed, 27 Jun 2018 21:21:40 +0000 (14:21 -0700)]
HFP: Fix out of bound access in phone number processing
* Write at most sizeof(dialnum) chars into dialnum array in ClccResponse
method
* Write at most sizeof(ag_res.str) - 5 chars into ag_res.str array in
PhoneStateChange method
Bug:
79431031
Bug:
79266386
Test: make call with super long phone numbers
Change-Id: I98e7687ac4055800aa46626c6b1c866e52e474df
(cherry picked from commit
5c0888d42d9aa29dbecd77d3443fa066cdb4e13d)
Hansong Zhang [Thu, 21 Jun 2018 23:53:41 +0000 (16:53 -0700)]
HIDD: Prevent integer underflow in bta_hd_act
Bug:
109757435
Bug:
109757168
Bug:
110846194
Bug:
109757986
Test: manual
Change-Id: I80a6f3f931ac7512f1ba801cc5d8de6ac04f3422
(cherry picked from commit
74a6392875166698b64b624d12b6d2e404b75d72)
Jakub Pawlowski [Fri, 22 Jun 2018 05:56:11 +0000 (22:56 -0700)]
Add packet length checks in l2cble_process_sig_cmd
Bug:
80261585
Test: compilation
Change-Id: Icf55747dc948bcce140a12658237554938e2d717
(cherry picked from commit
02f47a752c818277b31852e3ff940764d5c7f9c7)
Hansong Zhang [Thu, 7 Jun 2018 21:25:09 +0000 (14:25 -0700)]
HID Host: Check L2CAP packet data length
Bug:
80493272
Test: manual
Change-Id: I8b1acd11616684729752195fabb4fa34c46a508d
(cherry picked from commit
ca47a05acb66218ff2123f8d4642961f7f2eb5e2)
android-build-team Robot [Fri, 8 Jun 2018 07:21:06 +0000 (07:21 +0000)]
Snap for
4829593 from
fc56cb1c021b449878435012687272d71a6c04b7 to pi-release
Change-Id: I41b2e01f9fedf7e0be72d9e2a8ec924e2fd30498
TreeHugger Robot [Thu, 7 Jun 2018 15:08:47 +0000 (15:08 +0000)]
Merge "Don't reuse buffer when building response" into pi-dev
android-build-team Robot [Thu, 7 Jun 2018 07:23:24 +0000 (07:23 +0000)]
Snap for
4826885 from
99428a2cf3b7d7e1d7950918462cd9938e5792f2 to pi-release
Change-Id: I139ee39202fc51350a44decb0cddd01e3d01e2bf
Ajay Panicker [Thu, 7 Jun 2018 05:28:11 +0000 (22:28 -0700)]
Merge changes from topic "am-
662f3e36-36cc-485d-824b-
f28c01eea384" into oc-dev am:
0cda123801 am:
427aebe54a
am:
20b2bc080e
Change-Id: I3662266f41058a194921afe9126dfbbd0b9c8b52
Ajay Panicker [Thu, 7 Jun 2018 05:26:17 +0000 (22:26 -0700)]
Merge changes from topic "am-
7125a1ce-592b-4a1d-a4e0-
c6f472d5dc83" into oc-dev am:
086995d099 am:
352b01c987
am:
728f645ccc
Change-Id: I1e3070df2626d5c92f0afe4654da67eb107fee85
Ajay Panicker [Thu, 7 Jun 2018 05:25:47 +0000 (22:25 -0700)]
[automerger skipped] DO NOT MERGE: Don't reuse buffer when building response am:
9bbce86038 am:
2e3d8cde0e
am:
34d0e93bc6 -s ours
Change-Id: I573567707397a1aa0cb69a683156c1a5b76b7bd0
TreeHugger Robot [Thu, 7 Jun 2018 05:25:08 +0000 (05:25 +0000)]
Merge "Send ACK for A2DP_CTRL_CMD_SUSPEND even if audio was no streaming" into pi-dev
Ajay Panicker [Thu, 7 Jun 2018 04:21:58 +0000 (21:21 -0700)]
Merge changes from topic "am-
662f3e36-36cc-485d-824b-
f28c01eea384" into oc-dev am:
0cda123801
am:
427aebe54a
Change-Id: I7d0fb74f7c6f45411f72c0471a239f933e3fc101
Ajay Panicker [Thu, 7 Jun 2018 04:21:32 +0000 (21:21 -0700)]
Merge changes from topic "am-
7125a1ce-592b-4a1d-a4e0-
c6f472d5dc83" into oc-dev am:
086995d099
am:
352b01c987
Change-Id: I1753fa0854933bf75a4d8c763d2be1d29fa398af
Ajay Panicker [Thu, 7 Jun 2018 04:20:59 +0000 (21:20 -0700)]
DO NOT MERGE: Don't reuse buffer when building response am:
9bbce86038
am:
2e3d8cde0e
Change-Id: I3a59bf8a5c375be0388952a1232316bf88ae0928
Ajay Panicker [Thu, 7 Jun 2018 03:08:39 +0000 (20:08 -0700)]
Merge changes from topic "am-
662f3e36-36cc-485d-824b-
f28c01eea384" into oc-dev
am:
0cda123801
Change-Id: I439feb0e5a5ee9dc65613aab59f48f98405ac1c5
Ajay Panicker [Thu, 7 Jun 2018 03:08:06 +0000 (20:08 -0700)]
Merge changes from topic "am-
7125a1ce-592b-4a1d-a4e0-
c6f472d5dc83" into oc-dev
am:
086995d099
Change-Id: I8ba858a9bfdc2d81c487692cda8bb16e9b371356
Ajay Panicker [Thu, 7 Jun 2018 03:07:30 +0000 (20:07 -0700)]
DO NOT MERGE: Don't reuse buffer when building response
am:
9bbce86038
Change-Id: I0b7edc528c15d05e2b07c2ad5b30c40a387eb87f
TreeHugger Robot [Thu, 7 Jun 2018 01:53:54 +0000 (01:53 +0000)]
Merge changes from topic "am-
662f3e36-36cc-485d-824b-
f28c01eea384" into oc-dev
* changes:
[automerger] DO NOT MERGE: Don't reuse buffer when building response am:
ecef51ee8f am:
cf7d3de311 am:
3a9eca8d4c am:
2f532ef9b0 skipped:
052add83b4
[automerger] DO NOT MERGE: Don't reuse buffer when building response am:
ecef51ee8f am:
cf7d3de311 am:
3a9eca8d4c am:
2f532ef9b0
[automerger] DO NOT MERGE: Don't reuse buffer when building response am:
ecef51ee8f am:
cf7d3de311 am:
3a9eca8d4c
[automerger] DO NOT MERGE: Don't reuse buffer when building response am:
ecef51ee8f am:
cf7d3de311
[automerger] DO NOT MERGE: Don't reuse buffer when building response am:
ecef51ee8f
DO NOT MERGE: Don't reuse buffer when building response
TreeHugger Robot [Thu, 7 Jun 2018 01:36:28 +0000 (01:36 +0000)]
Merge changes from topic "am-
7125a1ce-592b-4a1d-a4e0-
c6f472d5dc83" into oc-dev
* changes:
[automerger] DO NOT MERGE: Don't reuse buffer when building response am:
5b27fef4d8 am:
4d07934351 am:
690cc6b25d skipped:
c4d802659d am:
f294bdbb98 am:
54ef7ee930 am:
ce6884eb30 am:
5d335dfb7b skipped:
66c6a114a6
[automerger] DO NOT MERGE: Don't reuse buffer when building response am:
5b27fef4d8 am:
4d07934351 am:
690cc6b25d skipped:
c4d802659d am:
f294bdbb98 am:
54ef7ee930 am:
ce6884eb30 am:
5d335dfb7b
[automerger] DO NOT MERGE: Don't reuse buffer when building response am:
5b27fef4d8 am:
4d07934351 am:
690cc6b25d skipped:
c4d802659d am:
f294bdbb98 am:
54ef7ee930 am:
ce6884eb30
[automerger] DO NOT MERGE: Don't reuse buffer when building response am:
5b27fef4d8 am:
4d07934351 am:
690cc6b25d skipped:
c4d802659d am:
f294bdbb98 am:
54ef7ee930
[automerger] DO NOT MERGE: Don't reuse buffer when building response am:
5b27fef4d8 am:
4d07934351 am:
690cc6b25d skipped:
c4d802659d am:
f294bdbb98
[automerger] DO NOT MERGE: Don't reuse buffer when building response am:
5b27fef4d8 am:
4d07934351 am:
690cc6b25d skipped:
c4d802659d
[automerger] DO NOT MERGE: Don't reuse buffer when building response am:
5b27fef4d8 am:
4d07934351 am:
690cc6b25d
[automerger] DO NOT MERGE: Don't reuse buffer when building response am:
5b27fef4d8 am:
4d07934351
[automerger] DO NOT MERGE: Don't reuse buffer when building response am:
5b27fef4d8
DO NOT MERGE: Don't reuse buffer when building response
Android Build Merger (Role) [Thu, 7 Jun 2018 00:46:48 +0000 (00:46 +0000)]
[automerger] DO NOT MERGE: Don't reuse buffer when building response am:
ecef51ee8f am:
cf7d3de311 am:
3a9eca8d4c am:
2f532ef9b0 skipped:
052add83b4
Change-Id: Id3ae5582793f9deabc23e530380f0aa565b64b8e
Android Build Merger (Role) [Thu, 7 Jun 2018 00:46:46 +0000 (00:46 +0000)]
[automerger] DO NOT MERGE: Don't reuse buffer when building response am:
ecef51ee8f am:
cf7d3de311 am:
3a9eca8d4c am:
2f532ef9b0
Change-Id: I39f72d38038768d9207455399184cccde2ccba4b
Android Build Merger (Role) [Thu, 7 Jun 2018 00:46:44 +0000 (00:46 +0000)]
[automerger] DO NOT MERGE: Don't reuse buffer when building response am:
ecef51ee8f am:
cf7d3de311 am:
3a9eca8d4c
Change-Id: Ib332da78669cd9e8b6c1d3f25d54cc8df23b444a
Android Build Merger (Role) [Thu, 7 Jun 2018 00:46:41 +0000 (00:46 +0000)]
[automerger] DO NOT MERGE: Don't reuse buffer when building response am:
ecef51ee8f am:
cf7d3de311
Change-Id: Idf12259570aae1cf15a4f4805df093a8d0dabf43
Android Build Merger (Role) [Thu, 7 Jun 2018 00:46:38 +0000 (00:46 +0000)]
[automerger] DO NOT MERGE: Don't reuse buffer when building response am:
ecef51ee8f
Change-Id: I4911528515373e3dfc0763d5f793df29fb64d4e8
Ajay Panicker [Wed, 6 Jun 2018 21:58:54 +0000 (14:58 -0700)]
DO NOT MERGE: Don't reuse buffer when building response
Bug:
79541338
Test: Compile and connect to remote headset
Change-Id: I5e059615db589e165630f39d631a922006c2d70f
Android Build Merger (Role) [Thu, 7 Jun 2018 00:44:15 +0000 (00:44 +0000)]
[automerger] DO NOT MERGE: Don't reuse buffer when building response am:
5b27fef4d8 am:
4d07934351 am:
690cc6b25d skipped:
c4d802659d am:
f294bdbb98 am:
54ef7ee930 am:
ce6884eb30 am:
5d335dfb7b skipped:
66c6a114a6
Change-Id: I1c26c4fed03c9e6b6e0ae80ab330eb15dfee9072
Android Build Merger (Role) [Thu, 7 Jun 2018 00:43:57 +0000 (00:43 +0000)]
[automerger] DO NOT MERGE: Don't reuse buffer when building response am:
5b27fef4d8 am:
4d07934351 am:
690cc6b25d skipped:
c4d802659d am:
f294bdbb98 am:
54ef7ee930 am:
ce6884eb30 am:
5d335dfb7b
Change-Id: I1cd26eb9ac7ddcb7797b8011119156403c7920fb
Android Build Merger (Role) [Thu, 7 Jun 2018 00:43:34 +0000 (00:43 +0000)]
[automerger] DO NOT MERGE: Don't reuse buffer when building response am:
5b27fef4d8 am:
4d07934351 am:
690cc6b25d skipped:
c4d802659d am:
f294bdbb98 am:
54ef7ee930 am:
ce6884eb30
Change-Id: Ic43b38cb648059daff18c044d45d154b1700a632
Android Build Merger (Role) [Thu, 7 Jun 2018 00:43:27 +0000 (00:43 +0000)]
[automerger] DO NOT MERGE: Don't reuse buffer when building response am:
5b27fef4d8 am:
4d07934351 am:
690cc6b25d skipped:
c4d802659d am:
f294bdbb98 am:
54ef7ee930
Change-Id: Ic705adf4e25e1fb686feaa2894a37cda250fa9c0
Android Build Merger (Role) [Thu, 7 Jun 2018 00:43:25 +0000 (00:43 +0000)]
[automerger] DO NOT MERGE: Don't reuse buffer when building response am:
5b27fef4d8 am:
4d07934351 am:
690cc6b25d skipped:
c4d802659d am:
f294bdbb98
Change-Id: Ifbff9c61654090104521be186d0bce9a3ae337a8
Android Build Merger (Role) [Thu, 7 Jun 2018 00:43:23 +0000 (00:43 +0000)]
[automerger] DO NOT MERGE: Don't reuse buffer when building response am:
5b27fef4d8 am:
4d07934351 am:
690cc6b25d skipped:
c4d802659d
Change-Id: I5d7ceaba658d90e8a8931b50a6c8774f2c690b5d
Android Build Merger (Role) [Thu, 7 Jun 2018 00:43:21 +0000 (00:43 +0000)]
[automerger] DO NOT MERGE: Don't reuse buffer when building response am:
5b27fef4d8 am:
4d07934351 am:
690cc6b25d
Change-Id: I9d251934afe063299b4b7f36ea63c214b5188577
Android Build Merger (Role) [Thu, 7 Jun 2018 00:43:20 +0000 (00:43 +0000)]
[automerger] DO NOT MERGE: Don't reuse buffer when building response am:
5b27fef4d8 am:
4d07934351
Change-Id: I7b8076d21aeeb80c469764d0643ee54e9de049ff
Android Build Merger (Role) [Thu, 7 Jun 2018 00:43:18 +0000 (00:43 +0000)]
[automerger] DO NOT MERGE: Don't reuse buffer when building response am:
5b27fef4d8
Change-Id: I73fc976256c6af11d7431778b3c962a2816f5f5f
Ajay Panicker [Wed, 6 Jun 2018 21:29:59 +0000 (14:29 -0700)]
DO NOT MERGE: Don't reuse buffer when building response
Bug:
79541338
Test: Compile and connect to remote headset
Change-Id: I2c00660bb551bbac58df88d2df07c98a30871e58
Ajay Panicker [Tue, 5 Jun 2018 23:08:06 +0000 (16:08 -0700)]
DO NOT MERGE: Don't reuse buffer when building response
Bug:
79541338
Test: Compile and connect to remote headset
Change-Id: I2d808f941d3c71fcb6306c733717624be10478e0
Ajay Panicker [Tue, 5 Jun 2018 23:08:06 +0000 (16:08 -0700)]
Don't reuse buffer when building response
Bug:
79541338
Test: Compile and connect to remote headset
Change-Id: I2d808f941d3c71fcb6306c733717624be10478e0
android-build-team Robot [Wed, 6 Jun 2018 07:25:48 +0000 (07:25 +0000)]
Snap for
4824048 from
5332c5819d1f5192a021242e132017e1a25507d6 to pi-release
Change-Id: Ie221e47912d8d0419e71399c8fa51a73c38b0786
Ajay Panicker [Thu, 31 May 2018 00:50:39 +0000 (17:50 -0700)]
Run the AVRCP Service interface functions on the BTA thread
Bug:
80416347
Test: Turn off Bluetooth while connected to a device we initiated the
connection to.
Change-Id: I8f10409c495213ef3117aedf66919de7c0b3d164
Pavlin Radoslavov [Tue, 5 Jun 2018 05:18:32 +0000 (22:18 -0700)]
Send ACK for A2DP_CTRL_CMD_SUSPEND even if audio was no streaming
The A2DP_CTRL_CMD_SUSPEND command from the Audio HAL could be received
even if audio wasn't streaming before. Therefore, we should always
respond with an ACK once the command processing has been completed.
Bug:
109712592
Test: Manual: (1) Play music to Headset; (2) Select "This device" as output;
(3) Stop playing music; (4) Select Headset as output
Change-Id: I0f5d52d14b50882931b9d19de1a2f25204fce19e
Pavlin Radoslavov [Tue, 5 Jun 2018 07:49:47 +0000 (00:49 -0700)]
[automerger skipped] [automerger] Add checks whether the AVDTP element data length is valid am:
e192c988cb am:
6b2f63f880 am:
ac8793939a am:
862eb4827b am:
e7c8891319 am:
c25b7e056e am:
515cf6983e am:
8dca5d6981 skipped:
25fc5872de am:
d25b494ad6 -s ours am:
5b62b582dc -s ours
am:
2c9e2b2869 -s ours
Change-Id: I85d8fcf81ab3582373d2ac0f4b849fccb1ea6918
Pavlin Radoslavov [Tue, 5 Jun 2018 07:45:38 +0000 (00:45 -0700)]
[automerger skipped] [automerger] Add checks whether the AVDTP element data length is valid am:
e192c988cb am:
6b2f63f880 am:
ac8793939a am:
862eb4827b am:
e7c8891319 am:
c25b7e056e am:
515cf6983e am:
8dca5d6981 skipped:
25fc5872de am:
d25b494ad6 -s ours
am:
5b62b582dc -s ours
Change-Id: I366348476e217dbc3ccfd43611e6e2ca57bfda4c
Pavlin Radoslavov [Tue, 5 Jun 2018 07:41:38 +0000 (00:41 -0700)]
[automerger skipped] [automerger] Add checks whether the AVDTP element data length is valid am:
e192c988cb am:
6b2f63f880 am:
ac8793939a am:
862eb4827b am:
e7c8891319 am:
c25b7e056e am:
515cf6983e am:
8dca5d6981 skipped:
25fc5872de
am:
d25b494ad6 -s ours
Change-Id: I73dc4042b7c4283bcca582638079c0fc4bab161c
android-build-team Robot [Tue, 5 Jun 2018 07:24:16 +0000 (07:24 +0000)]
Snap for
4821244 from
051d3a963f6ec2756f8e912110f5a6667850e78e to pi-release
Change-Id: I7e8a4dee334ef22822b3afa6b128610029b5f20a
Android Build Merger (Role) [Tue, 5 Jun 2018 03:50:22 +0000 (03:50 +0000)]
[automerger] Add checks whether the AVDTP element data length is valid am:
e192c988cb am:
6b2f63f880 am:
ac8793939a am:
862eb4827b am:
e7c8891319 am:
c25b7e056e am:
515cf6983e am:
8dca5d6981 skipped:
25fc5872de
Change-Id: Ic7d6036bf7b14dbc1979990181612dc8c0c35e71
Android Build Merger (Role) [Tue, 5 Jun 2018 03:48:29 +0000 (03:48 +0000)]
[automerger] Add checks whether the AVDTP element data length is valid am:
e192c988cb am:
6b2f63f880 am:
ac8793939a am:
862eb4827b am:
e7c8891319 am:
c25b7e056e am:
515cf6983e am:
8dca5d6981
Change-Id: I10eba2bac9686a5f50b736d1bc38caa0cd56265a
Android Build Merger (Role) [Tue, 5 Jun 2018 03:48:27 +0000 (03:48 +0000)]
[automerger] Add checks whether the AVDTP element data length is valid am:
e192c988cb am:
6b2f63f880 am:
ac8793939a am:
862eb4827b am:
e7c8891319 am:
c25b7e056e am:
515cf6983e
Change-Id: I30fe1a2edd100c78a3b4964f9687b7c666217ad0
Android Build Merger (Role) [Tue, 5 Jun 2018 03:48:24 +0000 (03:48 +0000)]
[automerger] Add checks whether the AVDTP element data length is valid am:
e192c988cb am:
6b2f63f880 am:
ac8793939a am:
862eb4827b am:
e7c8891319 am:
c25b7e056e
Change-Id: I526e9afc2a7bb0e101f4d6a70e0e3cb1126e72ca