OSDN Git Service
Myles Watson [Mon, 8 Feb 2021 22:38:57 +0000 (14:38 -0800)]
smp: Reject pairing if the public keys match
Bug:
174886838
Test: pair an LE device
Tag: #security
Change-Id: I0902fdf6bb5c1c7d443fc73fc480d51226fb836b
Merged-In: I0902fdf6bb5c1c7d443fc73fc480d51226fb836b
TreeHugger Robot [Thu, 4 Mar 2021 23:45:46 +0000 (23:45 +0000)]
Merge "DO NOT MERGE : Re-land: SMP: Validate remote elliptic curve points" into oc-mr1-dev
TreeHugger Robot [Thu, 4 Mar 2021 23:18:24 +0000 (23:18 +0000)]
Merge "avrcp: Ignore AVCT commands that are too long" into oc-mr1-dev
Andre Eisenbach [Thu, 1 Mar 2018 21:27:01 +0000 (13:27 -0800)]
DO NOT MERGE : Re-land: SMP: Validate remote elliptic curve points
Fixes:
72377774
Test: net_test_stack_smp (where applicable)
(cherry picked from commit
9181ec28da94705a763edbe60bd2a87e5f882beb)
Change-Id: Ic38ad2f447a6a675025c84fd7746c9124f1eb324
Myles Watson [Fri, 5 Feb 2021 01:30:55 +0000 (17:30 -0800)]
avrcp: Ignore AVCT commands that are too long
Bug:
177611958
Test: compilation
Tag: #security
Change-Id: If914b5928cdf16696eb54bfe91c2869cbbf8e36c
Myles Watson [Wed, 3 Feb 2021 18:30:15 +0000 (18:30 +0000)]
Merge "avrc_copy_packet: Zero initialize packet" into oc-mr1-dev
TreeHugger Robot [Wed, 6 Jan 2021 23:30:55 +0000 (23:30 +0000)]
Merge "Legacy pairing: Reject device with same BD_ADDR" into oc-mr1-dev
TreeHugger Robot [Wed, 6 Jan 2021 22:27:31 +0000 (22:27 +0000)]
Merge "SDP: Only start discovery once" into oc-mr1-dev
Hansong Zhang [Fri, 11 Dec 2020 19:56:15 +0000 (11:56 -0800)]
avrc_copy_packet: Zero initialize packet
Bug:
174149901
Change-Id: Iefa41749ebbacd34afaa24131de7ee25d706e23f
Tag: Security
Test: POC
(cherry picked from commit
960c3f3c9a1f912544b92b7a744e22069a0bc27e)
Myles Watson [Fri, 4 Dec 2020 20:54:27 +0000 (12:54 -0800)]
AVRCP: Use calloc to zero reserved fields
Bug:
174150451
Test: compilation
Tag: #security
Change-Id: I7a30edacf8377a9feecbb988b099d60d69b46f87
(cherry picked from commit
1f169323d335ab0dc260952c2dd3821144448b11)
Merged-In: I7a30edacf8377a9feecbb988b099d60d69b46f87
Myles Watson [Fri, 4 Dec 2020 02:54:14 +0000 (18:54 -0800)]
SDP: Only start discovery once
Bug:
174052148
Test: pair with headphones
Tag: #security
Change-Id: I1d014a7b793bb1b66e26652f6696499ea36a6510
(cherry picked from commit
cfa5a74ea90a09e1c7413a25f04332ee2d1e3f21)
Merged-In: I1d014a7b793bb1b66e26652f6696499ea36a6510
Hansong Zhang [Mon, 7 Dec 2020 21:11:10 +0000 (13:11 -0800)]
Legacy pairing: Reject device with same BD_ADDR
Change-Id: If3daec91c3d108a4e7e988608e0600c79ea5f053
Tag: #vulnerability
Test: manual
Bug:
174626251
TreeHugger Robot [Fri, 6 Nov 2020 06:55:53 +0000 (06:55 +0000)]
[automerger skipped] Merge "Fix potential OOB write in libbluetooth" into oc-dev am:
59304cd9d9 am:
16814b34fb -s ours
am skip reason: Change-Id I90834b920d61bfb2df9414a25d73ba40033e4748 with SHA-1
ccbe059808 is in history
Original change: https://googleplex-android-review.googlesource.com/c/platform/system/bt/+/
12781555
Change-Id: I28095eaddb51067420afdc51b3fb8245d65047fc
TreeHugger Robot [Fri, 6 Nov 2020 06:20:03 +0000 (06:20 +0000)]
Merge "Fix potential OOB write in libbluetooth" into oc-dev am:
59304cd9d9
Original change: https://googleplex-android-review.googlesource.com/c/platform/system/bt/+/
12781555
Change-Id: I905bd02ad475b238005d0589a1c0171d842d7201
TreeHugger Robot [Fri, 6 Nov 2020 05:51:59 +0000 (05:51 +0000)]
Merge "Fix potential OOB write in libbluetooth" into oc-mr1-dev
TreeHugger Robot [Fri, 6 Nov 2020 05:51:58 +0000 (05:51 +0000)]
Merge "Fix potential OOB write in libbluetooth" into oc-dev
Myles Watson [Fri, 6 Nov 2020 01:05:27 +0000 (01:05 +0000)]
ACL: Drop broadcasts am:
f91dbe2985 am:
10cfa5e827
Original change: https://googleplex-android-review.googlesource.com/c/platform/system/bt/+/
12951241
Change-Id: I2e274a4614d10187586949a742a9d6716778bc28
Myles Watson [Fri, 6 Nov 2020 00:51:21 +0000 (00:51 +0000)]
ACL: Drop broadcasts am:
f91dbe2985
Original change: https://googleplex-android-review.googlesource.com/c/platform/system/bt/+/
12951241
Change-Id: I490deea8c83019ec92f6c76a276c50495cd40cdc
Myles Watson [Thu, 29 Oct 2020 20:05:21 +0000 (13:05 -0700)]
ACL: Drop broadcasts
Bug:
169327567
Test: compiles
Tag: #security
Change-Id: Id4231fd7a142d630a2ada0f41a90e01afc011045
Merged-In: Id4231fd7a142d630a2ada0f41a90e01afc011045
Hansong Zhang [Thu, 8 Oct 2020 19:14:34 +0000 (19:14 +0000)]
Fix a security issue in sdp_server.cc am:
d7573f4fa9 am:
97abd549aa
Original change: https://googleplex-android-review.googlesource.com/c/platform/system/bt/+/
12776129
Change-Id: I1563f2793cc2d637be9935f04d9673e050dd0c67
Hansong Zhang [Thu, 8 Oct 2020 19:00:20 +0000 (19:00 +0000)]
Fix a security issue in sdp_server.cc am:
d7573f4fa9
Original change: https://googleplex-android-review.googlesource.com/c/platform/system/bt/+/
12776129
Change-Id: I017650c339df1f8dec41594e9d2d18d7f8d7fc6a
Ted Wang [Tue, 6 Oct 2020 12:20:16 +0000 (20:20 +0800)]
Fix potential OOB write in libbluetooth
Check event id if of register notification command from remote to avoid
OOB write.
Tag: #security
Bug:
168802990
Test: atest net_test_btif
Change-Id: I90834b920d61bfb2df9414a25d73ba40033e4748
Merged-In: I90834b920d61bfb2df9414a25d73ba40033e4748
Ted Wang [Tue, 6 Oct 2020 12:20:16 +0000 (20:20 +0800)]
Fix potential OOB write in libbluetooth
Check event id if of register notification command from remote to avoid
OOB write.
Tag: #security
Bug:
168802990
Test: atest net_test_btif
Change-Id: I90834b920d61bfb2df9414a25d73ba40033e4748
Merged-In: I90834b920d61bfb2df9414a25d73ba40033e4748
Hansong Zhang [Tue, 6 Oct 2020 21:48:27 +0000 (14:48 -0700)]
Fix a security issue in sdp_server.cc
Bug:
169342531
Test: POC
Change-Id: I0e8cdb9a00184f62d11fb06bc30f07b2a35bc49e
Chen Chen [Tue, 6 Oct 2020 19:57:19 +0000 (19:57 +0000)]
Check Classic key before cross-key derivation am:
814160abca am:
6cddc6cd87
Original change: https://googleplex-android-review.googlesource.com/c/platform/system/bt/+/
12736109
Change-Id: I1391cb656ed035aaec7beb0f2c11e5b3c008f4cc
Chen Chen [Tue, 6 Oct 2020 18:52:36 +0000 (18:52 +0000)]
Check Classic key before cross-key derivation am:
814160abca
Original change: https://googleplex-android-review.googlesource.com/c/platform/system/bt/+/
12736109
Change-Id: I10b980c9f480dd9e2f2adb5af47cb23ff99421e6
Chen Chen [Thu, 24 Sep 2020 00:02:58 +0000 (17:02 -0700)]
Check Classic key before cross-key derivation
Bug:
158854097
Test: atest net_test_stack_smp
Tag: #security
Ignore-AOSP-First: Security fix
Exempt-From-Owner-Approval: Already got owner approval,
but somehow it still shows no owner vote
Change-Id: Id88241324e9fb89ef14e50b52eb459a0d81c492b
Chen Chen [Thu, 24 Sep 2020 00:02:58 +0000 (17:02 -0700)]
Check Classic key before cross-key derivation
Bug:
158854097
Test: atest net_test_stack_smp
Tag: #security
Ignore-AOSP-First: Security fix
Change-Id: Id88241324e9fb89ef14e50b52eb459a0d81c492b
TreeHugger Robot [Mon, 31 Aug 2020 17:12:27 +0000 (17:12 +0000)]
[automerger skipped] Merge "Send a response to an smp security request depending on the callback event" into oc-dev am:
9f1c709363 am:
28de519df5 -s ours
am skip reason: Change-Id Iadeb25a43b46f615b55a0dfb6e7723e5d1204351 with SHA-1
1570e8de12 is in history
Original change: https://googleplex-android-review.googlesource.com/c/platform/system/bt/+/
12448858
Change-Id: I97233565f3adeb025a2924e52a7f15353628bae7
li-wei.cheng [Mon, 31 Aug 2020 17:12:16 +0000 (17:12 +0000)]
Return after removing sample LTK device am:
c6879c3fe5 am:
bf69312868
Original change: https://googleplex-android-review.googlesource.com/c/platform/system/bt/+/
12325453
Change-Id: I16cf93538d6d706acd22876712fa615dd820d12e
TreeHugger Robot [Mon, 31 Aug 2020 17:04:23 +0000 (17:04 +0000)]
Merge "Send a response to an smp security request depending on the callback event" into oc-dev am:
9f1c709363
Original change: https://googleplex-android-review.googlesource.com/c/platform/system/bt/+/
12448858
Change-Id: I8857f2e8f4e7eee007bb1d1597b587a1965ca882
li-wei.cheng [Mon, 31 Aug 2020 17:04:06 +0000 (17:04 +0000)]
Return after removing sample LTK device am:
c6879c3fe5
Original change: https://googleplex-android-review.googlesource.com/c/platform/system/bt/+/
12325453
Change-Id: I7bb17e11a74ed992191cd446408ee7bef4b984de
Jakub Pawlowski [Mon, 31 Aug 2020 17:03:56 +0000 (17:03 +0000)]
[automerger skipped] Don't persist bonds using sample LTK am:
70411f0877 -s ours
am skip reason: skipped by user mylesgw
Original change: https://googleplex-android-review.googlesource.com/c/platform/system/bt/+/
12484285
Change-Id: Ia4bdeb2996c3bf7d7982f60a360b3790e542397d
Jakub Pawlowski [Mon, 11 Mar 2019 18:22:01 +0000 (19:22 +0100)]
Don't persist bonds using sample LTK
Test: compilation, manual testing
Bug:
128843052
Bug:
162497143
Merged-In: I52fd484d42bf87e96dbc9e6456090f231ed48111
Change-Id: I52fd484d42bf87e96dbc9e6456090f231ed48111
(cherry picked from commit
292fcf8612f488a2fcbf99614caba46ead076eb2)
TreeHugger Robot [Fri, 28 Aug 2020 21:35:22 +0000 (21:35 +0000)]
Merge "Send a response to an smp security request depending on the callback event" into oc-dev
Rahul Sabnis [Mon, 24 Aug 2020 23:36:36 +0000 (16:36 -0700)]
Send a response to an smp security request depending on the callback event
Tag: #feature
Bug:
157038281
Test: Manual
Merged-In: Iadeb25a43b46f615b55a0dfb6e7723e5d1204351
Change-Id: Iadeb25a43b46f615b55a0dfb6e7723e5d1204351
Rahul Sabnis [Mon, 24 Aug 2020 23:36:36 +0000 (16:36 -0700)]
Send a response to an smp security request depending on the callback event
Tag: #feature
Bug:
157038281
Test: Manual
Merged-In: Iadeb25a43b46f615b55a0dfb6e7723e5d1204351
Change-Id: Iadeb25a43b46f615b55a0dfb6e7723e5d1204351
li-wei.cheng [Mon, 20 Jan 2020 07:27:21 +0000 (15:27 +0800)]
Return after removing sample LTK device
Return directly after calling bta_dm_remove_device to
prevent from accessing the invalid security record (p_dev_rec).
Test: Hardcode to test bond with sample key
Tag: #security
Bug:
162497143
Change-Id: Iaa59f3c415dd8066849fd70912fdb83f890229d7
Merged-In: Iaa59f3c415dd8066849fd70912fdb83f890229d7
Rahul Sabnis [Wed, 5 Aug 2020 21:35:45 +0000 (21:35 +0000)]
[automerger skipped] Merge "Check whether local device is an ATV device to determine whether to show the consent dialog for BLE pairing in JUSTWORKS and ENCRYPTION_ONLY mode" into oc-dev am:
b2adda8177 am:
00fd683aec -s ours
am skip reason: Change-Id I6d06f5996da71e5a1407e544b0023d82924aa56f with SHA-1
0b4c1014f7 is in history
Original change: https://googleplex-android-review.googlesource.com/c/platform/system/bt/+/
12309020
Change-Id: I64045645e5b0c45d25f239f52070f796e8162077
Rahul Sabnis [Wed, 5 Aug 2020 21:18:10 +0000 (21:18 +0000)]
Merge "Check whether local device is an ATV device to determine whether to show the consent dialog for BLE pairing in JUSTWORKS and ENCRYPTION_ONLY mode" into oc-dev am:
b2adda8177
Original change: https://googleplex-android-review.googlesource.com/c/platform/system/bt/+/
12309020
Change-Id: I3cc71adac1897fb29ce5fb4012ed8b1567f1e614
Rahul Sabnis [Wed, 5 Aug 2020 20:56:23 +0000 (20:56 +0000)]
Merge "Check whether local device is an ATV device to determine whether to show the consent dialog for BLE pairing in JUSTWORKS and ENCRYPTION_ONLY mode" into oc-dev
Rahul Sabnis [Wed, 5 Aug 2020 20:51:45 +0000 (20:51 +0000)]
Merge "Check whether local device is an ATV device to determine whether to show the consent dialog for BLE pairing in JUSTWORKS and ENCRYPTION_ONLY mode" into oc-mr1-dev
weichinweng [Wed, 5 Aug 2020 12:13:40 +0000 (12:13 +0000)]
[automerger skipped] Fix possible OOB when receive gatt read type response data am:
342cb328b6 am:
6d86ead0e3 -s ours
am skip reason: Change-Id I1bd8713eecebc2bc3d919402b035987e06a2d4d3 with SHA-1
0eb7a763df is in history
Original change: https://googleplex-android-review.googlesource.com/c/platform/system/bt/+/
12263265
Change-Id: I0e10ba38b8aa463e7524ca0da1c2aa8ce5c86b5b
weichinweng [Wed, 5 Aug 2020 11:59:47 +0000 (11:59 +0000)]
Fix possible OOB when receive gatt read type response data am:
342cb328b6
Original change: https://googleplex-android-review.googlesource.com/c/platform/system/bt/+/
12263265
Change-Id: I064b5c88b2734129a9f1811f372713b01938ad9c
weichinweng [Tue, 28 Jul 2020 08:56:33 +0000 (16:56 +0800)]
Fix possible OOB when receive gatt read type response data
Bug:
158833854
Bug:
158778659
Test: manual
Tag: #security
Change-Id: I1bd8713eecebc2bc3d919402b035987e06a2d4d3
Merged-In: I1bd8713eecebc2bc3d919402b035987e06a2d4d3
Rahul Sabnis [Sat, 1 Aug 2020 02:44:27 +0000 (19:44 -0700)]
Check whether local device is an ATV device to determine whether to show
the consent dialog for BLE pairing in JUSTWORKS and ENCRYPTION_ONLY mode
Tag: #feature
Bug:
157038281
Test: Manual
Merged-In: I6d06f5996da71e5a1407e544b0023d82924aa56f
Change-Id: I6d06f5996da71e5a1407e544b0023d82924aa56f
Rahul Sabnis [Sat, 1 Aug 2020 02:44:27 +0000 (19:44 -0700)]
Check whether local device is an ATV device to determine whether to show
the consent dialog for BLE pairing in JUSTWORKS and ENCRYPTION_ONLY mode
Tag: #feature
Bug:
157038281
Test: Manual
Merged-In: I6d06f5996da71e5a1407e544b0023d82924aa56f
Change-Id: I6d06f5996da71e5a1407e544b0023d82924aa56f
weichinweng [Tue, 28 Jul 2020 08:56:33 +0000 (16:56 +0800)]
Fix possible OOB when receive gatt read type response data
Bug:
158833854
Bug:
158778659
Test: manual
Tag: #security
Change-Id: I1bd8713eecebc2bc3d919402b035987e06a2d4d3
Rahul Sabnis [Fri, 31 Jul 2020 00:51:00 +0000 (00:51 +0000)]
[automerger skipped] Shows a consent dialog on the local device when pairing a bluetooth low am:
57ffe1ba12 am:
70e77e9a2f -s ours
am skip reason: Change-Id I7de396230beb84bd0fa2b0cea346523b6824472a with SHA-1
b5c0bfc132 is in history
Original change: https://googleplex-android-review.googlesource.com/c/platform/system/bt/+/
12040226
Change-Id: I5ad01f31ae5ad09d350a04ff3414ae516ad0077d
Rahul Sabnis [Fri, 31 Jul 2020 00:27:46 +0000 (00:27 +0000)]
Shows a consent dialog on the local device when pairing a bluetooth low am:
57ffe1ba12
Original change: https://googleplex-android-review.googlesource.com/c/platform/system/bt/+/
12040226
Change-Id: I591af4f49890b67d9d110747984e1061aeaa9a57
Rahul Sabnis [Fri, 26 Jun 2020 17:27:07 +0000 (10:27 -0700)]
Shows a consent dialog on the local device when pairing a bluetooth low
energy device if the local device has a display.
Tag: #security
Bug:
157038281
Test: Manual
Merged-In: I7de396230beb84bd0fa2b0cea346523b6824472a
Change-Id: I7de396230beb84bd0fa2b0cea346523b6824472a
Rahul Sabnis [Fri, 26 Jun 2020 17:27:07 +0000 (10:27 -0700)]
Shows a consent dialog on the local device when pairing a bluetooth low
energy device if the local device has a display.
Tag: #security
Bug:
157038281
Test: Manual
Merged-In: I7de396230beb84bd0fa2b0cea346523b6824472a
Change-Id: I7de396230beb84bd0fa2b0cea346523b6824472a
Joseph Pirozzo [Fri, 26 Jun 2020 13:13:54 +0000 (13:13 +0000)]
Merge "Enable bitpool sanity checks" into oc-dev am:
15ccbf59de am:
b7bd79e254
Original change: https://googleplex-android-review.googlesource.com/c/platform/system/bt/+/
11593936
Change-Id: I1f53339a2b08ec342d65fe45f6a69965b87edf4a
Joseph Pirozzo [Fri, 26 Jun 2020 13:01:21 +0000 (13:01 +0000)]
Merge "Enable bitpool sanity checks" into oc-dev am:
15ccbf59de
Original change: https://googleplex-android-review.googlesource.com/c/platform/system/bt/+/
11593936
Change-Id: I53a4ce34dba71b7715f791a03b6128458f8bc7e8
Joseph Pirozzo [Fri, 26 Jun 2020 12:40:58 +0000 (12:40 +0000)]
Merge "Enable bitpool sanity checks" into oc-dev
Myles Watson [Thu, 25 Jun 2020 21:28:30 +0000 (21:28 +0000)]
[automerger skipped] DO NOT MERGE: Remove pairing on incoming bond request am:
85b5df1d0d am:
ab50a6b284 -s ours
am skip reason: Change-Id I048b7b142e3fe2096cf1a9aa2931c175fa52cd45 with SHA-1
e29c52cfda is in history
Original change: https://googleplex-android-review.googlesource.com/c/platform/system/bt/+/
11934228
Change-Id: I01231f49767b1f5e54f43bf119e410a147198033
Myles Watson [Thu, 25 Jun 2020 21:15:23 +0000 (21:15 +0000)]
DO NOT MERGE: Remove pairing on incoming bond request am:
85b5df1d0d
Original change: https://googleplex-android-review.googlesource.com/c/platform/system/bt/+/
11934228
Change-Id: Icf0c4b744a56a06669fea1effd45c898063a4631
Myles Watson [Thu, 18 Jun 2020 21:35:53 +0000 (14:35 -0700)]
DO NOT MERGE: Remove pairing on incoming bond request
Bug:
150156492
Tag: #security
Test: Bond two devices, forget from one device and reconnect
Change-Id: I048b7b142e3fe2096cf1a9aa2931c175fa52cd45
(cherry picked from commit
13f409ad3a2423b06af7a7f1a9b06fb06c8820a7)
Merged-In: I048b7b142e3fe2096cf1a9aa2931c175fa52cd45
Myles Watson [Thu, 18 Jun 2020 21:35:53 +0000 (14:35 -0700)]
DO NOT MERGE: Remove pairing on incoming bond request
Bug:
150156492
Tag: #security
Test: Bond two devices, forget from one device and reconnect
Change-Id: I048b7b142e3fe2096cf1a9aa2931c175fa52cd45
(cherry picked from commit
13f409ad3a2423b06af7a7f1a9b06fb06c8820a7)
Merged-In: I048b7b142e3fe2096cf1a9aa2931c175fa52cd45
Joseph Pirozzo [Mon, 25 May 2020 17:36:26 +0000 (10:36 -0700)]
Enable bitpool sanity checks
Enable bitpool sanity checks to run all the time, not just in debug
mode.
Tag: #security
Test: sbcdecoder_fuzzer
Bug:
146398979
Change-Id: Iff58305cd18de35e37290f0c09fba01ee14e787a
Jakub Pawlowski [Tue, 7 Apr 2020 23:09:11 +0000 (23:09 +0000)]
Fix potential stack overflow caused by integer overflow am:
1570b62c88 am:
5b4bf745e9
Change-Id: I91417fff40a89042993a9fcbfaa6b7f45c162d89
Jakub Pawlowski [Tue, 7 Apr 2020 22:51:21 +0000 (22:51 +0000)]
Fix potential stack overflow caused by integer overflow am:
1570b62c88
Change-Id: Iaf75d5b63297d50e3115422f15fa8511133ef45a
Jakub Pawlowski [Fri, 20 Mar 2020 14:24:00 +0000 (15:24 +0100)]
Fix potential stack overflow caused by integer overflow
Bug:
151155194
Merged-In: I0655b0b62301f78cd8705cc7b0e4fc11522f00ca
Change-Id: I0655b0b62301f78cd8705cc7b0e4fc11522f00ca
Automerger Merge Worker [Tue, 10 Mar 2020 23:58:30 +0000 (23:58 +0000)]
[automerger skipped] GattServcer: Check invalid offset am:
30a2860ed1 am:
2865a273f2 -s ours
am skip reason: Change-Id I0396380f431cdb7f91c78db6de9043ea0f373dfe with SHA-1
c14c1fb864 is in history
Change-Id: Iba77996d7a5acdbee2865868d506634620ccf793
Automerger Merge Worker [Tue, 10 Mar 2020 23:42:03 +0000 (23:42 +0000)]
GattServcer: Check invalid offset am:
30a2860ed1
Change-Id: I1d3aae196fb82155b88e2377e96670797f228f8a
Hansong Zhang [Thu, 13 Feb 2020 19:40:44 +0000 (11:40 -0800)]
GattServcer: Check invalid offset
Test: manual
Bug:
143231677
Merged-In: I0396380f431cdb7f91c78db6de9043ea0f373dfe
Merged-In: I0ca22e7c60292d61c758120c1cd67f6e6edd8ae8
Change-Id: I0ca22e7c60292d61c758120c1cd67f6e6edd8ae8
Hansong Zhang [Thu, 13 Feb 2020 19:40:44 +0000 (11:40 -0800)]
GattServcer: Check invalid offset
Test: manual
Bug:
143231677
Change-Id: I0396380f431cdb7f91c78db6de9043ea0f373dfe
Merged-In: I97e2c3ae15fccc482d07d8d621c455cc74900cfd
Merged-In: I0ca22e7c60292d61c758120c1cd67f6e6edd8ae8
TreeHugger Robot [Wed, 4 Dec 2019 08:29:41 +0000 (08:29 +0000)]
Merge "Fix potential OOB write in btm_read_remote_ext_features_complete" into oc-mr1-dev
Automerger Merge Worker [Wed, 4 Dec 2019 08:22:12 +0000 (08:22 +0000)]
Merge "Fix potential OOB write in btm_read_remote_ext_features_complete" into oc-dev am:
2039ca38e9 am:
5b85308108
Change-Id: I8c6f23a3cc7cfdb08242cbaa68ea62830ea49ccb
Automerger Merge Worker [Wed, 4 Dec 2019 08:13:37 +0000 (08:13 +0000)]
Merge "Fix potential OOB write in btm_read_remote_ext_features_complete" into oc-dev am:
2039ca38e9
Change-Id: I0767ba267fc51a926930288752a1a079414d5a76
TreeHugger Robot [Wed, 4 Dec 2019 08:04:13 +0000 (08:04 +0000)]
Merge "Fix potential OOB write in btm_read_remote_ext_features_complete" into oc-dev
Automerger Merge Worker [Tue, 3 Dec 2019 23:29:41 +0000 (23:29 +0000)]
Merge "SDP: add return after SDP disconnection" into oc-dev am:
765abc5cb6 am:
1f3bc32195
Change-Id: I08a3792c2110c102e1a61051ff74bfa8ef8735c8
Automerger Merge Worker [Tue, 3 Dec 2019 23:21:52 +0000 (23:21 +0000)]
Merge "SDP: add return after SDP disconnection" into oc-dev am:
765abc5cb6
Change-Id: I4adccd7acc83181359c798527f6231a2b29e4429
TreeHugger Robot [Tue, 3 Dec 2019 23:03:51 +0000 (23:03 +0000)]
Merge "SDP: add return after SDP disconnection" into oc-dev
Automerger Merge Worker [Tue, 3 Dec 2019 00:47:12 +0000 (00:47 +0000)]
Merge "GAP: Correct the continuous pkt length in l2cap" into oc-dev am:
2a8a9b22f2 am:
5d8fde3e01
Change-Id: I95231c695e0ec4a413c3cce64b3ea16936cc1bff
Automerger Merge Worker [Tue, 3 Dec 2019 00:40:09 +0000 (00:40 +0000)]
Merge "GAP: Correct the continuous pkt length in l2cap" into oc-dev am:
2a8a9b22f2
Change-Id: I9ed3a6586a87f199cef8b90d8c8c7d6bbb862823
TreeHugger Robot [Tue, 3 Dec 2019 00:33:29 +0000 (00:33 +0000)]
Merge "GAP: Correct the continuous pkt length in l2cap" into oc-dev
Ted Wang [Tue, 26 Nov 2019 03:46:38 +0000 (11:46 +0800)]
Fix potential OOB write in btm_read_remote_ext_features_complete
Add event length check to avoid hci event sent from controller not
correct.
Add page number check to avoid page number is bigger than
HCI_EXT_FEATURES_PAGE_MAX.
Bug:
141552859
Bug:
144205318
Test: inject function
Merged-In: Iaca4db4ee9bf27362f62aba0da088727e98955d1
Change-Id: Iaca4db4ee9bf27362f62aba0da088727e98955d1
Ted Wang [Tue, 26 Nov 2019 03:46:38 +0000 (11:46 +0800)]
Fix potential OOB write in btm_read_remote_ext_features_complete
Add event length check to avoid hci event sent from controller not
correct.
Add page number check to avoid page number is bigger than
HCI_EXT_FEATURES_PAGE_MAX.
Bug:
141552859
Bug:
144205318
Test: inject function
Merged-In: Iaca4db4ee9bf27362f62aba0da088727e98955d1
Change-Id: Iaca4db4ee9bf27362f62aba0da088727e98955d1
Ted Wang [Tue, 26 Nov 2019 03:33:50 +0000 (03:33 +0000)]
Merge "Revert "Fix potential OOB write in btm_read_remote_ext_features_complete"" into oc-mr1-dev
Automerger Merge Worker [Tue, 26 Nov 2019 02:55:04 +0000 (02:55 +0000)]
Merge "Revert "Fix potential OOB write in btm_read_remote_ext_features_complete"" into oc-dev am:
aa754ed3ec am:
53afb387a4
Change-Id: I22fb89a33d6265470d4dc82a19d3ff66ce1ad9fa
Automerger Merge Worker [Tue, 26 Nov 2019 02:45:55 +0000 (02:45 +0000)]
Merge "Revert "Fix potential OOB write in btm_read_remote_ext_features_complete"" into oc-dev am:
aa754ed3ec
Change-Id: I2cc0a9befe3c2b0412d53bad6b7790e61119cae2
Ted Wang [Tue, 26 Nov 2019 02:37:56 +0000 (02:37 +0000)]
Merge "Revert "Fix potential OOB write in btm_read_remote_ext_features_complete"" into oc-dev
Zongheng Wang [Tue, 12 Nov 2019 20:59:44 +0000 (12:59 -0800)]
SDP: add return after SDP disconnection
A return is needed after sdp_disconnect(). It is the logic
expected and it prevents the use of p_ccb after it's freed.
Bug:
144177780
Bug:
117105007
Test: manual test
Change-Id: I7a64382b36adca37a8ff0c7e361d89ecdc8f3b55
(cherry picked from commit
30efc8c90a846460359a489e17e1461c725958b3)
Adam Seaton [Fri, 22 Nov 2019 19:29:29 +0000 (19:29 +0000)]
Revert "Fix potential OOB write in btm_read_remote_ext_features_complete"
This reverts commit
0d7723d147012c3141d259cce24745eb446ff1b1.
Reason for revert: reverting due to functional regressions in Auto.
Bug:
144205318
Change-Id: I96ec04beeb8eb4cb307f45c3c2a02d267c00c8fc
Adam Seaton [Fri, 22 Nov 2019 19:29:14 +0000 (19:29 +0000)]
Revert "Fix potential OOB write in btm_read_remote_ext_features_complete"
This reverts commit
33a71f2955f1254d2f96fd4a4d16d44463a21423.
Reason for revert: reverting due to functional regressions in Auto.
Bug:
144205318
Change-Id: I6e1d62f370fc910e91c0919dcb3f37fa2f3c7bf5
Venkata Jagadeesh Garaga [Thu, 18 Apr 2019 11:43:49 +0000 (17:13 +0530)]
GAP: Correct the continuous pkt length in l2cap
L2cap continuous pkt length wrongly calculated in
reassembly logic when remote sends more data
than expected.
Wrong pkt length leading to memory corruption
Hence the Correct the continuous pkt length in
l2cap reassembly logic.
Bug:
135239489
Bug:
143894715
CRs-Fixed:
2434229
Test: make and internal testing
Change-Id: I758d9e31465b99e436b9b1841320000f08186c97
Merged-In: I758d9e31465b99e436b9b1841320000f08186c97
(cherry picked from commit
337bd4579453bd6bf98ff519de3ac1019cd30d28)
Ted Wang [Wed, 6 Nov 2019 21:13:44 +0000 (13:13 -0800)]
[automerger skipped] Merge "Fix potential OOB write in btm_read_remote_ext_features_complete" into oc-dev am:
981e2483c6
am:
4b700057ae -s ours
am skip reason: change_id I3bd7349f382aa0e42123bbd835dcb60b77af099a with SHA1
0d7723d147 is in history
Change-Id: I4e3cea1e80f91d5a7789fa5305a1fafea6690a70
Ted Wang [Wed, 6 Nov 2019 21:08:00 +0000 (13:08 -0800)]
Merge "Fix potential OOB write in btm_read_remote_ext_features_complete" into oc-dev
am:
981e2483c6
Change-Id: Iba00aec2298d8b6522555a56ba02b3dba5b7de3b
TreeHugger Robot [Wed, 6 Nov 2019 17:55:06 +0000 (17:55 +0000)]
Merge "Fix potential OOB write in btm_read_remote_ext_features_complete" into oc-dev
TreeHugger Robot [Wed, 6 Nov 2019 17:48:42 +0000 (17:48 +0000)]
Merge "Fix potential OOB write in btm_read_remote_ext_features_complete" into oc-mr1-dev
Ted Wang [Fri, 4 Oct 2019 10:39:02 +0000 (18:39 +0800)]
Fix potential OOB write in btm_read_remote_ext_features_complete
Add event length check to avoid hci event sent from controller not
correct.
Add page number check to avoid page number is bigger than max page
number.
Bug:
141552859
Test: inject function
Merged-In: I3bd7349f382aa0e42123bbd835dcb60b77af099a
Change-Id: I3bd7349f382aa0e42123bbd835dcb60b77af099a
Ted Wang [Fri, 4 Oct 2019 10:39:02 +0000 (18:39 +0800)]
Fix potential OOB write in btm_read_remote_ext_features_complete
Add event length check to avoid hci event sent from controller not
correct.
Add page number check to avoid page number is bigger than max page
number.
Bug:
141552859
Test: inject function
Merged-In: I3bd7349f382aa0e42123bbd835dcb60b77af099a
Change-Id: I3bd7349f382aa0e42123bbd835dcb60b77af099a
Nick Desaulniers [Tue, 15 Oct 2019 21:31:31 +0000 (14:31 -0700)]
[system][bt] fix -Wdangling-gsl am:
20ed45d633
am:
2f0c176bad
Change-Id: I82b0d0a3b21111b8711d58609c3f70f4637bc74b
Nick Desaulniers [Tue, 15 Oct 2019 21:24:30 +0000 (14:24 -0700)]
[system][bt] fix -Wdangling-gsl
am:
20ed45d633
Change-Id: I9f59103dc40ae2154a2b2314d309ba0f7184376a
Nick Desaulniers [Thu, 10 Oct 2019 21:04:47 +0000 (14:04 -0700)]
[system][bt] fix -Wdangling-gsl
BtAddrString() returns a std::string. It's not safe to chain a call to
c_str() as otherwise the returned std::string is a temporary, and the
expression evaluates to an immediately dangling pointer.
Bug:
139945549
Bug:
142558228
Test: mm
Change-Id: I30972458abcc563b24ee0d80b289c3efd6c3e04d
Signed-off-by: Nick Desaulniers <ndesaulniers@google.com>
Martin Brabham [Wed, 2 Oct 2019 01:13:16 +0000 (18:13 -0700)]
JustWorks: Auto-accept only incoming temporary pairing. am:
10e15ee461
am:
103ba67ee2
Change-Id: I89a7a2650b3c4814a28c13a287722485d0b6eba7
Martin Brabham [Wed, 2 Oct 2019 01:06:15 +0000 (18:06 -0700)]
JustWorks: Auto-accept only incoming temporary pairing.
am:
10e15ee461
Change-Id: I392280bb44e2ab665baeab5ef5f1e6b9323fe463
Martin Brabham [Thu, 20 Jun 2019 15:59:24 +0000 (08:59 -0700)]
JustWorks: Auto-accept only incoming temporary pairing.
Bug:
110433804
Bug:
134461862
Test: Manual; atest net_test_bluetooth
Change-Id: I4e3f39bc08e9d9493734a21ea29d76e43aeb50c8
Merged-In: I4e3f39bc08e9d9493734a21ea29d76e43aeb50c8
Rahul Sabnis [Sat, 28 Sep 2019 01:03:54 +0000 (18:03 -0700)]
[automerger skipped] Merge "Use memcpy instead of casting to convert device_class to int" into oc-dev am:
ca7cd4593a
am:
92b5515436 -s ours
am skip reason: change_id Iee71ce35576e438317841d41a81fda6a87e1984a with SHA1
ecf8f751b0 is in history
Change-Id: I9fdc5544ebca6f8849ae522890eb5774b5cc914f