OSDN Git Service
Android Build Merger (Role) [Fri, 22 Mar 2019 18:30:01 +0000 (18:30 +0000)]
[automerger] DO NOT MERGE Drop Bluetooth connection with weak encryption key am:
027532b367 am:
5f48bc8a86 am:
b788f8394e
Change-Id: Iebe131904b01492285eaaeaf6408b76037b2643e
Android Build Merger (Role) [Fri, 22 Mar 2019 18:29:58 +0000 (18:29 +0000)]
[automerger] DO NOT MERGE Drop Bluetooth connection with weak encryption key am:
027532b367 am:
5f48bc8a86
Change-Id: Ia0fb7cb6c331f4f30b4a2320fa52b66be425c74f
Android Build Merger (Role) [Fri, 22 Mar 2019 18:29:56 +0000 (18:29 +0000)]
[automerger] DO NOT MERGE Drop Bluetooth connection with weak encryption key am:
027532b367
Change-Id: I4fb660ac5ca288993e6f0643929eb1b1def1040c
Jakub Pawlowski [Thu, 14 Feb 2019 11:44:06 +0000 (12:44 +0100)]
DO NOT MERGE Drop Bluetooth connection with weak encryption key
This patch requires Bluetooth chip to support HCI Read Encryption Key Size
command and will cause Bluetooth to crash if this command is not supported
on a device. Such device should not take this patch and should look for
alternative solution to drop Bluetooth connection with weak encryption key.
Bug:
124301137
Change-Id: Id4b6b4e765628397a79e6806f45c2cd27acebd5b
TreeHugger Robot [Thu, 7 Mar 2019 23:04:58 +0000 (23:04 +0000)]
Merge "DO NOT MERGE Fix length for L2CAP config type EXT FLOW" into nyc-dev
Android Build Merger (Role) [Thu, 7 Mar 2019 18:51:43 +0000 (18:51 +0000)]
[automerger] DO NOT MERGE Fix length for L2CAP config type EXT FLOW am:
1fa0f29dbe am:
066e401178 am:
c97a452b7c
Change-Id: I747585195e3cf9137449dc777b64174a4a93c1f3
Android Build Merger (Role) [Thu, 7 Mar 2019 18:51:42 +0000 (18:51 +0000)]
[automerger] DO NOT MERGE Fix length for L2CAP config type EXT FLOW am:
1fa0f29dbe am:
066e401178
Change-Id: Ie35b3f093063898bc9d8cab84d221194f1ca007b
Android Build Merger (Role) [Thu, 7 Mar 2019 18:51:38 +0000 (18:51 +0000)]
[automerger] DO NOT MERGE Fix length for L2CAP config type EXT FLOW am:
1fa0f29dbe
Change-Id: I24f0d31be7582e28ba9b96d836cd85bcf7f3ef4c
Hansong Zhang [Thu, 7 Mar 2019 18:50:04 +0000 (10:50 -0800)]
DO NOT MERGE Fix length for L2CAP config type EXT FLOW
Bug:
119870451
Test: POC
Change-Id: I11041dd03caad5569e930ff36b50fc9c2719c57f
TreeHugger Robot [Fri, 8 Feb 2019 07:54:10 +0000 (07:54 +0000)]
Merge "DO NOT MERGE Separate SDP procedure from bonding state (1/2)" into nyc-dev
TreeHugger Robot [Fri, 8 Feb 2019 07:54:10 +0000 (07:54 +0000)]
Merge changes from topic "am-
43952131-a4db-4e42-bfef-
2d44a29b3fac" into cw-f-dev
* changes:
[automerger] DO NOT MERGE Separate SDP procedure from bonding state (1/2) am:
edd7e731ed am:
279c2a1910 am:
c29c3aa408
[automerger] DO NOT MERGE Separate SDP procedure from bonding state (1/2) am:
edd7e731ed am:
279c2a1910
[automerger] DO NOT MERGE Separate SDP procedure from bonding state (1/2) am:
edd7e731ed
DO NOT MERGE Separate SDP procedure from bonding state (1/2)
TreeHugger Robot [Fri, 8 Feb 2019 07:54:10 +0000 (07:54 +0000)]
Merge changes from topic "am-
43952131-a4db-4e42-bfef-
2d44a29b3fac" into nyc-mr1-dev
* changes:
[automerger] DO NOT MERGE Separate SDP procedure from bonding state (1/2) am:
edd7e731ed am:
279c2a1910
[automerger] DO NOT MERGE Separate SDP procedure from bonding state (1/2) am:
edd7e731ed
DO NOT MERGE Separate SDP procedure from bonding state (1/2)
TreeHugger Robot [Fri, 8 Feb 2019 07:54:10 +0000 (07:54 +0000)]
Merge changes from topic "am-
43952131-a4db-4e42-bfef-
2d44a29b3fac" into nyc-dr1-dev
* changes:
[automerger] DO NOT MERGE Separate SDP procedure from bonding state (1/2) am:
edd7e731ed
DO NOT MERGE Separate SDP procedure from bonding state (1/2)
TreeHugger Robot [Thu, 7 Feb 2019 21:07:56 +0000 (21:07 +0000)]
Merge "DO NOT MERGE btm_proc_smp_cback: Don't access p_dev_rec if freed" into nyc-dev
TreeHugger Robot [Thu, 7 Feb 2019 21:07:56 +0000 (21:07 +0000)]
Merge changes from topic "am-
5380790e-42fb-4784-96c0-
4412e4fdccd0" into cw-f-dev
* changes:
[automerger] DO NOT MERGE btm_proc_smp_cback: Don't access p_dev_rec if freed am:
74c6d501ce am:
059e3c77e2 am:
a244a4072c
[automerger] DO NOT MERGE btm_proc_smp_cback: Don't access p_dev_rec if freed am:
74c6d501ce am:
059e3c77e2
[automerger] DO NOT MERGE btm_proc_smp_cback: Don't access p_dev_rec if freed am:
74c6d501ce
DO NOT MERGE btm_proc_smp_cback: Don't access p_dev_rec if freed
TreeHugger Robot [Thu, 7 Feb 2019 21:07:56 +0000 (21:07 +0000)]
Merge changes from topic "am-
5380790e-42fb-4784-96c0-
4412e4fdccd0" into nyc-mr1-dev
* changes:
[automerger] DO NOT MERGE btm_proc_smp_cback: Don't access p_dev_rec if freed am:
74c6d501ce am:
059e3c77e2
[automerger] DO NOT MERGE btm_proc_smp_cback: Don't access p_dev_rec if freed am:
74c6d501ce
DO NOT MERGE btm_proc_smp_cback: Don't access p_dev_rec if freed
TreeHugger Robot [Thu, 7 Feb 2019 21:07:56 +0000 (21:07 +0000)]
Merge changes from topic "am-
5380790e-42fb-4784-96c0-
4412e4fdccd0" into nyc-dr1-dev
* changes:
[automerger] DO NOT MERGE btm_proc_smp_cback: Don't access p_dev_rec if freed am:
74c6d501ce
DO NOT MERGE btm_proc_smp_cback: Don't access p_dev_rec if freed
TreeHugger Robot [Sat, 2 Feb 2019 07:52:13 +0000 (07:52 +0000)]
Merge "DO NOT MERGE process_l2cap_cmd: Fix OOB" into nyc-dev
Android Build Merger (Role) [Tue, 22 Jan 2019 21:47:35 +0000 (21:47 +0000)]
[automerger] DO NOT MERGE btm_proc_smp_cback: Don't access p_dev_rec if freed am:
74c6d501ce am:
059e3c77e2 am:
a244a4072c
Change-Id: Ic43337c91c1cdcb9eaea22311cd7205dc05dcfa2
Android Build Merger (Role) [Tue, 22 Jan 2019 21:47:33 +0000 (21:47 +0000)]
[automerger] DO NOT MERGE btm_proc_smp_cback: Don't access p_dev_rec if freed am:
74c6d501ce am:
059e3c77e2
Change-Id: I96de72b97a23eebad116c98899f59f399614cff7
Android Build Merger (Role) [Tue, 22 Jan 2019 21:47:32 +0000 (21:47 +0000)]
[automerger] DO NOT MERGE btm_proc_smp_cback: Don't access p_dev_rec if freed am:
74c6d501ce
Change-Id: Iad8449f422afb55305d3f1f2a148a4122c49c7d8
Hansong Zhang [Tue, 22 Jan 2019 21:46:47 +0000 (13:46 -0800)]
DO NOT MERGE btm_proc_smp_cback: Don't access p_dev_rec if freed
In btm_proc_smp_cback(), return after p_dev_rec is freed in the middle
to prevent use after free
Bug:
120612744
Test: Use ASAN build; connect to a LE device and wait for timeout
Change-Id: I09aa1cf1d1c835146b62d0f4989aeedfb885d95b
Android Build Merger (Role) [Tue, 22 Jan 2019 18:47:20 +0000 (18:47 +0000)]
[automerger] DO NOT MERGE process_l2cap_cmd: Fix OOB am:
38f07a3c93 am:
14f6578d9e am:
53e323b2af
Change-Id: I9a919a3168f0d37834a14778c3f24f1e5f417685
Android Build Merger (Role) [Tue, 22 Jan 2019 18:47:18 +0000 (18:47 +0000)]
[automerger] DO NOT MERGE process_l2cap_cmd: Fix OOB am:
38f07a3c93 am:
14f6578d9e
Change-Id: I1df2130c25d9399d2c6ebc47bc0b8ec127994b89
Android Build Merger (Role) [Tue, 22 Jan 2019 18:47:16 +0000 (18:47 +0000)]
[automerger] DO NOT MERGE process_l2cap_cmd: Fix OOB am:
38f07a3c93
Change-Id: I89bb716ce51a1d98147c0df527174b4934999347
Hansong Zhang [Fri, 18 Jan 2019 19:51:00 +0000 (11:51 -0800)]
DO NOT MERGE process_l2cap_cmd: Fix OOB
Bug:
119870451
Test: POC
Change-Id: Ieef322a3ad4cebcaf40e5388584d3a04a4761d2e
Android Build Merger (Role) [Sun, 6 Jan 2019 21:36:27 +0000 (21:36 +0000)]
[automerger] DO NOT MERGE A security fix to check buffer length in l2c_lcc_proc_pdu am:
c1fcbd5508 am:
85b4574a31 am:
097ecf3d88
Change-Id: I9fd0733ff10442ca2050e440b954a9cb2f574c1a
Android Build Merger (Role) [Sun, 6 Jan 2019 21:36:26 +0000 (21:36 +0000)]
[automerger] DO NOT MERGE A security fix to check buffer length in l2c_lcc_proc_pdu am:
c1fcbd5508 am:
85b4574a31
Change-Id: I40ce009c5868fde902bc29a0af1b62c89f02f158
Android Build Merger (Role) [Sun, 6 Jan 2019 21:36:24 +0000 (21:36 +0000)]
[automerger] DO NOT MERGE A security fix to check buffer length in l2c_lcc_proc_pdu am:
c1fcbd5508
Change-Id: I5812786ed1ac013a273e300c1ddbe3fd26857543
Stanley Tng [Tue, 11 Dec 2018 22:45:13 +0000 (14:45 -0800)]
DO NOT MERGE A security fix to check buffer length in l2c_lcc_proc_pdu
Add check to make sure that data buffer is big enough to read the 2
bytes for length.
Also, fix a regression from the previous CL that checks the buffer length
before doing a memcpy. The previous check is too strict causing valid
sized buffers to be rejected. The length check is incorrect and off by the header size.
Bug:
120665616
Test: Run the SL4A Test for LE CoC, BleCoCTest
Merged-In: I30b7a8af11d3a5f974cb39e06b0e3463bebc8e9a
Change-Id: I30b7a8af11d3a5f974cb39e06b0e3463bebc8e9a
(cherry picked from commit
fcb1994de1f6ee34b8dc6804a2b32e20bf138073)
(cherry picked from commit
1f1d8b97d80d25023c4c7b04d2aa18d367f4158d)
(cherry picked from commit
6b2739f309f7719086eb8201b3e1a35ba60035f4)
Android Build Merger (Role) [Thu, 29 Nov 2018 11:51:39 +0000 (11:51 +0000)]
[automerger] Fix buffer overflow in btif_dm_data_copy am:
d117975904 am:
12d8535d0f am:
98ced409a5
Change-Id: I258a6e883061d68b24b30e17e03f72d2000e5f3f
Android Build Merger (Role) [Thu, 29 Nov 2018 11:51:37 +0000 (11:51 +0000)]
[automerger] Fix buffer overflow in btif_dm_data_copy am:
d117975904 am:
12d8535d0f
Change-Id: I22ea297e564616790fd7e916747cdcea25d2b068
Android Build Merger (Role) [Thu, 29 Nov 2018 11:51:34 +0000 (11:51 +0000)]
[automerger] Fix buffer overflow in btif_dm_data_copy am:
d117975904
Change-Id: Icbd5b31039dbf3016575f9d6d69b216d76564c96
Jakub Pawlowski [Tue, 27 Nov 2018 16:59:57 +0000 (17:59 +0100)]
Fix buffer overflow in btif_dm_data_copy
When we use a union, we should always define variables as the union type,
not as one of the field subtypes. If the latter is cast to the union type,
buffer overflow can happen.
Bug:
110166268
Test: compilation
Change-Id: I473c03b099ad5a326e7a3739f65efd33cf4775bd
Merged-In: I473c03b099ad5a326e7a3739f65efd33cf4775bd
Android Build Merger (Role) [Tue, 27 Nov 2018 16:47:45 +0000 (16:47 +0000)]
[automerger] Fix potential usage of freed memory in btif_hl_proc_sdp_query_cfm am:
78508d2c2c am:
a236f16071 am:
3f5af0aa65
Change-Id: I98ae5ab9e24acd447c0c72835067db0bc7430371
Android Build Merger (Role) [Tue, 27 Nov 2018 16:47:42 +0000 (16:47 +0000)]
[automerger] Fix potential usage of freed memory in btif_hl_proc_sdp_query_cfm am:
78508d2c2c am:
a236f16071
Change-Id: I8615cedf8b9192c46506c54934229089021fe101
Android Build Merger (Role) [Tue, 27 Nov 2018 16:47:40 +0000 (16:47 +0000)]
[automerger] Fix potential usage of freed memory in btif_hl_proc_sdp_query_cfm am:
78508d2c2c
Change-Id: If8da202c56ee7deeb7aba67f59b19ef28466f6ae
Jakub Pawlowski [Tue, 20 Nov 2018 21:31:31 +0000 (22:31 +0100)]
Fix potential usage of freed memory in btif_hl_proc_sdp_query_cfm
Bug:
116222069
Test: compilation
Change-Id: Iebe2c500dfc2806ca321fdcd170e20c680619d4d
Merged-In: Iebe2c500dfc2806ca321fdcd170e20c680619d4d
Android Build Merger (Role) [Tue, 20 Nov 2018 09:11:18 +0000 (09:11 +0000)]
[automerger] DO NOT MERGE Separate SDP procedure from bonding state (1/2) am:
edd7e731ed am:
279c2a1910 am:
c29c3aa408
Change-Id: I08534e15fd3a1ac53d666a9d27b6f3a30200e065
Android Build Merger (Role) [Tue, 20 Nov 2018 09:11:15 +0000 (09:11 +0000)]
[automerger] DO NOT MERGE Separate SDP procedure from bonding state (1/2) am:
edd7e731ed am:
279c2a1910
Change-Id: Ie051800f6ad61b7f7d14dd41f56b19848f38e5fb
Android Build Merger (Role) [Tue, 20 Nov 2018 09:11:11 +0000 (09:11 +0000)]
[automerger] DO NOT MERGE Separate SDP procedure from bonding state (1/2) am:
edd7e731ed
Change-Id: I1db76ed30b73630aa44839271fbb654ce533c17c
Ugo Yu [Tue, 30 Oct 2018 07:10:35 +0000 (15:10 +0800)]
DO NOT MERGE Separate SDP procedure from bonding state (1/2)
- Do not stay in bonding state if the device is paried but still
discovering service.
- Report BOND_BONDED to Java after authentication is completed.
- Report empty UUID to Java if a classic Bluetooth device SDP
failed while pairing.
- Hold BOND_BONDED intent util SDP is findished.
- Only accept profile connection for the device is at bonded
state. Any attempt to connect while bonding would potentially
lead to an unauthorized connection.
Bug:
79703832
Test: runtest bluetooth, regression test.
Change-Id: I023713e07308bfc0e5bb8d67f386bcc50f6a0f85
(cherry picked from commit
122e115b87fe98ca5e5e65b9765c146f9e52b65e)
Hansong Zhang [Mon, 5 Nov 2018 18:03:36 +0000 (18:03 +0000)]
Merge "DO NOT MERGE HFP: Check AT command buffer boundary during parsing" into nyc-dev
Android Build Merger (Role) [Mon, 5 Nov 2018 18:01:27 +0000 (18:01 +0000)]
[automerger skipped] DO NOT MERGE HFP: Check AT command buffer boundary during parsing skipped:
163dec2ae1 skipped:
9805ed7a7a skipped:
f9606e1d89
Change-Id: Iee0814f1ed5a5decc214abad4721a84825cd53b1
Android Build Merger (Role) [Mon, 5 Nov 2018 18:01:26 +0000 (18:01 +0000)]
[automerger skipped] DO NOT MERGE HFP: Check AT command buffer boundary during parsing skipped:
163dec2ae1 skipped:
9805ed7a7a
Change-Id: I5977408e04b4479c9aa2b5d16a03e18d7e9deced
Android Build Merger (Role) [Mon, 5 Nov 2018 18:01:25 +0000 (18:01 +0000)]
[automerger skipped] DO NOT MERGE HFP: Check AT command buffer boundary during parsing skipped:
163dec2ae1
Change-Id: I406dd66fa46d18b70d48faedf810d6a3ddbe3fbc
TreeHugger Robot [Mon, 5 Nov 2018 17:16:34 +0000 (17:16 +0000)]
Merge "DO NOT MERGE: HH: Check parameter length in bta_hh_ctrl_dat_act" into nyc-dev
TreeHugger Robot [Mon, 5 Nov 2018 17:16:34 +0000 (17:16 +0000)]
Merge changes from topic "am-
154171ba-0805-48c6-88cf-
c592ee3cf37c" into cw-f-dev
* changes:
[automerger] DO NOT MERGE: HH: Check parameter length in bta_hh_ctrl_dat_act am:
a4a11e1981 am:
9172befdc8 am:
13e8d7ad1c
[automerger] DO NOT MERGE: HH: Check parameter length in bta_hh_ctrl_dat_act am:
a4a11e1981 am:
9172befdc8
[automerger] DO NOT MERGE: HH: Check parameter length in bta_hh_ctrl_dat_act am:
a4a11e1981
DO NOT MERGE: HH: Check parameter length in bta_hh_ctrl_dat_act
TreeHugger Robot [Mon, 5 Nov 2018 17:16:34 +0000 (17:16 +0000)]
Merge changes from topic "am-
154171ba-0805-48c6-88cf-
c592ee3cf37c" into nyc-mr1-dev
* changes:
[automerger] DO NOT MERGE: HH: Check parameter length in bta_hh_ctrl_dat_act am:
a4a11e1981 am:
9172befdc8
[automerger] DO NOT MERGE: HH: Check parameter length in bta_hh_ctrl_dat_act am:
a4a11e1981
DO NOT MERGE: HH: Check parameter length in bta_hh_ctrl_dat_act
TreeHugger Robot [Mon, 5 Nov 2018 17:16:34 +0000 (17:16 +0000)]
Merge changes from topic "am-
154171ba-0805-48c6-88cf-
c592ee3cf37c" into nyc-dr1-dev
* changes:
[automerger] DO NOT MERGE: HH: Check parameter length in bta_hh_ctrl_dat_act am:
a4a11e1981
DO NOT MERGE: HH: Check parameter length in bta_hh_ctrl_dat_act
TreeHugger Robot [Sat, 3 Nov 2018 00:37:33 +0000 (00:37 +0000)]
Merge changes from topic "Check-AT-command-buffer-boundary-during-parsing" into cw-f-dev
* changes:
[automerger] DO NOT MERGE HFP: Check AT command buffer boundary during parsing am:
aea10aec7f
DO NOT MERGE HFP: Check AT command buffer boundary during parsing
TreeHugger Robot [Sat, 3 Nov 2018 00:37:33 +0000 (00:37 +0000)]
Merge "DO NOT MERGE HFP: Check AT command buffer boundary during parsing" into nyc-mr1-dev
TreeHugger Robot [Fri, 2 Nov 2018 22:47:59 +0000 (22:47 +0000)]
Merge "DO NOT MERGE: SDP: Check p_end in save_attr_seq and add_attr" into nyc-dev
TreeHugger Robot [Fri, 2 Nov 2018 22:47:59 +0000 (22:47 +0000)]
Merge changes from topic "am-
3290ac2a-4a57-4151-aaf8-
9695d2ed6348" into nyc-dr1-dev
* changes:
[automerger] DO NOT MERGE: SDP: Check p_end in save_attr_seq and add_attr am:
2091fe7501
DO NOT MERGE: SDP: Check p_end in save_attr_seq and add_attr
TreeHugger Robot [Fri, 2 Nov 2018 22:47:59 +0000 (22:47 +0000)]
Merge changes from topic "am-
3290ac2a-4a57-4151-aaf8-
9695d2ed6348" into cw-f-dev
* changes:
[automerger] DO NOT MERGE: SDP: Check p_end in save_attr_seq and add_attr am:
2091fe7501 am:
4494b9be43 am:
07b95830b3
[automerger] DO NOT MERGE: SDP: Check p_end in save_attr_seq and add_attr am:
2091fe7501 am:
4494b9be43
[automerger] DO NOT MERGE: SDP: Check p_end in save_attr_seq and add_attr am:
2091fe7501
DO NOT MERGE: SDP: Check p_end in save_attr_seq and add_attr
TreeHugger Robot [Fri, 2 Nov 2018 22:47:59 +0000 (22:47 +0000)]
Merge changes from topic "am-
3290ac2a-4a57-4151-aaf8-
9695d2ed6348" into nyc-mr1-dev
* changes:
[automerger] DO NOT MERGE: SDP: Check p_end in save_attr_seq and add_attr am:
2091fe7501 am:
4494b9be43
[automerger] DO NOT MERGE: SDP: Check p_end in save_attr_seq and add_attr am:
2091fe7501
DO NOT MERGE: SDP: Check p_end in save_attr_seq and add_attr
TreeHugger Robot [Fri, 2 Nov 2018 22:43:43 +0000 (22:43 +0000)]
Merge "DO NOT MERGE: MCAP: Check response length in mca_ccb_hdl_rsp" into nyc-dev
TreeHugger Robot [Fri, 2 Nov 2018 22:43:43 +0000 (22:43 +0000)]
Merge changes from topic "am-
a8794701-2d32-4392-bf6f-
9d00a3751e39" into nyc-dr1-dev
* changes:
[automerger] DO NOT MERGE: MCAP: Check response length in mca_ccb_hdl_rsp am:
840f70ca1e
DO NOT MERGE: MCAP: Check response length in mca_ccb_hdl_rsp
TreeHugger Robot [Fri, 2 Nov 2018 22:43:43 +0000 (22:43 +0000)]
Merge changes from topic "am-
a8794701-2d32-4392-bf6f-
9d00a3751e39" into cw-f-dev
* changes:
[automerger] DO NOT MERGE: MCAP: Check response length in mca_ccb_hdl_rsp am:
840f70ca1e am:
c1f3afedf3 am:
3f5160f5aa
[automerger] DO NOT MERGE: MCAP: Check response length in mca_ccb_hdl_rsp am:
840f70ca1e am:
c1f3afedf3
[automerger] DO NOT MERGE: MCAP: Check response length in mca_ccb_hdl_rsp am:
840f70ca1e
DO NOT MERGE: MCAP: Check response length in mca_ccb_hdl_rsp
TreeHugger Robot [Fri, 2 Nov 2018 22:43:43 +0000 (22:43 +0000)]
Merge changes from topic "am-
a8794701-2d32-4392-bf6f-
9d00a3751e39" into nyc-mr1-dev
* changes:
[automerger] DO NOT MERGE: MCAP: Check response length in mca_ccb_hdl_rsp am:
840f70ca1e am:
c1f3afedf3
[automerger] DO NOT MERGE: MCAP: Check response length in mca_ccb_hdl_rsp am:
840f70ca1e
DO NOT MERGE: MCAP: Check response length in mca_ccb_hdl_rsp
Chienyuan [Thu, 11 Oct 2018 02:36:57 +0000 (10:36 +0800)]
DO NOT MERGE HFP: Check AT command buffer boundary during parsing
* add p_end parameter to tBTA_AG_AT_CMD_CBACK, bta_ag_at_hsp_cback
and bta_ag_at_hfp_cback to indicate effective data range of p_arg
* add checks for buffer copy overflow in bta_ag_at_hsp_cback and
bta_ag_at_hfp_cback
* add packet legnth checks with p_end in bta_ag_parse_cmer
* add packet length checks with p_end in bta_ag_parse_bac
Bug:
112860487
Test: manual
Change-Id: Idbfa2b8bd4c1a0aeeacfe34349851b3bc8de7c69
Merged-In: Idbfa2b8bd4c1a0aeeacfe34349851b3bc8de7c69
(cherry picked from commit
5b1ef1038e3f4e4371c3d6718bf0f684be65eb2b)
Android Build Merger (Role) [Fri, 2 Nov 2018 22:10:04 +0000 (22:10 +0000)]
[automerger] DO NOT MERGE HFP: Check AT command buffer boundary during parsing am:
aea10aec7f
Change-Id: I15e13d82ec8f1aea4236044762e96e704f4275b2
Chienyuan [Thu, 11 Oct 2018 02:36:57 +0000 (10:36 +0800)]
DO NOT MERGE HFP: Check AT command buffer boundary during parsing
* add p_end parameter to tBTA_AG_AT_CMD_CBACK, bta_ag_at_hsp_cback
and bta_ag_at_hfp_cback to indicate effective data range of p_arg
* add checks for buffer copy overflow in bta_ag_at_hsp_cback and
bta_ag_at_hfp_cback
* add packet legnth checks with p_end in bta_ag_parse_cmer
* add packet length checks with p_end in bta_ag_parse_bac
Bug:
112860487
Test: manual
Change-Id: Idbfa2b8bd4c1a0aeeacfe34349851b3bc8de7c69
(cherry picked from commit
5b1ef1038e3f4e4371c3d6718bf0f684be65eb2b)
Android Build Merger (Role) [Thu, 1 Nov 2018 16:37:17 +0000 (16:37 +0000)]
[automerger] DO NOT MERGE: SDP: Check p_end in save_attr_seq and add_attr am:
2091fe7501 am:
4494b9be43 am:
07b95830b3
Change-Id: Ia5f3a475f290c5ebb76dd0256410cde567bb1e27
Android Build Merger (Role) [Thu, 1 Nov 2018 16:37:16 +0000 (16:37 +0000)]
[automerger] DO NOT MERGE: SDP: Check p_end in save_attr_seq and add_attr am:
2091fe7501 am:
4494b9be43
Change-Id: Ie42e3bd1a03ef61a7229ffa5d099127ee8048d2a
Android Build Merger (Role) [Thu, 1 Nov 2018 16:37:14 +0000 (16:37 +0000)]
[automerger] DO NOT MERGE: SDP: Check p_end in save_attr_seq and add_attr am:
2091fe7501
Change-Id: I4bdd3180984cb58b839a4d0625dfb37cb5a4e405
Myles Watson [Thu, 25 Oct 2018 00:05:12 +0000 (17:05 -0700)]
DO NOT MERGE: SDP: Check p_end in save_attr_seq and add_attr
Bug:
115900043
Test: Sanity pairing and SDP PTS
Change-Id: Ib642f79ed22b65ede5ff786cb1e163d172480f11
Android Build Merger (Role) [Thu, 1 Nov 2018 16:20:13 +0000 (16:20 +0000)]
[automerger] DO NOT MERGE: MCAP: Check response length in mca_ccb_hdl_rsp am:
840f70ca1e am:
c1f3afedf3 am:
3f5160f5aa
Change-Id: If1797511d46c172bac21c48b241beb6349d96367
Android Build Merger (Role) [Thu, 1 Nov 2018 16:20:12 +0000 (16:20 +0000)]
[automerger] DO NOT MERGE: MCAP: Check response length in mca_ccb_hdl_rsp am:
840f70ca1e am:
c1f3afedf3
Change-Id: I63664999ef4f512592a940d5bbeb8c64a7b31aff
Android Build Merger (Role) [Thu, 1 Nov 2018 16:20:11 +0000 (16:20 +0000)]
[automerger] DO NOT MERGE: MCAP: Check response length in mca_ccb_hdl_rsp am:
840f70ca1e
Change-Id: Id89a5a5ac1a23b5d657bfe33bcc881f76746fac6
Myles Watson [Thu, 25 Oct 2018 22:27:03 +0000 (15:27 -0700)]
DO NOT MERGE: MCAP: Check response length in mca_ccb_hdl_rsp
Bug:
116319076
Test: Send a short MCAP response
Change-Id: I0452f7d2c0f4ecccc7a6501773e26b403b116179
Android Build Merger (Role) [Thu, 1 Nov 2018 15:56:49 +0000 (15:56 +0000)]
[automerger] DO NOT MERGE: HH: Check parameter length in bta_hh_ctrl_dat_act am:
a4a11e1981 am:
9172befdc8 am:
13e8d7ad1c
Change-Id: I527b11967c2a207702e570914b07c219dcdcd12c
Android Build Merger (Role) [Thu, 1 Nov 2018 15:56:48 +0000 (15:56 +0000)]
[automerger] DO NOT MERGE: HH: Check parameter length in bta_hh_ctrl_dat_act am:
a4a11e1981 am:
9172befdc8
Change-Id: I137bcb668670c62a0970af340eaaea7e1e69d614
Android Build Merger (Role) [Thu, 1 Nov 2018 15:56:47 +0000 (15:56 +0000)]
[automerger] DO NOT MERGE: HH: Check parameter length in bta_hh_ctrl_dat_act am:
a4a11e1981
Change-Id: I72ddadf35350b72a755d92be554a638d6ed476aa
Myles Watson [Thu, 25 Oct 2018 21:33:33 +0000 (14:33 -0700)]
DO NOT MERGE: HH: Check parameter length in bta_hh_ctrl_dat_act
Bug:
116108738
Test: send a malformed GET_IDLE command with no parameters
Change-Id: Ic57e748a06ea6d4fc16868310d3423ee71a7ac8c
Android Build Merger (Role) [Wed, 31 Oct 2018 23:35:06 +0000 (23:35 +0000)]
[automerger] DO NOT MERGE: Fix possible OOB when AVDT data channel recive ACL data am:
ad4098c340 am:
8ee587afbb am:
bf3c65e987
Change-Id: If43dc850794289bec31c7a3d5853bb49f5571703
Android Build Merger (Role) [Wed, 31 Oct 2018 23:35:03 +0000 (23:35 +0000)]
[automerger] DO NOT MERGE: Fix possible OOB when AVDT data channel recive ACL data am:
ad4098c340 am:
8ee587afbb
Change-Id: Id0a40d0a6138e05b9038a09751a53a3f6deef786
Android Build Merger (Role) [Wed, 31 Oct 2018 23:35:00 +0000 (23:35 +0000)]
[automerger] DO NOT MERGE: Fix possible OOB when AVDT data channel recive ACL data am:
ad4098c340
Change-Id: I43e5409e91d531854545e2d9ed10389f8f10db01
Ugo Yu [Mon, 29 Oct 2018 17:57:06 +0000 (01:57 +0800)]
DO NOT MERGE: Fix possible OOB when AVDT data channel recive ACL data
Bug:
111450156
Change-Id: Id23eeedcb7bde5866cd53a2f7f1c30f27c5352f6
(cherry picked from commit
b0125caafec2183d73fc899ce5a8aee43a6e54af)
Android Build Merger (Role) [Thu, 11 Oct 2018 22:20:35 +0000 (22:20 +0000)]
[automerger] Fix possible OOB read in process_service_search_rsp am:
b6fa6e4fff am:
8c06d18eea am:
dd2fbd1c21
Change-Id: Ide25784c8161e3bf8e8bf19de71e810006a4ffd3
Android Build Merger (Role) [Thu, 11 Oct 2018 22:20:32 +0000 (22:20 +0000)]
[automerger] Fix possible OOB read in process_service_search_rsp am:
b6fa6e4fff am:
8c06d18eea
Change-Id: I489c10b25faf0f1a0725e29b9f2bd7c1d17389e2
Android Build Merger (Role) [Thu, 11 Oct 2018 22:20:29 +0000 (22:20 +0000)]
[automerger] Fix possible OOB read in process_service_search_rsp am:
b6fa6e4fff
Change-Id: Id18234fccee442ea5f2ff7ad9bcf193dd50226b3
Jakub Pawlowski [Wed, 10 Oct 2018 18:07:12 +0000 (20:07 +0200)]
Fix possible OOB read in process_service_search_rsp
Bug:
74249842
Change-Id: I0dbe43f0da1f5a8f14bcb69659752de4bd70ca98
Merged-In: I0dbe43f0da1f5a8f14bcb69659752de4bd70ca98
Android Build Merger (Role) [Tue, 18 Sep 2018 12:49:52 +0000 (12:49 +0000)]
[automerger] DO NOT MERGE - Check SDU lower bound before allocate p_data am:
87bcda81b8 am:
8e31e9abb4 am:
e51a7b9760
Change-Id: I13a2cd3d213f204feb8a7dcf0430aa5a729efddd
Android Build Merger (Role) [Tue, 18 Sep 2018 12:49:49 +0000 (12:49 +0000)]
[automerger] DO NOT MERGE - Check SDU lower bound before allocate p_data am:
87bcda81b8 am:
8e31e9abb4
Change-Id: Icfc1e9961a59325a522ab4385411efe446b19ce1
Android Build Merger (Role) [Tue, 18 Sep 2018 12:49:46 +0000 (12:49 +0000)]
[automerger] DO NOT MERGE - Check SDU lower bound before allocate p_data am:
87bcda81b8
Change-Id: I51d65f4d9ddba01e86ee88b600e820af4f431415
Ugo Yu [Tue, 18 Sep 2018 12:49:22 +0000 (20:49 +0800)]
DO NOT MERGE - Check SDU lower bound before allocate p_data
Bug:
112321180
Test: SL4A BleCocTest:test_coc_insecured_connection_write_ascii
Change-Id: Id0c9aa2097f0b6bdc2bb9fa9086daa9452188e1d
TreeHugger Robot [Fri, 7 Sep 2018 16:16:19 +0000 (16:16 +0000)]
Merge changes from topic "bt-security-avrc_pars_vendor_rsp-length-check-nyc-dev" into cw-f-dev
* changes:
[automerger] DO NOT MERGE - Check data length when parsing AVRCP vendor specific command responses am:
8148397ca2 am:
1f7ced7d2f am:
33b88d2e2f
[automerger] DO NOT MERGE - Check data length when parsing AVRCP vendor specific command responses am:
8148397ca2 am:
1f7ced7d2f
[automerger] DO NOT MERGE - Check data length when parsing AVRCP vendor specific command responses am:
8148397ca2
DO NOT MERGE - Check data length when parsing AVRCP vendor specific command responses
TreeHugger Robot [Fri, 7 Sep 2018 16:16:19 +0000 (16:16 +0000)]
Merge changes from topic "bt-security-avrc_pars_vendor_rsp-length-check-nyc-dev" into nyc-mr1-dev
* changes:
[automerger] DO NOT MERGE - Check data length when parsing AVRCP vendor specific command responses am:
8148397ca2 am:
1f7ced7d2f
[automerger] DO NOT MERGE - Check data length when parsing AVRCP vendor specific command responses am:
8148397ca2
DO NOT MERGE - Check data length when parsing AVRCP vendor specific command responses
TreeHugger Robot [Fri, 7 Sep 2018 16:16:19 +0000 (16:16 +0000)]
Merge changes from topic "bt-security-avrc_pars_vendor_rsp-length-check-nyc-dev" into nyc-dr1-dev
* changes:
[automerger] DO NOT MERGE - Check data length when parsing AVRCP vendor specific command responses am:
8148397ca2
DO NOT MERGE - Check data length when parsing AVRCP vendor specific command responses
TreeHugger Robot [Fri, 7 Sep 2018 16:16:19 +0000 (16:16 +0000)]
Merge "DO NOT MERGE - Check data length when parsing AVRCP vendor specific command responses" into nyc-dev
Android Build Merger (Role) [Fri, 7 Sep 2018 04:59:51 +0000 (04:59 +0000)]
[automerger] DO NOT MERGE - Check AVRCP data length when parsing inside avrc_ctrl_pars_vendor_rsp() am:
b4cf8416bf am:
c0e2026eb1 am:
eb2615a683
Change-Id: I99e38ee8048be6b98e0732fb32bffba78a81ae32
Android Build Merger (Role) [Fri, 7 Sep 2018 04:59:49 +0000 (04:59 +0000)]
[automerger] DO NOT MERGE - Check AVRCP data length when parsing inside avrc_ctrl_pars_vendor_rsp() am:
b4cf8416bf am:
c0e2026eb1
Change-Id: I06ca49edef4db3a930150ba7a6b875d6727ae50d
Android Build Merger (Role) [Fri, 7 Sep 2018 04:59:47 +0000 (04:59 +0000)]
[automerger] DO NOT MERGE - Check AVRCP data length when parsing inside avrc_ctrl_pars_vendor_rsp() am:
b4cf8416bf
Change-Id: I74cd9a6ffa3096d58b11092095b82f69fc94a3b7
Pavlin Radoslavov [Thu, 6 Sep 2018 22:41:27 +0000 (15:41 -0700)]
DO NOT MERGE - Check AVRCP data length when parsing inside avrc_ctrl_pars_vendor_rsp()
Bug:
111450417
Test: PoC test program
Change-Id: Idd619e52dc7a2944d0d08af824505580e299c163
(cherry picked from commit
2692408d05bf16738284b61833649cee5d2a2233)
Android Build Merger (Role) [Fri, 7 Sep 2018 00:42:34 +0000 (00:42 +0000)]
[automerger] DO NOT MERGE - Check data length when parsing AVRCP vendor specific command responses am:
8148397ca2 am:
1f7ced7d2f am:
33b88d2e2f
Change-Id: I5848daa571ae75f229b02b4856bd9c0ae8bc809a
Android Build Merger (Role) [Fri, 7 Sep 2018 00:42:32 +0000 (00:42 +0000)]
[automerger] DO NOT MERGE - Check data length when parsing AVRCP vendor specific command responses am:
8148397ca2 am:
1f7ced7d2f
Change-Id: Ia57b0cdffd9d0db790e002679342611c036b5788
Android Build Merger (Role) [Fri, 7 Sep 2018 00:42:31 +0000 (00:42 +0000)]
[automerger] DO NOT MERGE - Check data length when parsing AVRCP vendor specific command responses am:
8148397ca2
Change-Id: I986e2bb8acf0330ef5e8caa37180a5884725c2e6
Pavlin Radoslavov [Thu, 6 Sep 2018 01:21:31 +0000 (18:21 -0700)]
DO NOT MERGE - Check data length when parsing AVRCP vendor specific command responses
Bug:
111450531
Bug:
111896861
Test: PoC test program
Change-Id: I564bee8f05efabc29383659a75e695b4da76c6aa
(cherry picked from commit
7439ea940354f65a147c4ecfce3bada49c688047)
TreeHugger Robot [Fri, 10 Aug 2018 23:13:53 +0000 (23:13 +0000)]
Merge "Checks the SMP length to fix OOB read" into nyc-dev