git.osdn.net Git - android-x86/system-bt.git/log

(root) / android-x86 / system-bt.git / log

Ugo Yu [Mon, 29 Oct 2018 17:57:06 +0000 (01:57 +0800)]

DO NOT MERGE: Fix possible OOB when AVDT data channel recive ACL data

Bug: 111450156

Change-Id: Id23eeedcb7bde5866cd53a2f7f1c30f27c5352f6
(cherry picked from commit b0125caafec2183d73fc899ce5a8aee43a6e54af)

commit | commitdiff | tree

Jakub Pawlowski [Wed, 10 Oct 2018 18:07:12 +0000 (20:07 +0200)]

Fix possible OOB read in process_service_search_rsp

Bug: 74249842
Change-Id: I0dbe43f0da1f5a8f14bcb69659752de4bd70ca98
Merged-In: I0dbe43f0da1f5a8f14bcb69659752de4bd70ca98

commit | commitdiff | tree

Ugo Yu [Tue, 18 Sep 2018 12:49:22 +0000 (20:49 +0800)]

DO NOT MERGE - Check SDU lower bound before allocate p_data

Bug: 112321180
Test: SL4A BleCocTest:test_coc_insecured_connection_write_ascii
Change-Id: Id0c9aa2097f0b6bdc2bb9fa9086daa9452188e1d

commit | commitdiff | tree

TreeHugger Robot [Fri, 7 Sep 2018 16:16:19 +0000 (16:16 +0000)]

Merge "DO NOT MERGE - Check data length when parsing AVRCP vendor specific command responses" into nyc-dev

commit | commitdiff | tree

Pavlin Radoslavov [Thu, 6 Sep 2018 22:41:27 +0000 (15:41 -0700)]

DO NOT MERGE - Check AVRCP data length when parsing inside avrc_ctrl_pars_vendor_rsp()

Bug: 111450417
Test: PoC test program
Change-Id: Idd619e52dc7a2944d0d08af824505580e299c163
(cherry picked from commit 2692408d05bf16738284b61833649cee5d2a2233)

commit | commitdiff | tree

Pavlin Radoslavov [Thu, 6 Sep 2018 01:21:31 +0000 (18:21 -0700)]

DO NOT MERGE - Check data length when parsing AVRCP vendor specific command responses

Bug: 111450531
Bug: 111896861
Test: PoC test program
Change-Id: I564bee8f05efabc29383659a75e695b4da76c6aa
(cherry picked from commit 7439ea940354f65a147c4ecfce3bada49c688047)

commit | commitdiff | tree

TreeHugger Robot [Fri, 10 Aug 2018 23:13:53 +0000 (23:13 +0000)]

Merge "Checks the SMP length to fix OOB read" into nyc-dev

commit | commitdiff | tree

TreeHugger Robot [Fri, 10 Aug 2018 20:55:20 +0000 (20:55 +0000)]

Merge "DO NOT MERGE Add packet length check in smp_proc_master_id" into nyc-dev

commit | commitdiff | tree

TreeHugger Robot [Fri, 10 Aug 2018 20:06:42 +0000 (20:06 +0000)]

Merge "DO NOT MERGE: Add missing AVRCP message length checks inside avrc_msg_cback" into nyc-dev

commit | commitdiff | tree

TreeHugger Robot [Fri, 10 Aug 2018 19:52:34 +0000 (19:52 +0000)]

Merge "DO NOT MERGE Check packet length in bta_av_proc_meta_cmd" into nyc-dev

commit | commitdiff | tree

TreeHugger Robot [Fri, 10 Aug 2018 19:43:29 +0000 (19:43 +0000)]

Merge "DO NOT MERGE Fix OOB read before buffer length check" into nyc-dev

commit | commitdiff | tree

Ugo Yu [Wed, 8 Aug 2018 08:18:08 +0000 (16:18 +0800)]

DO NOT MERGE Add packet length check in smp_proc_master_id

Bug: 111937027
Test: manual
Change-Id: I2009b6be38f9733931e625379b035e84371fdcaf

commit | commitdiff | tree

Cheney Ni [Wed, 8 Aug 2018 14:40:27 +0000 (22:40 +0800)]

Checks the SMP length to fix OOB read

Bug: 111937065
Test: manual
Change-Id: I330880a6e1671d0117845430db4076dfe1aba688
Merged-In: I330880a6e1671d0117845430db4076dfe1aba688

commit | commitdiff | tree

Jakub Pawlowski [Mon, 16 Jul 2018 13:40:35 +0000 (06:40 -0700)]

Fix copy length calculation in sdp_copy_raw_data

Test: compilation
Bug: 110216176
Change-Id: Ic4a19c9f0fe8cd592bc6c25dcec7b1da49ff7459
Merged-In: Ic4a19c9f0fe8cd592bc6c25dcec7b1da49ff7459

commit | commitdiff | tree

TreeHugger Robot [Fri, 10 Aug 2018 00:39:29 +0000 (00:39 +0000)]

Merge "DO NOT MERGE Fix OOB read in avrc_ctrl_pars_vendor_rsp" into nyc-dev

commit | commitdiff | tree

Hansong Zhang [Thu, 9 Aug 2018 23:43:44 +0000 (23:43 +0000)]

Merge "DO NOT MERGE Check remaining frame length in rfc_process_mx_message" into nyc-dev

commit | commitdiff | tree

Hansong Zhang [Wed, 8 Aug 2018 18:38:30 +0000 (11:38 -0700)]

DO NOT MERGE Check remaining frame length in rfc_process_mx_message

Bug: 111936792
Bug: 80432928
Test: manual
Change-Id: Ie2c09f3d598fb230ce060c9043f5a88c241cdd79

commit | commitdiff | tree

Pavlin Radoslavov [Thu, 9 Aug 2018 20:40:54 +0000 (13:40 -0700)]

DO NOT MERGE: Add missing AVRCP message length checks inside avrc_msg_cback

Explicitly check the length of the received message before
accessing the data.

Bug: 111803925
Bug: 79883824
Test: POC scripts
Change-Id: I50d1d1f7dd7038ffcd5f0d5975ab1db43178067f
Merged-In: I00b1c6bd6dd7e18ac2c469ef2032c7ff10dcaecb

commit | commitdiff | tree

Cheney Ni [Tue, 7 Aug 2018 13:32:07 +0000 (21:32 +0800)]

DO NOT MERGE: Add packet length checks in mca_ccb_hdl_req

Bug: 110791536
Test: manual
Change-Id: Ica5d8037246682fdb190b2747a86ed8d44c2869a

commit | commitdiff | tree

Chienyuan [Wed, 8 Aug 2018 08:15:21 +0000 (16:15 +0800)]

DO NOT MERGE Check packet length in bta_av_proc_meta_cmd

Bug: 111893951
Test: manual
Change-Id: Ie562c393e949c275203617972d43bb005190b32b

commit | commitdiff | tree

Ugo Yu [Wed, 8 Aug 2018 06:57:25 +0000 (14:57 +0800)]

DO NOT MERGE Fix OOB read before buffer length check

Bug: 111936834
Test: manual
Change-Id: I60c500651f130876934a7b80889f4e021055fe73

commit | commitdiff | tree

Hansong Zhang [Mon, 6 Aug 2018 21:36:41 +0000 (14:36 -0700)]

DO NOT MERGE Fix OOB read in avrc_ctrl_pars_vendor_rsp

Bug: 78526423
Test: manual
Change-Id: I0eeacc6a25b12f4b999098375d0d032cfa462a91

commit | commitdiff | tree

TreeHugger Robot [Fri, 20 Jul 2018 18:25:33 +0000 (18:25 +0000)]

Merge "DO NOT MERGE SDP: Fix the param_len recalculation" into nyc-dev

commit | commitdiff | tree

Hansong Zhang [Fri, 20 Jul 2018 17:16:14 +0000 (10:16 -0700)]

DO NOT MERGE SDP: Fix the param_len recalculation

Bug: 78136869
Test: manual connection to an A2DP device
Change-Id: If32b848696180ab2fd33f514de89cb8c3d202e39

commit | commitdiff | tree

Android Build Merger (Role) [Fri, 20 Jul 2018 17:17:18 +0000 (17:17 +0000)]

[automerger] DO NOT MERGE SDP: Fix the param_len recalculation am: 7b2d711d9e am: 43d4bf00eb am: 7d92fdbb23 skipped: 58417f9233

Change-Id: I5429442640a203df07ba448e8b9837fb8017eb6d

commit | commitdiff | tree

Android Build Merger (Role) [Fri, 20 Jul 2018 17:17:17 +0000 (17:17 +0000)]

[automerger] DO NOT MERGE SDP: Fix the param_len recalculation am: 7b2d711d9e am: 43d4bf00eb am: 7d92fdbb23

Change-Id: Ie9d7f0209ad248035cb65c9e6d04236ba61a9264

commit | commitdiff | tree

Android Build Merger (Role) [Fri, 20 Jul 2018 17:17:15 +0000 (17:17 +0000)]

[automerger] DO NOT MERGE SDP: Fix the param_len recalculation am: 7b2d711d9e am: 43d4bf00eb

Change-Id: Iea2346e652fe6bb086e894615bb409491d60457d

commit | commitdiff | tree

Android Build Merger (Role) [Fri, 20 Jul 2018 17:17:14 +0000 (17:17 +0000)]

[automerger] DO NOT MERGE SDP: Fix the param_len recalculation am: 7b2d711d9e

Change-Id: I1adfd8dd7cd684e5d9af4a1967f0630e53fe035f

commit | commitdiff | tree

Hansong Zhang [Fri, 20 Jul 2018 17:16:14 +0000 (10:16 -0700)]

DO NOT MERGE SDP: Fix the param_len recalculation

Bug: 78136869
Test: manual connection to an A2DP device
Change-Id: If32b848696180ab2fd33f514de89cb8c3d202e39

commit | commitdiff | tree

Hansong Zhang [Fri, 13 Jul 2018 20:43:27 +0000 (13:43 -0700)]

DO NOT MERGE Fix a wrong check in rfc_parse_data

Bug: 78288018
Bug: 111436796
Test: manual
Change-Id: I16e6026acbaac230fe1453bbac040d1b75bcea2a

commit | commitdiff | tree

Hansong Zhang [Thu, 7 Jun 2018 23:11:27 +0000 (16:11 -0700)]

DO NOT MERGE Add bound check for rfc_parse_data

Bug: 78288018
Test: manual
Change-Id: I44349cd22c141483d01bce0f5a2131b727d0feb0
Merged-In: I44349cd22c141483d01bce0f5a2131b727d0feb0
(cherry picked from commit 1b9a465eea85e86984bb1e53be69880159e59c69)

commit | commitdiff | tree

Android Build Merger (Role) [Fri, 13 Jul 2018 16:16:15 +0000 (16:16 +0000)]

[automerger skipped] Add bound check for rfc_parse_data skipped: 1b9a465eea skipped: 5741c6951e skipped: aa697e3f87 skipped: b1f262ed40

Change-Id: I7b848bbdf257721c4f653daeb531ec2f6be4a6ad

commit | commitdiff | tree

Android Build Merger (Role) [Fri, 13 Jul 2018 16:16:13 +0000 (16:16 +0000)]

[automerger skipped] Add bound check for rfc_parse_data skipped: 1b9a465eea skipped: 5741c6951e skipped: aa697e3f87

Change-Id: Ibc434fafa8043a4c9b42e26a80d893441a4cef27

commit | commitdiff | tree

Android Build Merger (Role) [Fri, 13 Jul 2018 16:16:11 +0000 (16:16 +0000)]

[automerger skipped] Add bound check for rfc_parse_data skipped: 1b9a465eea skipped: 5741c6951e

Change-Id: I0e691f7030013c84b90a10e20e67274ac2408025

commit | commitdiff | tree

Android Build Merger (Role) [Fri, 13 Jul 2018 16:16:09 +0000 (16:16 +0000)]

[automerger skipped] Add bound check for rfc_parse_data skipped: 1b9a465eea

Change-Id: I4c80ed01bf081bfe6ab6d27fcbb5b685309fb2a2

commit | commitdiff | tree

Hansong Zhang [Thu, 7 Jun 2018 23:11:27 +0000 (16:11 -0700)]

Add bound check for rfc_parse_data

Bug: 78288018
Test: manual
Change-Id: I44349cd22c141483d01bce0f5a2131b727d0feb0
Merged-In: I44349cd22c141483d01bce0f5a2131b727d0feb0

commit | commitdiff | tree

Android Build Merger (Role) [Fri, 13 Jul 2018 12:47:07 +0000 (12:47 +0000)]

[automerger] Fix out of bounds read in l2c_rcv_acl_data am: 9bf8cb2683 am: 4a370bbdc5 am: 2e08a14470 skipped: e4460d953d

Change-Id: I0f7cd1a1d7e309db38eee7ae86ed761710a9bfb0

commit | commitdiff | tree

Android Build Merger (Role) [Fri, 13 Jul 2018 12:43:31 +0000 (12:43 +0000)]

[automerger] Fix out of bounds read in l2c_rcv_acl_data am: 9bf8cb2683 am: 4a370bbdc5 am: 2e08a14470

Change-Id: I6cd95ab6a7bf2509ef888134ff6a4d0aa18f4ac5

commit | commitdiff | tree

Android Build Merger (Role) [Fri, 13 Jul 2018 12:43:29 +0000 (12:43 +0000)]

[automerger] Fix out of bounds read in l2c_rcv_acl_data am: 9bf8cb2683 am: 4a370bbdc5

Change-Id: I289ef3ff584a174372e89b692aee08076e7f97ed

commit | commitdiff | tree

Android Build Merger (Role) [Fri, 13 Jul 2018 12:43:26 +0000 (12:43 +0000)]

[automerger] Fix out of bounds read in l2c_rcv_acl_data am: 9bf8cb2683

Change-Id: Ia857465d9a103a44d6219f90bcf606e23a712166

commit | commitdiff | tree

Jakub Pawlowski [Fri, 22 Jun 2018 09:57:19 +0000 (02:57 -0700)]

Fix out of bounds read in l2c_rcv_acl_data

Test: none
Bug: 80432895
Change-Id: I7807d00c02a84c545476e84bc1b71e0718df1f24
Merged-In: I7807d00c02a84c545476e84bc1b71e0718df1f24

commit | commitdiff | tree

Jakub Pawlowski [Fri, 13 Jul 2018 12:42:53 +0000 (12:42 +0000)]

Merge "Fix out of bounds read in l2c_rcv_acl_data" into nyc-dev

commit | commitdiff | tree

Android Build Merger (Role) [Fri, 13 Jul 2018 10:21:54 +0000 (10:21 +0000)]

[automerger] BLE: Don't access freed buffer in log message am: 6c7c67817d am: ee283d67bf am: ba7e4b88ca am: 36f5050f23

Change-Id: If437e47efd744648d5549e23793894de40281b10

commit | commitdiff | tree

Android Build Merger (Role) [Fri, 13 Jul 2018 10:21:51 +0000 (10:21 +0000)]

[automerger] BLE: Don't access freed buffer in log message am: 6c7c67817d am: ee283d67bf am: ba7e4b88ca

Change-Id: I4d7c71a8cec14b94039657bd8de3679a776c473e

commit | commitdiff | tree

Android Build Merger (Role) [Fri, 13 Jul 2018 10:21:48 +0000 (10:21 +0000)]

[automerger] BLE: Don't access freed buffer in log message am: 6c7c67817d am: ee283d67bf

Change-Id: I2dcc552158cfc27c73dec217d7f3e2581adf2426

commit | commitdiff | tree

Android Build Merger (Role) [Fri, 13 Jul 2018 10:21:46 +0000 (10:21 +0000)]

[automerger] BLE: Don't access freed buffer in log message am: 6c7c67817d

Change-Id: I9f5c4155c1def43351058c6cbda5f1258e3888d5

commit | commitdiff | tree

Nitin Shivpure [Tue, 6 Feb 2018 12:48:37 +0000 (18:18 +0530)]

BLE: Don't access freed buffer in log message

When GATT fail to write data on L2CAP, buffer is freed by L2CAP.
Accessing the buffer leads to fatal failure while printing the message info.

Test: BLE discover services and BT off test cases

Fixes: 73018520
Change-Id: I661398fd1321f6e68026b3720db4965fd6584d70
Merged-In: I661398fd1321f6e68026b3720db4965fd6584d70

commit | commitdiff | tree

Jakub Pawlowski [Fri, 22 Jun 2018 09:57:19 +0000 (02:57 -0700)]

Fix out of bounds read in l2c_rcv_acl_data

Test: none
Bug: 80432895
Change-Id: I7807d00c02a84c545476e84bc1b71e0718df1f24
Merged-In: I7807d00c02a84c545476e84bc1b71e0718df1f24

commit | commitdiff | tree

Android Build Merger (Role) [Fri, 13 Jul 2018 09:17:18 +0000 (09:17 +0000)]

[automerger] Add packet length checks in l2cble_process_sig_cmd am: 3a0aab555f am: 497f11b0fd am: 98366e0b06 skipped: d5ef3c9e76

Change-Id: I88b6879652a667ace51c8e304eeeb0f394493b58

commit | commitdiff | tree

Android Build Merger (Role) [Fri, 13 Jul 2018 09:16:03 +0000 (09:16 +0000)]

[automerger] Add packet length checks in l2cble_process_sig_cmd am: 3a0aab555f am: 497f11b0fd am: 98366e0b06

Change-Id: Iebe8378ad968c488cbc4b88a986566d40c4bae07

commit | commitdiff | tree

Android Build Merger (Role) [Fri, 13 Jul 2018 09:16:01 +0000 (09:16 +0000)]

[automerger] Add packet length checks in l2cble_process_sig_cmd am: 3a0aab555f am: 497f11b0fd

Change-Id: Ia9dfcc76e8a3a464d1d000e59c998d7958119e83

commit | commitdiff | tree

Android Build Merger (Role) [Fri, 13 Jul 2018 09:15:58 +0000 (09:15 +0000)]

[automerger] Add packet length checks in l2cble_process_sig_cmd am: 3a0aab555f

Change-Id: If6a5bdde9eee5540844938956063199c9e640da3

commit | commitdiff | tree

Jakub Pawlowski [Fri, 22 Jun 2018 05:56:11 +0000 (22:56 -0700)]

Add packet length checks in l2cble_process_sig_cmd

Bug: 80261585
Test: compilation
Change-Id: Icf55747dc948bcce140a12658237554938e2d717
Merged-In: Icf55747dc948bcce140a12658237554938e2d717

commit | commitdiff | tree

Jakub Pawlowski [Wed, 11 Jul 2018 09:57:07 +0000 (02:57 -0700)]

Don't use Address after it was deleted

Bug: 110216173
Change-Id: Id3364cf53153eafed478546d7347ed1673217e91
Merged-In: Id3364cf53153eafed478546d7347ed1673217e91

commit | commitdiff | tree

Jakub Pawlowski [Fri, 22 Jun 2018 05:56:11 +0000 (22:56 -0700)]

Add packet length checks in l2cble_process_sig_cmd

Bug: 80261585
Test: compilation
Change-Id: Icf55747dc948bcce140a12658237554938e2d717
Merged-In: Icf55747dc948bcce140a12658237554938e2d717

commit | commitdiff | tree

TreeHugger Robot [Thu, 12 Jul 2018 22:28:54 +0000 (22:28 +0000)]

Merge "DO NOT MERGE HID Host: Check L2CAP packet data length" into nyc-dev

commit | commitdiff | tree