git.osdn.net Git - android-x86/system-bt.git/log

(root) / android-x86 / system-bt.git / log

Android Build Merger (Role) [Tue, 22 Jan 2019 21:47:38 +0000 (21:47 +0000)]

[automerger] DO NOT MERGE btm_proc_smp_cback: Don't access p_dev_rec if freed am: 74c6d501ce am: 059e3c77e2 am: a244a4072c am: 90265d4ee0 skipped: 84ba34d57a

Change-Id: I73f54778128ee9bf1ed46c55bbd545b29ed2dc54

commit | commitdiff | tree

Android Build Merger (Role) [Tue, 22 Jan 2019 21:47:36 +0000 (21:47 +0000)]

[automerger] DO NOT MERGE btm_proc_smp_cback: Don't access p_dev_rec if freed am: 74c6d501ce am: 059e3c77e2 am: a244a4072c am: 90265d4ee0

Change-Id: I080739b77c52af5ff54bfc4e8a20cf8fd52b235b

commit | commitdiff | tree

Android Build Merger (Role) [Tue, 22 Jan 2019 21:47:35 +0000 (21:47 +0000)]

[automerger] DO NOT MERGE btm_proc_smp_cback: Don't access p_dev_rec if freed am: 74c6d501ce am: 059e3c77e2 am: a244a4072c

Change-Id: Ic43337c91c1cdcb9eaea22311cd7205dc05dcfa2

commit | commitdiff | tree

Android Build Merger (Role) [Tue, 22 Jan 2019 21:47:33 +0000 (21:47 +0000)]

[automerger] DO NOT MERGE btm_proc_smp_cback: Don't access p_dev_rec if freed am: 74c6d501ce am: 059e3c77e2

Change-Id: I96de72b97a23eebad116c98899f59f399614cff7

commit | commitdiff | tree

Android Build Merger (Role) [Tue, 22 Jan 2019 21:47:32 +0000 (21:47 +0000)]

[automerger] DO NOT MERGE btm_proc_smp_cback: Don't access p_dev_rec if freed am: 74c6d501ce

Change-Id: Iad8449f422afb55305d3f1f2a148a4122c49c7d8

commit | commitdiff | tree

Hansong Zhang [Tue, 22 Jan 2019 21:46:47 +0000 (13:46 -0800)]

DO NOT MERGE btm_proc_smp_cback: Don't access p_dev_rec if freed

In btm_proc_smp_cback(), return after p_dev_rec is freed in the middle
to prevent use after free

Bug: 120612744
Test: Use ASAN build; connect to a LE device and wait for timeout
Change-Id: I09aa1cf1d1c835146b62d0f4989aeedfb885d95b

commit | commitdiff | tree

TreeHugger Robot [Mon, 7 Jan 2019 22:33:36 +0000 (22:33 +0000)]

Merge "DO NOT MERGE A security fix to check buffer length in l2c_lcc_proc_pdu" into oc-dev

commit | commitdiff | tree

Stanley Tng [Tue, 11 Dec 2018 22:45:13 +0000 (14:45 -0800)]

DO NOT MERGE A security fix to check buffer length in l2c_lcc_proc_pdu

Add check to make sure that data buffer is big enough to read the 2
bytes for length.

Also, fix a regression from the previous CL that checks the buffer length
before doing a memcpy. The previous check is too strict causing valid
sized buffers to be rejected. The length check is incorrect and off by the header size.

Bug: 120665616
Test: Run the SL4A Test for LE CoC, BleCoCTest
Merged-In: I30b7a8af11d3a5f974cb39e06b0e3463bebc8e9a
Change-Id: I30b7a8af11d3a5f974cb39e06b0e3463bebc8e9a
(cherry picked from commit fcb1994de1f6ee34b8dc6804a2b32e20bf138073)
(cherry picked from commit 1f1d8b97d80d25023c4c7b04d2aa18d367f4158d)
(cherry picked from commit 6b2739f309f7719086eb8201b3e1a35ba60035f4)

commit | commitdiff | tree

Android Build Merger (Role) [Sun, 6 Jan 2019 21:36:29 +0000 (21:36 +0000)]

[automerger] DO NOT MERGE A security fix to check buffer length in l2c_lcc_proc_pdu am: c1fcbd5508 am: 85b4574a31 am: 097ecf3d88 am: 2ebe3d52b0 skipped: dff13d810c

Change-Id: I92b4d78f5b6a53c863e7ec6d91b4cc32982258f8

commit | commitdiff | tree

Android Build Merger (Role) [Sun, 6 Jan 2019 21:36:28 +0000 (21:36 +0000)]

[automerger] DO NOT MERGE A security fix to check buffer length in l2c_lcc_proc_pdu am: c1fcbd5508 am: 85b4574a31 am: 097ecf3d88 am: 2ebe3d52b0

Change-Id: I0cbec621cadfaaf9142d427b52a17cd9db3cd08a

commit | commitdiff | tree

Android Build Merger (Role) [Sun, 6 Jan 2019 21:36:27 +0000 (21:36 +0000)]

[automerger] DO NOT MERGE A security fix to check buffer length in l2c_lcc_proc_pdu am: c1fcbd5508 am: 85b4574a31 am: 097ecf3d88

Change-Id: I9fd0733ff10442ca2050e440b954a9cb2f574c1a

commit | commitdiff | tree

Android Build Merger (Role) [Sun, 6 Jan 2019 21:36:26 +0000 (21:36 +0000)]

[automerger] DO NOT MERGE A security fix to check buffer length in l2c_lcc_proc_pdu am: c1fcbd5508 am: 85b4574a31

Change-Id: I40ce009c5868fde902bc29a0af1b62c89f02f158

commit | commitdiff | tree

Android Build Merger (Role) [Sun, 6 Jan 2019 21:36:24 +0000 (21:36 +0000)]

[automerger] DO NOT MERGE A security fix to check buffer length in l2c_lcc_proc_pdu am: c1fcbd5508

Change-Id: I5812786ed1ac013a273e300c1ddbe3fd26857543

commit | commitdiff | tree

Stanley Tng [Tue, 11 Dec 2018 22:45:13 +0000 (14:45 -0800)]

commit | commitdiff | tree

Ugo Yu [Tue, 13 Nov 2018 12:03:28 +0000 (20:03 +0800)]

Add OOB check in avrc_pars_browse_rsp

Bug: 111451066
Test: Manully
Change-Id: I068d218b8957bb8f053148d252a9119a8def28cc

commit | commitdiff | tree

Android Build Merger (Role) [Thu, 29 Nov 2018 11:52:36 +0000 (11:52 +0000)]

[automerger] Fix buffer overflow in btif_dm_data_copy am: d117975904 am: 12d8535d0f am: 98ced409a5 am: c75667da96 skipped: 89e9bbb83c

Change-Id: Ia431ddd5ad1d6ee86bd6edd1057372b8dbf51d3b

commit | commitdiff | tree

Android Build Merger (Role) [Thu, 29 Nov 2018 11:51:42 +0000 (11:51 +0000)]

[automerger] Fix buffer overflow in btif_dm_data_copy am: d117975904 am: 12d8535d0f am: 98ced409a5 am: c75667da96

Change-Id: I0e5f1348f27f0d9981f99cc0897f9dcc9f443bf3

commit | commitdiff | tree

Android Build Merger (Role) [Thu, 29 Nov 2018 11:51:39 +0000 (11:51 +0000)]

[automerger] Fix buffer overflow in btif_dm_data_copy am: d117975904 am: 12d8535d0f am: 98ced409a5

Change-Id: I258a6e883061d68b24b30e17e03f72d2000e5f3f

commit | commitdiff | tree

Android Build Merger (Role) [Thu, 29 Nov 2018 11:51:37 +0000 (11:51 +0000)]

[automerger] Fix buffer overflow in btif_dm_data_copy am: d117975904 am: 12d8535d0f

Change-Id: I22ea297e564616790fd7e916747cdcea25d2b068

commit | commitdiff | tree

Android Build Merger (Role) [Thu, 29 Nov 2018 11:51:34 +0000 (11:51 +0000)]

[automerger] Fix buffer overflow in btif_dm_data_copy am: d117975904

Change-Id: Icbd5b31039dbf3016575f9d6d69b216d76564c96

commit | commitdiff | tree

Jakub Pawlowski [Tue, 27 Nov 2018 16:59:57 +0000 (17:59 +0100)]

Fix buffer overflow in btif_dm_data_copy

When we use a union, we should always define variables as the union type,
not as one of the field subtypes. If the latter is cast to the union type,
buffer overflow can happen.

Bug: 110166268
Test: compilation
Change-Id: I473c03b099ad5a326e7a3739f65efd33cf4775bd
Merged-In: I473c03b099ad5a326e7a3739f65efd33cf4775bd

commit | commitdiff | tree

Jakub Pawlowski [Tue, 27 Nov 2018 17:22:22 +0000 (18:22 +0100)]

commit | commitdiff | tree

Android Build Merger (Role) [Tue, 27 Nov 2018 20:09:16 +0000 (20:09 +0000)]

[automerger] Fix potential usage of freed memory in btif_hl_proc_sdp_query_cfm am: 78508d2c2c am: a236f16071 am: 3f5af0aa65 am: 12557bb999 skipped: 2470706409

Change-Id: Id4bfbba911ecb95c728e1daba294fefc9d1de4ce

commit | commitdiff | tree

Android Build Merger (Role) [Tue, 27 Nov 2018 16:47:48 +0000 (16:47 +0000)]

[automerger] Fix potential usage of freed memory in btif_hl_proc_sdp_query_cfm am: 78508d2c2c am: a236f16071 am: 3f5af0aa65 am: 12557bb999

Change-Id: I1ecbacc502b14733b0f4bd11b057763506b1fd95

commit | commitdiff | tree

Android Build Merger (Role) [Tue, 27 Nov 2018 16:47:45 +0000 (16:47 +0000)]

[automerger] Fix potential usage of freed memory in btif_hl_proc_sdp_query_cfm am: 78508d2c2c am: a236f16071 am: 3f5af0aa65

Change-Id: I98ae5ab9e24acd447c0c72835067db0bc7430371

commit | commitdiff | tree

Android Build Merger (Role) [Tue, 27 Nov 2018 16:47:42 +0000 (16:47 +0000)]

[automerger] Fix potential usage of freed memory in btif_hl_proc_sdp_query_cfm am: 78508d2c2c am: a236f16071

Change-Id: I8615cedf8b9192c46506c54934229089021fe101

commit | commitdiff | tree

Android Build Merger (Role) [Tue, 27 Nov 2018 16:47:40 +0000 (16:47 +0000)]

[automerger] Fix potential usage of freed memory in btif_hl_proc_sdp_query_cfm am: 78508d2c2c

Change-Id: If8da202c56ee7deeb7aba67f59b19ef28466f6ae

commit | commitdiff | tree

Jakub Pawlowski [Tue, 20 Nov 2018 21:31:31 +0000 (22:31 +0100)]

Fix potential usage of freed memory in btif_hl_proc_sdp_query_cfm

Bug: 116222069
Test: compilation
Change-Id: Iebe2c500dfc2806ca321fdcd170e20c680619d4d
Merged-In: Iebe2c500dfc2806ca321fdcd170e20c680619d4d

commit | commitdiff | tree

Jakub Pawlowski [Tue, 20 Nov 2018 21:31:31 +0000 (22:31 +0100)]

Fix potential usage of freed memory in btif_hl_proc_sdp_query_cfm

Bug: 116222069
Test: compilation
Change-Id: Iebe2c500dfc2806ca321fdcd170e20c680619d4d

commit | commitdiff | tree

Cheney Ni [Thu, 8 Nov 2018 18:56:07 +0000 (18:56 +0000)]

Revert "Fix OOB in avrc_pars_browse_rsp"

This reverts commit 32a33dc12d4a9b21306510a98bcd039ca3be1dd3.

Reason for revert: regression issue found.

Change-Id: I48db0b0313477e1f3b6fe97cd4d540dfe16f3963
Bug: 111451066

commit | commitdiff | tree

TreeHugger Robot [Mon, 5 Nov 2018 21:32:27 +0000 (21:32 +0000)]

Merge "DO NOT MERGE HFP: Check AT command buffer boundary during parsing" into oc-dev

commit | commitdiff | tree

TreeHugger Robot [Mon, 5 Nov 2018 19:06:20 +0000 (19:06 +0000)]

Merge "DO NOT MERGE: SDP: Check p_end in save_attr_seq and add_attr" into oc-dev

commit | commitdiff | tree

Hansong Zhang [Mon, 5 Nov 2018 18:03:36 +0000 (18:03 +0000)]

Merge "DO NOT MERGE HFP: Check AT command buffer boundary during parsing" into nyc-dev

commit | commitdiff | tree

Android Build Merger (Role) [Mon, 5 Nov 2018 18:01:29 +0000 (18:01 +0000)]

[automerger skipped] DO NOT MERGE HFP: Check AT command buffer boundary during parsing skipped: 163dec2ae1 skipped: 9805ed7a7a skipped: f9606e1d89 skipped: c96313fb2c skipped: 9c2fb57cee

Change-Id: I9bb69caded703f74c79189f0cf78069e1fab9ca5

commit | commitdiff | tree

Android Build Merger (Role) [Mon, 5 Nov 2018 18:01:28 +0000 (18:01 +0000)]

[automerger skipped] DO NOT MERGE HFP: Check AT command buffer boundary during parsing skipped: 163dec2ae1 skipped: 9805ed7a7a skipped: f9606e1d89 skipped: c96313fb2c

Change-Id: I29b39b9cd2b0390289b525bf50ce4080b4a9557a

commit | commitdiff | tree

Android Build Merger (Role) [Mon, 5 Nov 2018 18:01:27 +0000 (18:01 +0000)]

[automerger skipped] DO NOT MERGE HFP: Check AT command buffer boundary during parsing skipped: 163dec2ae1 skipped: 9805ed7a7a skipped: f9606e1d89

Change-Id: Iee0814f1ed5a5decc214abad4721a84825cd53b1

commit | commitdiff | tree

Android Build Merger (Role) [Mon, 5 Nov 2018 18:01:26 +0000 (18:01 +0000)]

[automerger skipped] DO NOT MERGE HFP: Check AT command buffer boundary during parsing skipped: 163dec2ae1 skipped: 9805ed7a7a

Change-Id: I5977408e04b4479c9aa2b5d16a03e18d7e9deced

commit | commitdiff | tree

Android Build Merger (Role) [Mon, 5 Nov 2018 18:01:25 +0000 (18:01 +0000)]

[automerger skipped] DO NOT MERGE HFP: Check AT command buffer boundary during parsing skipped: 163dec2ae1

Change-Id: I406dd66fa46d18b70d48faedf810d6a3ddbe3fbc

commit | commitdiff | tree

TreeHugger Robot [Mon, 5 Nov 2018 17:16:37 +0000 (17:16 +0000)]

Merge "DO NOT MERGE: HH: Check parameter length in bta_hh_ctrl_dat_act" into oc-dev

commit | commitdiff | tree

TreeHugger Robot [Mon, 5 Nov 2018 17:16:34 +0000 (17:16 +0000)]

Merge "DO NOT MERGE: HH: Check parameter length in bta_hh_ctrl_dat_act" into nyc-dev

commit | commitdiff | tree

TreeHugger Robot [Mon, 5 Nov 2018 17:16:34 +0000 (17:16 +0000)]

Merge changes from topic "am-154171ba-0805-48c6-88cf-c592ee3cf37c" into nyc-mr2-dev

* changes:
  [automerger] DO NOT MERGE: HH: Check parameter length in bta_hh_ctrl_dat_act am: a4a11e1981 am: 9172befdc8 am: 13e8d7ad1c am: d474c386ef
  [automerger] DO NOT MERGE: HH: Check parameter length in bta_hh_ctrl_dat_act am: a4a11e1981 am: 9172befdc8 am: 13e8d7ad1c
  [automerger] DO NOT MERGE: HH: Check parameter length in bta_hh_ctrl_dat_act am: a4a11e1981 am: 9172befdc8
  [automerger] DO NOT MERGE: HH: Check parameter length in bta_hh_ctrl_dat_act am: a4a11e1981
  DO NOT MERGE: HH: Check parameter length in bta_hh_ctrl_dat_act

commit | commitdiff | tree

TreeHugger Robot [Mon, 5 Nov 2018 17:16:34 +0000 (17:16 +0000)]

Merge changes from topic "am-154171ba-0805-48c6-88cf-c592ee3cf37c" into cw-f-dev

* changes:
  [automerger] DO NOT MERGE: HH: Check parameter length in bta_hh_ctrl_dat_act am: a4a11e1981 am: 9172befdc8 am: 13e8d7ad1c
  [automerger] DO NOT MERGE: HH: Check parameter length in bta_hh_ctrl_dat_act am: a4a11e1981 am: 9172befdc8
  [automerger] DO NOT MERGE: HH: Check parameter length in bta_hh_ctrl_dat_act am: a4a11e1981
  DO NOT MERGE: HH: Check parameter length in bta_hh_ctrl_dat_act

commit | commitdiff | tree

TreeHugger Robot [Mon, 5 Nov 2018 17:16:34 +0000 (17:16 +0000)]

Merge changes from topic "am-154171ba-0805-48c6-88cf-c592ee3cf37c" into nyc-mr1-dev

* changes:
  [automerger] DO NOT MERGE: HH: Check parameter length in bta_hh_ctrl_dat_act am: a4a11e1981 am: 9172befdc8
  [automerger] DO NOT MERGE: HH: Check parameter length in bta_hh_ctrl_dat_act am: a4a11e1981
  DO NOT MERGE: HH: Check parameter length in bta_hh_ctrl_dat_act

commit | commitdiff | tree

TreeHugger Robot [Mon, 5 Nov 2018 17:16:34 +0000 (17:16 +0000)]

Merge changes from topic "am-154171ba-0805-48c6-88cf-c592ee3cf37c" into nyc-dr1-dev

* changes:
[automerger] DO NOT MERGE: HH: Check parameter length in bta_hh_ctrl_dat_act am: a4a11e1981
DO NOT MERGE: HH: Check parameter length in bta_hh_ctrl_dat_act

commit | commitdiff | tree

TreeHugger Robot [Mon, 5 Nov 2018 17:16:34 +0000 (17:16 +0000)]

Merge changes from topic "am-154171ba-0805-48c6-88cf-c592ee3cf37c" into oc-dev

* changes:
  [automerger] DO NOT MERGE: HH: Check parameter length in bta_hh_ctrl_dat_act am: a4a11e1981 am: 9172befdc8 am: 13e8d7ad1c am: d474c386ef skipped: 0ea657053e
  [automerger] DO NOT MERGE: HH: Check parameter length in bta_hh_ctrl_dat_act am: a4a11e1981 am: 9172befdc8 am: 13e8d7ad1c am: d474c386ef
  [automerger] DO NOT MERGE: HH: Check parameter length in bta_hh_ctrl_dat_act am: a4a11e1981 am: 9172befdc8 am: 13e8d7ad1c
  [automerger] DO NOT MERGE: HH: Check parameter length in bta_hh_ctrl_dat_act am: a4a11e1981 am: 9172befdc8
  [automerger] DO NOT MERGE: HH: Check parameter length in bta_hh_ctrl_dat_act am: a4a11e1981
  DO NOT MERGE: HH: Check parameter length in bta_hh_ctrl_dat_act

commit | commitdiff | tree

Chienyuan [Thu, 11 Oct 2018 01:47:46 +0000 (09:47 +0800)]

DO NOT MERGE HFP: Check AT command buffer boundary during parsing

* add p_end parameter to tBTA_AG_AT_CMD_CBACK, bta_ag_at_hsp_cback
and bta_ag_at_hfp_cback to indicate effective data range of p_arg
* add checks for buffer copy overflow in bta_ag_at_hsp_cback and
bta_ag_at_hfp_cback
* add packet legnth checks with p_end in bta_ag_parse_cmer
* add packet length checks with p_end in bta_ag_parse_bac

Bug: 112860487
Test: manual
Change-Id: I6bbbc2ba29ad025c7d3ba023d8191af6a11c4aa9
Merged-In: I6bbbc2ba29ad025c7d3ba023d8191af6a11c4aa9

commit | commitdiff | tree

TreeHugger Robot [Sat, 3 Nov 2018 00:37:33 +0000 (00:37 +0000)]

Merge changes from topic "Check-AT-command-buffer-boundary-during-parsing" into nyc-mr2-dev

* changes:
  [automerger] DO NOT MERGE HFP: Check AT command buffer boundary during parsing am: aea10aec7f am: 289b3fa863
  [automerger] DO NOT MERGE HFP: Check AT command buffer boundary during parsing am: aea10aec7f
  DO NOT MERGE HFP: Check AT command buffer boundary during parsing

commit | commitdiff | tree

TreeHugger Robot [Sat, 3 Nov 2018 00:37:33 +0000 (00:37 +0000)]

Merge changes from topic "Check-AT-command-buffer-boundary-during-parsing" into cw-f-dev

* changes:
[automerger] DO NOT MERGE HFP: Check AT command buffer boundary during parsing am: aea10aec7f
DO NOT MERGE HFP: Check AT command buffer boundary during parsing

commit | commitdiff | tree

TreeHugger Robot [Sat, 3 Nov 2018 00:37:33 +0000 (00:37 +0000)]

Merge "DO NOT MERGE HFP: Check AT command buffer boundary during parsing" into nyc-mr1-dev

commit | commitdiff | tree

TreeHugger Robot [Sat, 3 Nov 2018 00:37:33 +0000 (00:37 +0000)]

Merge changes from topic "Check-AT-command-buffer-boundary-during-parsing" into oc-dev

* changes:
  [automerger] DO NOT MERGE HFP: Check AT command buffer boundary during parsing am: aea10aec7f am: 289b3fa863 skipped: 04ade0fdc0
  [automerger] DO NOT MERGE HFP: Check AT command buffer boundary during parsing am: aea10aec7f am: 289b3fa863
  [automerger] DO NOT MERGE HFP: Check AT command buffer boundary during parsing am: aea10aec7f
  DO NOT MERGE HFP: Check AT command buffer boundary during parsing

commit | commitdiff | tree

Myles Watson [Thu, 25 Oct 2018 00:05:12 +0000 (17:05 -0700)]

DO NOT MERGE: SDP: Check p_end in save_attr_seq and add_attr

Bug: 115900043
Test: Sanity pairing and SDP PTS
Change-Id: Ib642f79ed22b65ede5ff786cb1e163d172480f11
Merged-In: Ib642f79ed22b65ede5ff786cb1e163d172480f11

commit | commitdiff | tree