OSDN Git Service
TreeHugger Robot [Thu, 7 Feb 2019 21:07:56 +0000 (21:07 +0000)]
Merge changes from topic "am-
5380790e-42fb-4784-96c0-
4412e4fdccd0" into oc-dev
* changes:
[automerger] DO NOT MERGE btm_proc_smp_cback: Don't access p_dev_rec if freed am:
74c6d501ce am:
059e3c77e2 am:
a244a4072c am:
90265d4ee0 skipped:
84ba34d57a
[automerger] DO NOT MERGE btm_proc_smp_cback: Don't access p_dev_rec if freed am:
74c6d501ce am:
059e3c77e2 am:
a244a4072c am:
90265d4ee0
[automerger] DO NOT MERGE btm_proc_smp_cback: Don't access p_dev_rec if freed am:
74c6d501ce am:
059e3c77e2 am:
a244a4072c
[automerger] DO NOT MERGE btm_proc_smp_cback: Don't access p_dev_rec if freed am:
74c6d501ce am:
059e3c77e2
[automerger] DO NOT MERGE btm_proc_smp_cback: Don't access p_dev_rec if freed am:
74c6d501ce
DO NOT MERGE btm_proc_smp_cback: Don't access p_dev_rec if freed
TreeHugger Robot [Sat, 2 Feb 2019 07:52:13 +0000 (07:52 +0000)]
Merge changes from topic "am-
cdd47550-8877-443a-826f-
db2b25d750ce" into oc-dev
* changes:
[automerger] DO NOT MERGE process_l2cap_cmd: Fix OOB am:
38f07a3c93 am:
14f6578d9e am:
53e323b2af am:
d0584f3dcf skipped:
55b702e6c4
[automerger] DO NOT MERGE process_l2cap_cmd: Fix OOB am:
38f07a3c93 am:
14f6578d9e am:
53e323b2af am:
d0584f3dcf
[automerger] DO NOT MERGE process_l2cap_cmd: Fix OOB am:
38f07a3c93 am:
14f6578d9e am:
53e323b2af
[automerger] DO NOT MERGE process_l2cap_cmd: Fix OOB am:
38f07a3c93 am:
14f6578d9e
[automerger] DO NOT MERGE process_l2cap_cmd: Fix OOB am:
38f07a3c93
DO NOT MERGE process_l2cap_cmd: Fix OOB
TreeHugger Robot [Fri, 1 Feb 2019 23:18:22 +0000 (23:18 +0000)]
Merge "process_l2cap_cmd: Fix OOB" into oc-dev
TreeHugger Robot [Wed, 30 Jan 2019 00:25:28 +0000 (00:25 +0000)]
Merge "btm_ble_multi_adv: Check data length in HCI interface" into oc-dev
Android Build Merger (Role) [Tue, 22 Jan 2019 21:47:38 +0000 (21:47 +0000)]
[automerger] DO NOT MERGE btm_proc_smp_cback: Don't access p_dev_rec if freed am:
74c6d501ce am:
059e3c77e2 am:
a244a4072c am:
90265d4ee0 skipped:
84ba34d57a
Change-Id: I73f54778128ee9bf1ed46c55bbd545b29ed2dc54
Android Build Merger (Role) [Tue, 22 Jan 2019 21:47:36 +0000 (21:47 +0000)]
[automerger] DO NOT MERGE btm_proc_smp_cback: Don't access p_dev_rec if freed am:
74c6d501ce am:
059e3c77e2 am:
a244a4072c am:
90265d4ee0
Change-Id: I080739b77c52af5ff54bfc4e8a20cf8fd52b235b
Android Build Merger (Role) [Tue, 22 Jan 2019 21:47:35 +0000 (21:47 +0000)]
[automerger] DO NOT MERGE btm_proc_smp_cback: Don't access p_dev_rec if freed am:
74c6d501ce am:
059e3c77e2 am:
a244a4072c
Change-Id: Ic43337c91c1cdcb9eaea22311cd7205dc05dcfa2
Android Build Merger (Role) [Tue, 22 Jan 2019 21:47:33 +0000 (21:47 +0000)]
[automerger] DO NOT MERGE btm_proc_smp_cback: Don't access p_dev_rec if freed am:
74c6d501ce am:
059e3c77e2
Change-Id: I96de72b97a23eebad116c98899f59f399614cff7
Android Build Merger (Role) [Tue, 22 Jan 2019 21:47:32 +0000 (21:47 +0000)]
[automerger] DO NOT MERGE btm_proc_smp_cback: Don't access p_dev_rec if freed am:
74c6d501ce
Change-Id: Iad8449f422afb55305d3f1f2a148a4122c49c7d8
Hansong Zhang [Tue, 22 Jan 2019 21:46:47 +0000 (13:46 -0800)]
DO NOT MERGE btm_proc_smp_cback: Don't access p_dev_rec if freed
In btm_proc_smp_cback(), return after p_dev_rec is freed in the middle
to prevent use after free
Bug:
120612744
Test: Use ASAN build; connect to a LE device and wait for timeout
Change-Id: I09aa1cf1d1c835146b62d0f4989aeedfb885d95b
Android Build Merger (Role) [Tue, 22 Jan 2019 18:47:24 +0000 (18:47 +0000)]
[automerger] DO NOT MERGE process_l2cap_cmd: Fix OOB am:
38f07a3c93 am:
14f6578d9e am:
53e323b2af am:
d0584f3dcf skipped:
55b702e6c4
Change-Id: If1fb97bc56d2ed652f56f1f962aea1d00843543e
Android Build Merger (Role) [Tue, 22 Jan 2019 18:47:22 +0000 (18:47 +0000)]
[automerger] DO NOT MERGE process_l2cap_cmd: Fix OOB am:
38f07a3c93 am:
14f6578d9e am:
53e323b2af am:
d0584f3dcf
Change-Id: I101a465864f054989085bba0ccf2fc633445f356
Android Build Merger (Role) [Tue, 22 Jan 2019 18:47:20 +0000 (18:47 +0000)]
[automerger] DO NOT MERGE process_l2cap_cmd: Fix OOB am:
38f07a3c93 am:
14f6578d9e am:
53e323b2af
Change-Id: I9a919a3168f0d37834a14778c3f24f1e5f417685
Android Build Merger (Role) [Tue, 22 Jan 2019 18:47:18 +0000 (18:47 +0000)]
[automerger] DO NOT MERGE process_l2cap_cmd: Fix OOB am:
38f07a3c93 am:
14f6578d9e
Change-Id: I1df2130c25d9399d2c6ebc47bc0b8ec127994b89
Android Build Merger (Role) [Tue, 22 Jan 2019 18:47:16 +0000 (18:47 +0000)]
[automerger] DO NOT MERGE process_l2cap_cmd: Fix OOB am:
38f07a3c93
Change-Id: I89bb716ce51a1d98147c0df527174b4934999347
Hansong Zhang [Fri, 18 Jan 2019 19:51:00 +0000 (11:51 -0800)]
DO NOT MERGE process_l2cap_cmd: Fix OOB
Bug:
119870451
Test: POC
Change-Id: Ieef322a3ad4cebcaf40e5388584d3a04a4761d2e
Hansong Zhang [Mon, 14 Jan 2019 22:59:35 +0000 (14:59 -0800)]
process_l2cap_cmd: Fix OOB
Bug:
119870451
Test: POC
Change-Id: I2f5e7fedd9aed96c4ffc55af79fdac61c2e5b087
Merged-In: I5131bbf9cda6248fdbbc4bb91916b2fe3731246e
Hansong Zhang [Wed, 16 Jan 2019 20:33:26 +0000 (12:33 -0800)]
btm_ble_multi_adv: Check data length in HCI interface
For BleAdvertiserVscHciInterfaceImpl and
BleAdvertiserLegacyHciInterfaceImpl, the maximum size of scan response
and advertising packet data length should be BTM_BLE_AD_DATA_LEN (31).
Bug:
121145627
Test: POC
Change-Id: I7653a6c186b7313ef2b1547bca120b9d41c90140
TreeHugger Robot [Mon, 7 Jan 2019 22:33:36 +0000 (22:33 +0000)]
Merge "DO NOT MERGE A security fix to check buffer length in l2c_lcc_proc_pdu" into oc-dev
Stanley Tng [Tue, 11 Dec 2018 22:45:13 +0000 (14:45 -0800)]
DO NOT MERGE A security fix to check buffer length in l2c_lcc_proc_pdu
Add check to make sure that data buffer is big enough to read the 2
bytes for length.
Also, fix a regression from the previous CL that checks the buffer length
before doing a memcpy. The previous check is too strict causing valid
sized buffers to be rejected. The length check is incorrect and off by the header size.
Bug:
120665616
Test: Run the SL4A Test for LE CoC, BleCoCTest
Merged-In: I30b7a8af11d3a5f974cb39e06b0e3463bebc8e9a
Change-Id: I30b7a8af11d3a5f974cb39e06b0e3463bebc8e9a
(cherry picked from commit
fcb1994de1f6ee34b8dc6804a2b32e20bf138073)
(cherry picked from commit
1f1d8b97d80d25023c4c7b04d2aa18d367f4158d)
(cherry picked from commit
6b2739f309f7719086eb8201b3e1a35ba60035f4)
Android Build Merger (Role) [Sun, 6 Jan 2019 21:36:29 +0000 (21:36 +0000)]
[automerger] DO NOT MERGE A security fix to check buffer length in l2c_lcc_proc_pdu am:
c1fcbd5508 am:
85b4574a31 am:
097ecf3d88 am:
2ebe3d52b0 skipped:
dff13d810c
Change-Id: I92b4d78f5b6a53c863e7ec6d91b4cc32982258f8
Android Build Merger (Role) [Sun, 6 Jan 2019 21:36:28 +0000 (21:36 +0000)]
[automerger] DO NOT MERGE A security fix to check buffer length in l2c_lcc_proc_pdu am:
c1fcbd5508 am:
85b4574a31 am:
097ecf3d88 am:
2ebe3d52b0
Change-Id: I0cbec621cadfaaf9142d427b52a17cd9db3cd08a
Android Build Merger (Role) [Sun, 6 Jan 2019 21:36:27 +0000 (21:36 +0000)]
[automerger] DO NOT MERGE A security fix to check buffer length in l2c_lcc_proc_pdu am:
c1fcbd5508 am:
85b4574a31 am:
097ecf3d88
Change-Id: I9fd0733ff10442ca2050e440b954a9cb2f574c1a
Android Build Merger (Role) [Sun, 6 Jan 2019 21:36:26 +0000 (21:36 +0000)]
[automerger] DO NOT MERGE A security fix to check buffer length in l2c_lcc_proc_pdu am:
c1fcbd5508 am:
85b4574a31
Change-Id: I40ce009c5868fde902bc29a0af1b62c89f02f158
Android Build Merger (Role) [Sun, 6 Jan 2019 21:36:24 +0000 (21:36 +0000)]
[automerger] DO NOT MERGE A security fix to check buffer length in l2c_lcc_proc_pdu am:
c1fcbd5508
Change-Id: I5812786ed1ac013a273e300c1ddbe3fd26857543
Stanley Tng [Tue, 11 Dec 2018 22:45:13 +0000 (14:45 -0800)]
DO NOT MERGE A security fix to check buffer length in l2c_lcc_proc_pdu
Add check to make sure that data buffer is big enough to read the 2
bytes for length.
Also, fix a regression from the previous CL that checks the buffer length
before doing a memcpy. The previous check is too strict causing valid
sized buffers to be rejected. The length check is incorrect and off by the header size.
Bug:
120665616
Test: Run the SL4A Test for LE CoC, BleCoCTest
Merged-In: I30b7a8af11d3a5f974cb39e06b0e3463bebc8e9a
Change-Id: I30b7a8af11d3a5f974cb39e06b0e3463bebc8e9a
(cherry picked from commit
fcb1994de1f6ee34b8dc6804a2b32e20bf138073)
(cherry picked from commit
1f1d8b97d80d25023c4c7b04d2aa18d367f4158d)
(cherry picked from commit
6b2739f309f7719086eb8201b3e1a35ba60035f4)
Ugo Yu [Tue, 13 Nov 2018 12:03:28 +0000 (20:03 +0800)]
Add OOB check in avrc_pars_browse_rsp
Bug:
111451066
Test: Manully
Change-Id: I068d218b8957bb8f053148d252a9119a8def28cc
Android Build Merger (Role) [Thu, 29 Nov 2018 11:52:36 +0000 (11:52 +0000)]
[automerger] Fix buffer overflow in btif_dm_data_copy am:
d117975904 am:
12d8535d0f am:
98ced409a5 am:
c75667da96 skipped:
89e9bbb83c
Change-Id: Ia431ddd5ad1d6ee86bd6edd1057372b8dbf51d3b
Android Build Merger (Role) [Thu, 29 Nov 2018 11:51:42 +0000 (11:51 +0000)]
[automerger] Fix buffer overflow in btif_dm_data_copy am:
d117975904 am:
12d8535d0f am:
98ced409a5 am:
c75667da96
Change-Id: I0e5f1348f27f0d9981f99cc0897f9dcc9f443bf3
Android Build Merger (Role) [Thu, 29 Nov 2018 11:51:39 +0000 (11:51 +0000)]
[automerger] Fix buffer overflow in btif_dm_data_copy am:
d117975904 am:
12d8535d0f am:
98ced409a5
Change-Id: I258a6e883061d68b24b30e17e03f72d2000e5f3f
Android Build Merger (Role) [Thu, 29 Nov 2018 11:51:37 +0000 (11:51 +0000)]
[automerger] Fix buffer overflow in btif_dm_data_copy am:
d117975904 am:
12d8535d0f
Change-Id: I22ea297e564616790fd7e916747cdcea25d2b068
Android Build Merger (Role) [Thu, 29 Nov 2018 11:51:34 +0000 (11:51 +0000)]
[automerger] Fix buffer overflow in btif_dm_data_copy am:
d117975904
Change-Id: Icbd5b31039dbf3016575f9d6d69b216d76564c96
Jakub Pawlowski [Tue, 27 Nov 2018 16:59:57 +0000 (17:59 +0100)]
Fix buffer overflow in btif_dm_data_copy
When we use a union, we should always define variables as the union type,
not as one of the field subtypes. If the latter is cast to the union type,
buffer overflow can happen.
Bug:
110166268
Test: compilation
Change-Id: I473c03b099ad5a326e7a3739f65efd33cf4775bd
Merged-In: I473c03b099ad5a326e7a3739f65efd33cf4775bd
Jakub Pawlowski [Tue, 27 Nov 2018 17:22:22 +0000 (18:22 +0100)]
Fix buffer overflow in btif_dm_data_copy
When we use a union, we should always define variables as the union type,
not as one of the field subtypes. If the latter is cast to the union type,
buffer overflow can happen.
Bug:
110166268
Test: compilation
Change-Id: I473c03b099ad5a326e7a3739f65efd33cf4775bd
Merged-In: I473c03b099ad5a326e7a3739f65efd33cf4775bd
Android Build Merger (Role) [Tue, 27 Nov 2018 20:09:16 +0000 (20:09 +0000)]
[automerger] Fix potential usage of freed memory in btif_hl_proc_sdp_query_cfm am:
78508d2c2c am:
a236f16071 am:
3f5af0aa65 am:
12557bb999 skipped:
2470706409
Change-Id: Id4bfbba911ecb95c728e1daba294fefc9d1de4ce
Android Build Merger (Role) [Tue, 27 Nov 2018 16:47:48 +0000 (16:47 +0000)]
[automerger] Fix potential usage of freed memory in btif_hl_proc_sdp_query_cfm am:
78508d2c2c am:
a236f16071 am:
3f5af0aa65 am:
12557bb999
Change-Id: I1ecbacc502b14733b0f4bd11b057763506b1fd95
Android Build Merger (Role) [Tue, 27 Nov 2018 16:47:45 +0000 (16:47 +0000)]
[automerger] Fix potential usage of freed memory in btif_hl_proc_sdp_query_cfm am:
78508d2c2c am:
a236f16071 am:
3f5af0aa65
Change-Id: I98ae5ab9e24acd447c0c72835067db0bc7430371
Android Build Merger (Role) [Tue, 27 Nov 2018 16:47:42 +0000 (16:47 +0000)]
[automerger] Fix potential usage of freed memory in btif_hl_proc_sdp_query_cfm am:
78508d2c2c am:
a236f16071
Change-Id: I8615cedf8b9192c46506c54934229089021fe101
Android Build Merger (Role) [Tue, 27 Nov 2018 16:47:40 +0000 (16:47 +0000)]
[automerger] Fix potential usage of freed memory in btif_hl_proc_sdp_query_cfm am:
78508d2c2c
Change-Id: If8da202c56ee7deeb7aba67f59b19ef28466f6ae
Jakub Pawlowski [Tue, 20 Nov 2018 21:31:31 +0000 (22:31 +0100)]
Fix potential usage of freed memory in btif_hl_proc_sdp_query_cfm
Bug:
116222069
Test: compilation
Change-Id: Iebe2c500dfc2806ca321fdcd170e20c680619d4d
Merged-In: Iebe2c500dfc2806ca321fdcd170e20c680619d4d
Jakub Pawlowski [Tue, 20 Nov 2018 21:31:31 +0000 (22:31 +0100)]
Fix potential usage of freed memory in btif_hl_proc_sdp_query_cfm
Bug:
116222069
Test: compilation
Change-Id: Iebe2c500dfc2806ca321fdcd170e20c680619d4d
Cheney Ni [Thu, 8 Nov 2018 18:56:07 +0000 (18:56 +0000)]
Revert "Fix OOB in avrc_pars_browse_rsp"
This reverts commit
32a33dc12d4a9b21306510a98bcd039ca3be1dd3.
Reason for revert: regression issue found.
Change-Id: I48db0b0313477e1f3b6fe97cd4d540dfe16f3963
Bug:
111451066
TreeHugger Robot [Mon, 5 Nov 2018 21:32:27 +0000 (21:32 +0000)]
Merge "DO NOT MERGE HFP: Check AT command buffer boundary during parsing" into oc-dev
TreeHugger Robot [Mon, 5 Nov 2018 19:06:20 +0000 (19:06 +0000)]
Merge "DO NOT MERGE: SDP: Check p_end in save_attr_seq and add_attr" into oc-dev
Hansong Zhang [Mon, 5 Nov 2018 18:03:36 +0000 (18:03 +0000)]
Merge "DO NOT MERGE HFP: Check AT command buffer boundary during parsing" into nyc-dev
Android Build Merger (Role) [Mon, 5 Nov 2018 18:01:29 +0000 (18:01 +0000)]
[automerger skipped] DO NOT MERGE HFP: Check AT command buffer boundary during parsing skipped:
163dec2ae1 skipped:
9805ed7a7a skipped:
f9606e1d89 skipped:
c96313fb2c skipped:
9c2fb57cee
Change-Id: I9bb69caded703f74c79189f0cf78069e1fab9ca5
Android Build Merger (Role) [Mon, 5 Nov 2018 18:01:28 +0000 (18:01 +0000)]
[automerger skipped] DO NOT MERGE HFP: Check AT command buffer boundary during parsing skipped:
163dec2ae1 skipped:
9805ed7a7a skipped:
f9606e1d89 skipped:
c96313fb2c
Change-Id: I29b39b9cd2b0390289b525bf50ce4080b4a9557a
Android Build Merger (Role) [Mon, 5 Nov 2018 18:01:27 +0000 (18:01 +0000)]
[automerger skipped] DO NOT MERGE HFP: Check AT command buffer boundary during parsing skipped:
163dec2ae1 skipped:
9805ed7a7a skipped:
f9606e1d89
Change-Id: Iee0814f1ed5a5decc214abad4721a84825cd53b1
Android Build Merger (Role) [Mon, 5 Nov 2018 18:01:26 +0000 (18:01 +0000)]
[automerger skipped] DO NOT MERGE HFP: Check AT command buffer boundary during parsing skipped:
163dec2ae1 skipped:
9805ed7a7a
Change-Id: I5977408e04b4479c9aa2b5d16a03e18d7e9deced
Android Build Merger (Role) [Mon, 5 Nov 2018 18:01:25 +0000 (18:01 +0000)]
[automerger skipped] DO NOT MERGE HFP: Check AT command buffer boundary during parsing skipped:
163dec2ae1
Change-Id: I406dd66fa46d18b70d48faedf810d6a3ddbe3fbc
TreeHugger Robot [Mon, 5 Nov 2018 17:16:37 +0000 (17:16 +0000)]
Merge "DO NOT MERGE: HH: Check parameter length in bta_hh_ctrl_dat_act" into oc-dev
TreeHugger Robot [Mon, 5 Nov 2018 17:16:34 +0000 (17:16 +0000)]
Merge "DO NOT MERGE: HH: Check parameter length in bta_hh_ctrl_dat_act" into nyc-dev
TreeHugger Robot [Mon, 5 Nov 2018 17:16:34 +0000 (17:16 +0000)]
Merge changes from topic "am-
154171ba-0805-48c6-88cf-
c592ee3cf37c" into nyc-mr2-dev
* changes:
[automerger] DO NOT MERGE: HH: Check parameter length in bta_hh_ctrl_dat_act am:
a4a11e1981 am:
9172befdc8 am:
13e8d7ad1c am:
d474c386ef
[automerger] DO NOT MERGE: HH: Check parameter length in bta_hh_ctrl_dat_act am:
a4a11e1981 am:
9172befdc8 am:
13e8d7ad1c
[automerger] DO NOT MERGE: HH: Check parameter length in bta_hh_ctrl_dat_act am:
a4a11e1981 am:
9172befdc8
[automerger] DO NOT MERGE: HH: Check parameter length in bta_hh_ctrl_dat_act am:
a4a11e1981
DO NOT MERGE: HH: Check parameter length in bta_hh_ctrl_dat_act
TreeHugger Robot [Mon, 5 Nov 2018 17:16:34 +0000 (17:16 +0000)]
Merge changes from topic "am-
154171ba-0805-48c6-88cf-
c592ee3cf37c" into cw-f-dev
* changes:
[automerger] DO NOT MERGE: HH: Check parameter length in bta_hh_ctrl_dat_act am:
a4a11e1981 am:
9172befdc8 am:
13e8d7ad1c
[automerger] DO NOT MERGE: HH: Check parameter length in bta_hh_ctrl_dat_act am:
a4a11e1981 am:
9172befdc8
[automerger] DO NOT MERGE: HH: Check parameter length in bta_hh_ctrl_dat_act am:
a4a11e1981
DO NOT MERGE: HH: Check parameter length in bta_hh_ctrl_dat_act
TreeHugger Robot [Mon, 5 Nov 2018 17:16:34 +0000 (17:16 +0000)]
Merge changes from topic "am-
154171ba-0805-48c6-88cf-
c592ee3cf37c" into nyc-mr1-dev
* changes:
[automerger] DO NOT MERGE: HH: Check parameter length in bta_hh_ctrl_dat_act am:
a4a11e1981 am:
9172befdc8
[automerger] DO NOT MERGE: HH: Check parameter length in bta_hh_ctrl_dat_act am:
a4a11e1981
DO NOT MERGE: HH: Check parameter length in bta_hh_ctrl_dat_act
TreeHugger Robot [Mon, 5 Nov 2018 17:16:34 +0000 (17:16 +0000)]
Merge changes from topic "am-
154171ba-0805-48c6-88cf-
c592ee3cf37c" into nyc-dr1-dev
* changes:
[automerger] DO NOT MERGE: HH: Check parameter length in bta_hh_ctrl_dat_act am:
a4a11e1981
DO NOT MERGE: HH: Check parameter length in bta_hh_ctrl_dat_act
TreeHugger Robot [Mon, 5 Nov 2018 17:16:34 +0000 (17:16 +0000)]
Merge changes from topic "am-
154171ba-0805-48c6-88cf-
c592ee3cf37c" into oc-dev
* changes:
[automerger] DO NOT MERGE: HH: Check parameter length in bta_hh_ctrl_dat_act am:
a4a11e1981 am:
9172befdc8 am:
13e8d7ad1c am:
d474c386ef skipped:
0ea657053e
[automerger] DO NOT MERGE: HH: Check parameter length in bta_hh_ctrl_dat_act am:
a4a11e1981 am:
9172befdc8 am:
13e8d7ad1c am:
d474c386ef
[automerger] DO NOT MERGE: HH: Check parameter length in bta_hh_ctrl_dat_act am:
a4a11e1981 am:
9172befdc8 am:
13e8d7ad1c
[automerger] DO NOT MERGE: HH: Check parameter length in bta_hh_ctrl_dat_act am:
a4a11e1981 am:
9172befdc8
[automerger] DO NOT MERGE: HH: Check parameter length in bta_hh_ctrl_dat_act am:
a4a11e1981
DO NOT MERGE: HH: Check parameter length in bta_hh_ctrl_dat_act
Chienyuan [Thu, 11 Oct 2018 01:47:46 +0000 (09:47 +0800)]
DO NOT MERGE HFP: Check AT command buffer boundary during parsing
* add p_end parameter to tBTA_AG_AT_CMD_CBACK, bta_ag_at_hsp_cback
and bta_ag_at_hfp_cback to indicate effective data range of p_arg
* add checks for buffer copy overflow in bta_ag_at_hsp_cback and
bta_ag_at_hfp_cback
* add packet legnth checks with p_end in bta_ag_parse_cmer
* add packet length checks with p_end in bta_ag_parse_bac
Bug:
112860487
Test: manual
Change-Id: I6bbbc2ba29ad025c7d3ba023d8191af6a11c4aa9
Merged-In: I6bbbc2ba29ad025c7d3ba023d8191af6a11c4aa9
TreeHugger Robot [Sat, 3 Nov 2018 00:37:33 +0000 (00:37 +0000)]
Merge changes from topic "Check-AT-command-buffer-boundary-during-parsing" into nyc-mr2-dev
* changes:
[automerger] DO NOT MERGE HFP: Check AT command buffer boundary during parsing am:
aea10aec7f am:
289b3fa863
[automerger] DO NOT MERGE HFP: Check AT command buffer boundary during parsing am:
aea10aec7f
DO NOT MERGE HFP: Check AT command buffer boundary during parsing
TreeHugger Robot [Sat, 3 Nov 2018 00:37:33 +0000 (00:37 +0000)]
Merge changes from topic "Check-AT-command-buffer-boundary-during-parsing" into cw-f-dev
* changes:
[automerger] DO NOT MERGE HFP: Check AT command buffer boundary during parsing am:
aea10aec7f
DO NOT MERGE HFP: Check AT command buffer boundary during parsing
TreeHugger Robot [Sat, 3 Nov 2018 00:37:33 +0000 (00:37 +0000)]
Merge "DO NOT MERGE HFP: Check AT command buffer boundary during parsing" into nyc-mr1-dev
TreeHugger Robot [Sat, 3 Nov 2018 00:37:33 +0000 (00:37 +0000)]
Merge changes from topic "Check-AT-command-buffer-boundary-during-parsing" into oc-dev
* changes:
[automerger] DO NOT MERGE HFP: Check AT command buffer boundary during parsing am:
aea10aec7f am:
289b3fa863 skipped:
04ade0fdc0
[automerger] DO NOT MERGE HFP: Check AT command buffer boundary during parsing am:
aea10aec7f am:
289b3fa863
[automerger] DO NOT MERGE HFP: Check AT command buffer boundary during parsing am:
aea10aec7f
DO NOT MERGE HFP: Check AT command buffer boundary during parsing
Myles Watson [Thu, 25 Oct 2018 00:05:12 +0000 (17:05 -0700)]
DO NOT MERGE: SDP: Check p_end in save_attr_seq and add_attr
Bug:
115900043
Test: Sanity pairing and SDP PTS
Change-Id: Ib642f79ed22b65ede5ff786cb1e163d172480f11
Merged-In: Ib642f79ed22b65ede5ff786cb1e163d172480f11
TreeHugger Robot [Fri, 2 Nov 2018 22:47:59 +0000 (22:47 +0000)]
Merge "DO NOT MERGE: SDP: Check p_end in save_attr_seq and add_attr" into nyc-dev
TreeHugger Robot [Fri, 2 Nov 2018 22:47:59 +0000 (22:47 +0000)]
Merge changes from topic "am-
3290ac2a-4a57-4151-aaf8-
9695d2ed6348" into nyc-dr1-dev
* changes:
[automerger] DO NOT MERGE: SDP: Check p_end in save_attr_seq and add_attr am:
2091fe7501
DO NOT MERGE: SDP: Check p_end in save_attr_seq and add_attr
TreeHugger Robot [Fri, 2 Nov 2018 22:47:59 +0000 (22:47 +0000)]
Merge changes from topic "am-
3290ac2a-4a57-4151-aaf8-
9695d2ed6348" into nyc-mr2-dev
* changes:
[automerger] DO NOT MERGE: SDP: Check p_end in save_attr_seq and add_attr am:
2091fe7501 am:
4494b9be43 am:
07b95830b3 am:
e50ffa7119
[automerger] DO NOT MERGE: SDP: Check p_end in save_attr_seq and add_attr am:
2091fe7501 am:
4494b9be43 am:
07b95830b3
[automerger] DO NOT MERGE: SDP: Check p_end in save_attr_seq and add_attr am:
2091fe7501 am:
4494b9be43
[automerger] DO NOT MERGE: SDP: Check p_end in save_attr_seq and add_attr am:
2091fe7501
DO NOT MERGE: SDP: Check p_end in save_attr_seq and add_attr
TreeHugger Robot [Fri, 2 Nov 2018 22:47:59 +0000 (22:47 +0000)]
Merge changes from topic "am-
3290ac2a-4a57-4151-aaf8-
9695d2ed6348" into cw-f-dev
* changes:
[automerger] DO NOT MERGE: SDP: Check p_end in save_attr_seq and add_attr am:
2091fe7501 am:
4494b9be43 am:
07b95830b3
[automerger] DO NOT MERGE: SDP: Check p_end in save_attr_seq and add_attr am:
2091fe7501 am:
4494b9be43
[automerger] DO NOT MERGE: SDP: Check p_end in save_attr_seq and add_attr am:
2091fe7501
DO NOT MERGE: SDP: Check p_end in save_attr_seq and add_attr
TreeHugger Robot [Fri, 2 Nov 2018 22:47:59 +0000 (22:47 +0000)]
Merge changes from topic "am-
3290ac2a-4a57-4151-aaf8-
9695d2ed6348" into nyc-mr1-dev
* changes:
[automerger] DO NOT MERGE: SDP: Check p_end in save_attr_seq and add_attr am:
2091fe7501 am:
4494b9be43
[automerger] DO NOT MERGE: SDP: Check p_end in save_attr_seq and add_attr am:
2091fe7501
DO NOT MERGE: SDP: Check p_end in save_attr_seq and add_attr
TreeHugger Robot [Fri, 2 Nov 2018 22:47:59 +0000 (22:47 +0000)]
Merge changes from topic "am-
3290ac2a-4a57-4151-aaf8-
9695d2ed6348" into oc-dev
* changes:
[automerger] DO NOT MERGE: SDP: Check p_end in save_attr_seq and add_attr am:
2091fe7501 am:
4494b9be43 am:
07b95830b3 am:
e50ffa7119 skipped:
fc00aa02bf
[automerger] DO NOT MERGE: SDP: Check p_end in save_attr_seq and add_attr am:
2091fe7501 am:
4494b9be43 am:
07b95830b3 am:
e50ffa7119
[automerger] DO NOT MERGE: SDP: Check p_end in save_attr_seq and add_attr am:
2091fe7501 am:
4494b9be43 am:
07b95830b3
[automerger] DO NOT MERGE: SDP: Check p_end in save_attr_seq and add_attr am:
2091fe7501 am:
4494b9be43
[automerger] DO NOT MERGE: SDP: Check p_end in save_attr_seq and add_attr am:
2091fe7501
DO NOT MERGE: SDP: Check p_end in save_attr_seq and add_attr
TreeHugger Robot [Fri, 2 Nov 2018 22:44:07 +0000 (22:44 +0000)]
Merge "DO NOT MERGE: MCAP: Check response length in mca_ccb_hdl_rsp" into oc-dev
TreeHugger Robot [Fri, 2 Nov 2018 22:43:43 +0000 (22:43 +0000)]
Merge "DO NOT MERGE: MCAP: Check response length in mca_ccb_hdl_rsp" into nyc-dev
TreeHugger Robot [Fri, 2 Nov 2018 22:43:43 +0000 (22:43 +0000)]
Merge changes from topic "am-
a8794701-2d32-4392-bf6f-
9d00a3751e39" into nyc-dr1-dev
* changes:
[automerger] DO NOT MERGE: MCAP: Check response length in mca_ccb_hdl_rsp am:
840f70ca1e
DO NOT MERGE: MCAP: Check response length in mca_ccb_hdl_rsp
TreeHugger Robot [Fri, 2 Nov 2018 22:43:43 +0000 (22:43 +0000)]
Merge changes from topic "am-
a8794701-2d32-4392-bf6f-
9d00a3751e39" into nyc-mr2-dev
* changes:
[automerger] DO NOT MERGE: MCAP: Check response length in mca_ccb_hdl_rsp am:
840f70ca1e am:
c1f3afedf3 am:
3f5160f5aa am:
0f2de3c3df
[automerger] DO NOT MERGE: MCAP: Check response length in mca_ccb_hdl_rsp am:
840f70ca1e am:
c1f3afedf3 am:
3f5160f5aa
[automerger] DO NOT MERGE: MCAP: Check response length in mca_ccb_hdl_rsp am:
840f70ca1e am:
c1f3afedf3
[automerger] DO NOT MERGE: MCAP: Check response length in mca_ccb_hdl_rsp am:
840f70ca1e
DO NOT MERGE: MCAP: Check response length in mca_ccb_hdl_rsp
TreeHugger Robot [Fri, 2 Nov 2018 22:43:43 +0000 (22:43 +0000)]
Merge changes from topic "am-
a8794701-2d32-4392-bf6f-
9d00a3751e39" into cw-f-dev
* changes:
[automerger] DO NOT MERGE: MCAP: Check response length in mca_ccb_hdl_rsp am:
840f70ca1e am:
c1f3afedf3 am:
3f5160f5aa
[automerger] DO NOT MERGE: MCAP: Check response length in mca_ccb_hdl_rsp am:
840f70ca1e am:
c1f3afedf3
[automerger] DO NOT MERGE: MCAP: Check response length in mca_ccb_hdl_rsp am:
840f70ca1e
DO NOT MERGE: MCAP: Check response length in mca_ccb_hdl_rsp
TreeHugger Robot [Fri, 2 Nov 2018 22:43:43 +0000 (22:43 +0000)]
Merge changes from topic "am-
a8794701-2d32-4392-bf6f-
9d00a3751e39" into nyc-mr1-dev
* changes:
[automerger] DO NOT MERGE: MCAP: Check response length in mca_ccb_hdl_rsp am:
840f70ca1e am:
c1f3afedf3
[automerger] DO NOT MERGE: MCAP: Check response length in mca_ccb_hdl_rsp am:
840f70ca1e
DO NOT MERGE: MCAP: Check response length in mca_ccb_hdl_rsp
TreeHugger Robot [Fri, 2 Nov 2018 22:43:43 +0000 (22:43 +0000)]
Merge changes from topic "am-
a8794701-2d32-4392-bf6f-
9d00a3751e39" into oc-dev
* changes:
[automerger] DO NOT MERGE: MCAP: Check response length in mca_ccb_hdl_rsp am:
840f70ca1e am:
c1f3afedf3 am:
3f5160f5aa am:
0f2de3c3df skipped:
a3dbdeece2
[automerger] DO NOT MERGE: MCAP: Check response length in mca_ccb_hdl_rsp am:
840f70ca1e am:
c1f3afedf3 am:
3f5160f5aa am:
0f2de3c3df
[automerger] DO NOT MERGE: MCAP: Check response length in mca_ccb_hdl_rsp am:
840f70ca1e am:
c1f3afedf3 am:
3f5160f5aa
[automerger] DO NOT MERGE: MCAP: Check response length in mca_ccb_hdl_rsp am:
840f70ca1e am:
c1f3afedf3
[automerger] DO NOT MERGE: MCAP: Check response length in mca_ccb_hdl_rsp am:
840f70ca1e
DO NOT MERGE: MCAP: Check response length in mca_ccb_hdl_rsp
Chienyuan [Thu, 11 Oct 2018 02:36:57 +0000 (10:36 +0800)]
DO NOT MERGE HFP: Check AT command buffer boundary during parsing
* add p_end parameter to tBTA_AG_AT_CMD_CBACK, bta_ag_at_hsp_cback
and bta_ag_at_hfp_cback to indicate effective data range of p_arg
* add checks for buffer copy overflow in bta_ag_at_hsp_cback and
bta_ag_at_hfp_cback
* add packet legnth checks with p_end in bta_ag_parse_cmer
* add packet length checks with p_end in bta_ag_parse_bac
Bug:
112860487
Test: manual
Change-Id: Idbfa2b8bd4c1a0aeeacfe34349851b3bc8de7c69
Merged-In: Idbfa2b8bd4c1a0aeeacfe34349851b3bc8de7c69
(cherry picked from commit
5b1ef1038e3f4e4371c3d6718bf0f684be65eb2b)
Android Build Merger (Role) [Fri, 2 Nov 2018 22:10:06 +0000 (22:10 +0000)]
[automerger] DO NOT MERGE HFP: Check AT command buffer boundary during parsing am:
aea10aec7f am:
289b3fa863 skipped:
04ade0fdc0
Change-Id: Ibc39203eb7fa7c245d29013126e47c4638fd3c6b
Android Build Merger (Role) [Fri, 2 Nov 2018 22:10:05 +0000 (22:10 +0000)]
[automerger] DO NOT MERGE HFP: Check AT command buffer boundary during parsing am:
aea10aec7f am:
289b3fa863
Change-Id: I3510b09b67948fa640b028df8346077dc87ead51
Android Build Merger (Role) [Fri, 2 Nov 2018 22:10:04 +0000 (22:10 +0000)]
[automerger] DO NOT MERGE HFP: Check AT command buffer boundary during parsing am:
aea10aec7f
Change-Id: I15e13d82ec8f1aea4236044762e96e704f4275b2
Chienyuan [Thu, 11 Oct 2018 02:36:57 +0000 (10:36 +0800)]
DO NOT MERGE HFP: Check AT command buffer boundary during parsing
* add p_end parameter to tBTA_AG_AT_CMD_CBACK, bta_ag_at_hsp_cback
and bta_ag_at_hfp_cback to indicate effective data range of p_arg
* add checks for buffer copy overflow in bta_ag_at_hsp_cback and
bta_ag_at_hfp_cback
* add packet legnth checks with p_end in bta_ag_parse_cmer
* add packet length checks with p_end in bta_ag_parse_bac
Bug:
112860487
Test: manual
Change-Id: Idbfa2b8bd4c1a0aeeacfe34349851b3bc8de7c69
(cherry picked from commit
5b1ef1038e3f4e4371c3d6718bf0f684be65eb2b)
TreeHugger Robot [Fri, 2 Nov 2018 04:17:54 +0000 (04:17 +0000)]
Merge "DO NOT MERGE: Fix possible OOB when AVDT data channel recive ACL data" into oc-dev
Ugo Yu [Mon, 29 Oct 2018 16:47:04 +0000 (00:47 +0800)]
DO NOT MERGE: Fix possible OOB when AVDT data channel recive ACL data
Bug:
111450156
Change-Id: Id23eeedcb7bde5866cd53a2f7f1c30f27c5352f6
Merged-In: Id23eeedcb7bde5866cd53a2f7f1c30f27c5352f6
(cherry picked from commit
b0125caafec2183d73fc899ce5a8aee43a6e54af)
TreeHugger Robot [Thu, 1 Nov 2018 18:04:03 +0000 (18:04 +0000)]
Merge changes from topic "am-
6595535a-66ae-4551-9774-
048441013dbf" into oc-dev
* changes:
[automerger] DO NOT MERGE: Fix possible OOB when AVDT data channel recive ACL data am:
ad4098c340 am:
8ee587afbb am:
bf3c65e987 am:
6055cb79e5 skipped:
36f3c8f9f3
[automerger] DO NOT MERGE: Fix possible OOB when AVDT data channel recive ACL data am:
ad4098c340 am:
8ee587afbb am:
bf3c65e987 am:
6055cb79e5
[automerger] DO NOT MERGE: Fix possible OOB when AVDT data channel recive ACL data am:
ad4098c340 am:
8ee587afbb am:
bf3c65e987
[automerger] DO NOT MERGE: Fix possible OOB when AVDT data channel recive ACL data am:
ad4098c340 am:
8ee587afbb
[automerger] DO NOT MERGE: Fix possible OOB when AVDT data channel recive ACL data am:
ad4098c340
DO NOT MERGE: Fix possible OOB when AVDT data channel recive ACL data
Android Build Merger (Role) [Thu, 1 Nov 2018 16:37:20 +0000 (16:37 +0000)]
[automerger] DO NOT MERGE: SDP: Check p_end in save_attr_seq and add_attr am:
2091fe7501 am:
4494b9be43 am:
07b95830b3 am:
e50ffa7119 skipped:
fc00aa02bf
Change-Id: I87a68dddfe4ef9a286300ba0544215150f047154
Android Build Merger (Role) [Thu, 1 Nov 2018 16:37:18 +0000 (16:37 +0000)]
[automerger] DO NOT MERGE: SDP: Check p_end in save_attr_seq and add_attr am:
2091fe7501 am:
4494b9be43 am:
07b95830b3 am:
e50ffa7119
Change-Id: Idb717d5895c454b7e7661c67a5aef275df7634e3
Android Build Merger (Role) [Thu, 1 Nov 2018 16:37:17 +0000 (16:37 +0000)]
[automerger] DO NOT MERGE: SDP: Check p_end in save_attr_seq and add_attr am:
2091fe7501 am:
4494b9be43 am:
07b95830b3
Change-Id: Ia5f3a475f290c5ebb76dd0256410cde567bb1e27
Android Build Merger (Role) [Thu, 1 Nov 2018 16:37:16 +0000 (16:37 +0000)]
[automerger] DO NOT MERGE: SDP: Check p_end in save_attr_seq and add_attr am:
2091fe7501 am:
4494b9be43
Change-Id: Ie42e3bd1a03ef61a7229ffa5d099127ee8048d2a
Android Build Merger (Role) [Thu, 1 Nov 2018 16:37:14 +0000 (16:37 +0000)]
[automerger] DO NOT MERGE: SDP: Check p_end in save_attr_seq and add_attr am:
2091fe7501
Change-Id: I4bdd3180984cb58b839a4d0625dfb37cb5a4e405
Myles Watson [Thu, 25 Oct 2018 00:05:12 +0000 (17:05 -0700)]
DO NOT MERGE: SDP: Check p_end in save_attr_seq and add_attr
Bug:
115900043
Test: Sanity pairing and SDP PTS
Change-Id: Ib642f79ed22b65ede5ff786cb1e163d172480f11
Android Build Merger (Role) [Thu, 1 Nov 2018 16:20:15 +0000 (16:20 +0000)]
[automerger] DO NOT MERGE: MCAP: Check response length in mca_ccb_hdl_rsp am:
840f70ca1e am:
c1f3afedf3 am:
3f5160f5aa am:
0f2de3c3df skipped:
a3dbdeece2
Change-Id: I5e93b174e09bd4f1c143c90d9d0808aaa21ae6b2
Android Build Merger (Role) [Thu, 1 Nov 2018 16:20:14 +0000 (16:20 +0000)]
[automerger] DO NOT MERGE: MCAP: Check response length in mca_ccb_hdl_rsp am:
840f70ca1e am:
c1f3afedf3 am:
3f5160f5aa am:
0f2de3c3df
Change-Id: I67e7de8e0560eb3d2bfd6b83c8318cf27235188b
Android Build Merger (Role) [Thu, 1 Nov 2018 16:20:13 +0000 (16:20 +0000)]
[automerger] DO NOT MERGE: MCAP: Check response length in mca_ccb_hdl_rsp am:
840f70ca1e am:
c1f3afedf3 am:
3f5160f5aa
Change-Id: If1797511d46c172bac21c48b241beb6349d96367
Android Build Merger (Role) [Thu, 1 Nov 2018 16:20:12 +0000 (16:20 +0000)]
[automerger] DO NOT MERGE: MCAP: Check response length in mca_ccb_hdl_rsp am:
840f70ca1e am:
c1f3afedf3
Change-Id: I63664999ef4f512592a940d5bbeb8c64a7b31aff
Android Build Merger (Role) [Thu, 1 Nov 2018 16:20:11 +0000 (16:20 +0000)]
[automerger] DO NOT MERGE: MCAP: Check response length in mca_ccb_hdl_rsp am:
840f70ca1e
Change-Id: Id89a5a5ac1a23b5d657bfe33bcc881f76746fac6
Myles Watson [Thu, 25 Oct 2018 22:27:03 +0000 (15:27 -0700)]
DO NOT MERGE: MCAP: Check response length in mca_ccb_hdl_rsp
Bug:
116319076
Test: Send a short MCAP response
Change-Id: I0452f7d2c0f4ecccc7a6501773e26b403b116179
Myles Watson [Thu, 25 Oct 2018 22:27:03 +0000 (15:27 -0700)]
DO NOT MERGE: MCAP: Check response length in mca_ccb_hdl_rsp
Bug:
116319076
Test: Send a short MCAP response
Change-Id: I0452f7d2c0f4ecccc7a6501773e26b403b116179
Myles Watson [Thu, 25 Oct 2018 21:33:33 +0000 (14:33 -0700)]
DO NOT MERGE: HH: Check parameter length in bta_hh_ctrl_dat_act
Bug:
116108738
Test: send a malformed GET_IDLE command with no parameters
Change-Id: Ic57e748a06ea6d4fc16868310d3423ee71a7ac8c
Android Build Merger (Role) [Thu, 1 Nov 2018 15:56:51 +0000 (15:56 +0000)]
[automerger] DO NOT MERGE: HH: Check parameter length in bta_hh_ctrl_dat_act am:
a4a11e1981 am:
9172befdc8 am:
13e8d7ad1c am:
d474c386ef skipped:
0ea657053e
Change-Id: Ie48855e26a95d62c332c5f1689d0f90841c14bd9
Android Build Merger (Role) [Thu, 1 Nov 2018 15:56:50 +0000 (15:56 +0000)]
[automerger] DO NOT MERGE: HH: Check parameter length in bta_hh_ctrl_dat_act am:
a4a11e1981 am:
9172befdc8 am:
13e8d7ad1c am:
d474c386ef
Change-Id: Ife89de3734feaaa11ca9a1f8ebabf26cf57e66cf