From 2ed0b48abb1fbc81dd16ec8ef0f6de8da590e86b Mon Sep 17 00:00:00 2001
From: Ruchi Kandoi <kandoiruchi@google.com>
Date: Tue, 24 Jan 2017 18:32:01 -0800
Subject: [PATCH] nfc: Make NDEF validation stricter

- Check if the MB is not set for any record apart from the first one.
- If the record is chunked, first record must contain the type

Bug: 20722275
Test: Manual; write raw NDEF messages to a tag
Change-Id: I3e73fc5163bbcd8a1f23417e98f57b665f4f1fad
Signed-off-by: Ruchi Kandoi <kandoiruchi@google.com>
---
 core/java/android/nfc/NdefRecord.java | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/core/java/android/nfc/NdefRecord.java b/core/java/android/nfc/NdefRecord.java
index 83d17ba7fdd2..bd3231464ccf 100644
--- a/core/java/android/nfc/NdefRecord.java
+++ b/core/java/android/nfc/NdefRecord.java
@@ -805,7 +805,7 @@ public final class NdefRecord implements Parcelable {
 
                 if (!mb && records.size() == 0 && !inChunk && !ignoreMbMe) {
                     throw new FormatException("expected MB flag");
-                } else if (mb && records.size() != 0 && !ignoreMbMe) {
+                } else if (mb && (records.size() != 0 || inChunk) && !ignoreMbMe) {
                     throw new FormatException("unexpected MB flag");
                 } else if (inChunk && il) {
                     throw new FormatException("unexpected IL flag in non-leading chunk");
@@ -839,6 +839,9 @@ public final class NdefRecord implements Parcelable {
 
                 if (cf && !inChunk) {
                     // first chunk
+                    if (typeLength == 0) {
+                        throw new FormatException("expected non-zero type length in first chunk");
+                    }
                     chunks.clear();
                     chunkTnf = tnf;
                 }
-- 
2.11.0