OSDN Git Service

(root) / android-x86 / system-bt.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: afa795e) | patch
BNEP: Fix OOB access in bnep_data_ind
authorJack He <siyuanh@google.com>
Fri, 1 Jun 2018 21:00:42 +0000 (14:00 -0700)
committerRyan Longair <rlongair@google.com>
Tue, 12 Jun 2018 18:14:33 +0000 (11:14 -0700)
commitb15ae8d594483a191e47636016ae8ab01a3f1dac
tree18553ded74458e978702595ca16e49050dd529aatree | snapshot
parentafa795e3bcaa20cb007c119d1e01bc51bea8b968commit | diff
BNEP: Fix OOB access in bnep_data_ind

* Stop reading the L2CAP packet if packet length is 0
* Process the buffer for BNEP_EXTENSION_CONTROL packet before advancing
  the buffer pointer by length of payload
* Reject BNEP_EXTENSION_CONTROL packet when the payload size is zero
* Move error logging to more appropriate locations at where the OOB access
  is most likely triggered

Bug: 78286118
Bug: 79164722
Test: Send zero length L2CAP packet to BNEP, send invalid
      BNEP_EXTENSION_CONTROL packet
Change-Id: I7e18632b8faab1b6aaca1bff1b7f55d69962729e
Merged-In: I7e18632b8faab1b6aaca1bff1b7f55d69962729e
(cherry picked from commit 3c799a6e25abdf6bacb660ff7a06338836cc7356)
(cherry picked from commit 0bd01271c4d888453ba375d9442ac27cd66961c9)
stack/bnep/bnep_main.c diff | blob | history
system/bt
About OSDN
Find Software
Develop Software
Help