OSDN Git Service
(root)
/
android-x86
/
system-bt.git
/ commitdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
| commitdiff |
tree
raw
|
patch
| inline |
side by side
(parent:
2674d23
)
DO NOT MERGE Add bounds check for BNEP_Write
author
Hansong Zhang
<hsz@google.com>
Thu, 12 Apr 2018 19:23:36 +0000
(12:23 -0700)
committer
Rohit Yengisetty
<rngy@google.com>
Wed, 18 Apr 2018 00:47:04 +0000
(17:47 -0700)
Bug:
74947856
Test: manual
Change-Id: I19d9dee53b9cac800c66becef4861e4ad9602bdf
(cherry picked from commit
769aeaaf444e08bad9d4e902242a3b8a1765202d
)
stack/bnep/bnep_api.c
patch
|
blob
|
history
diff --git
a/stack/bnep/bnep_api.c
b/stack/bnep/bnep_api.c
index
9a7b5d9
..
177d92f
100644
(file)
--- a/
stack/bnep/bnep_api.c
+++ b/
stack/bnep/bnep_api.c
@@
-25,6
+25,7
@@
#include <string.h>
#include "bnep_api.h"
#include "bnep_int.h"
+#include "log/log.h"
extern fixed_queue_t *btu_general_alarm_queue;
@@
-414,6
+415,10
@@
tBNEP_RESULT BNEP_WriteBuf (UINT16 handle,
else
{
new_len += 4;
+ if (new_len > org_len) {
+ android_errorWriteLog(0x534e4554, "74947856");
+ return BNEP_IGNORE_CMD;
+ }
p_data[2] = 0;
p_data[3] = 0;
}
@@
-521,6
+526,10
@@
tBNEP_RESULT BNEP_Write (UINT16 handle,
else
{
new_len += 4;
+ if (new_len > org_len) {
+ android_errorWriteLog(0x534e4554, "74947856");
+ return BNEP_IGNORE_CMD;
+ }
p_data[2] = 0;
p_data[3] = 0;
}
OSDN Git Service
