Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 08cb26e2 authored by Hui Peng's avatar Hui Peng
Browse files

Add validation in sdp attr type and size in connection_handler.cc 

Bug: 263958603
Test: atest net_test_avrcp
Ignore-AOSP-First: security
Tag: #security
Merged-In: I3f999d405fb3a0be2df32b05f54b9cef98d10f19
Change-Id: I3f999d405fb3a0be2df32b05f54b9cef98d10f19
(cherry picked from commit 65605ce3)
parent aa2066f9

system/profile/avrcp/connection_handler.cc

+6 −2
Original line number Diff line number Diff line
@@ -470,7 +470,9 @@ void ConnectionHandler::SdpCb(RawAddress bdaddr, SdpCallback cb, 
        VLOG(1) << __PRETTY_FUNCTION__ << " Get Supported categories";

        tSDP_DISC_ATTR* sdp_attribute =

            sdp_->FindAttributeInRec(sdp_record, ATTR_ID_SUPPORTED_FEATURES);

        if (sdp_attribute != NULL) {

        if (sdp_attribute != NULL &&

            SDP_DISC_ATTR_TYPE(sdp_attribute->attr_len_type) == UINT_DESC_TYPE &&

            SDP_DISC_ATTR_LEN(sdp_attribute->attr_len_type) >= 2) {

          VLOG(1) << __PRETTY_FUNCTION__

                  << "Get Supported categories SDP ATTRIBUTES != null";

          uint16_t categories = sdp_attribute->attr_value.v.u16;
@@ -511,7 +513,9 @@ void ConnectionHandler::SdpCb(RawAddress bdaddr, SdpCallback cb, 
        VLOG(1) << __PRETTY_FUNCTION__ << " Get Supported categories";

        tSDP_DISC_ATTR* sdp_attribute =

            sdp_->FindAttributeInRec(sdp_record, ATTR_ID_SUPPORTED_FEATURES);

        if (sdp_attribute != NULL) {

        if (sdp_attribute != NULL &&

            SDP_DISC_ATTR_TYPE(sdp_attribute->attr_len_type) == UINT_DESC_TYPE &&

            SDP_DISC_ATTR_LEN(sdp_attribute->attr_len_type) >= 2) {

          VLOG(1) << __PRETTY_FUNCTION__

                  << "Get Supported categories SDP ATTRIBUTES != null";

          uint16_t categories = sdp_attribute->attr_value.v.u16;