Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Skip to content
Commit 201d4660 authored by Venkata Jagadeesh Garaga's avatar Venkata Jagadeesh Garaga Committed by Myles Watson
Browse files

Fix Stack-buffer-over-flow while accessing remote device name 

Issue:
During authentication timeout, if remote device name is invalid.
A two byte placeholder remote name is passed to callback to intimate
authentication failure. Callback is trying to access 248 bytes
of remote device name from the passed remote name which is of
two bytes. Mismatch of length between passed remote name and
accessed remote device name leads to buffer-over-flow

Fix:
Replaced remote device name to an array of 248 bytes from
two bytes array.

Test:Basic bluetooth pairing
Test:gd/cert/run
Bug: 161663998
Bug: 183633542
Tag: #stability
Sponsor:cmanton@

Change-Id: I0f45a0cf4b1a12c874c2c1fe4dc165c76dc5ae90
parent 5140e4d6
Show whitespace changes
Inline Side-by-side
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment