Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Skip to content
Commit 375fe281 authored by Brian Delwiche's avatar Brian Delwiche Committed by Android Build Coastguard Worker
Browse files

Validate buffer length in sdpu_build_uuid_seq 

sdpu_build_uuid_seq accepts a UUID sequence of arbitrary length
but does not validate against the boundaries of the buffer it's
filling.  This can lead to an OOB write.

Add validation.

Bug: 239414876
Test: atest: bluetooth, validated against POC
Tag: #security
Ignore-AOSP-First: Security

(cherry picked from commit 367ed057)
(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:7a62a311d1a0c229ba75529dbedcb47a7af18142)
Merged-In: Ibce32cc09ad2991789569f35ef2f71f90537fdce
Change-Id: Ibce32cc09ad2991789569f35ef2f71f90537fdce
parent e78ab5e6
Hide whitespace changes
Inline Side-by-side
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment