Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 60124336 authored by Brian Delwiche's avatar Brian Delwiche
Browse files

Fix type confusion in avdt_msg.cc 

It is possible for a malicious user to reply to a pending AVDT message
with the wrong type, leading to type confusion and an eventual OOB
access.

Add message type validation.

Bug: 273995284
Bug: 358212054
Flag: com.android.bluetooth.flags.btsec_avdt_msg_ind_type_confusion
Test: m libbluetooth
Ignore-AOSP-First: security
Tag: #security
Change-Id: Iea207e7e5e3d469ccbc81f5abf945723cf7b60d3
parent 9977d10c
Show whitespace changes
Inline Side-by-side
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment