Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 64fc0f21 authored by Jakub Pawlowski's avatar Jakub Pawlowski
Browse files

Fix potential stack overflow caused by integer overflow 

Bug: 151155194
Merged-In: I0655b0b62301f78cd8705cc7b0e4fc11522f00ca
Change-Id: I0655b0b62301f78cd8705cc7b0e4fc11522f00ca
parent 1c12e817

system/stack/smp/smp_cmac.cc

+2 −1
Original line number Diff line number Diff line
@@ -278,7 +278,8 @@ static bool cmac_generate_subkey(BT_OCTET16 key) { 
 ******************************************************************************/

bool aes_cipher_msg_auth_code(BT_OCTET16 key, uint8_t* input, uint16_t length,

                              uint16_t tlen, uint8_t* p_signature) {

  uint16_t len, diff;

  uint32_t len;

  uint16_t diff;

  uint16_t n = (length + BT_OCTET16_LEN - 1) /

               BT_OCTET16_LEN; /* n is number of rounds */

  bool ret = false;