Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 650f86f8 authored by Hansong Zhang's avatar Hansong Zhang
Browse files

DO NOT MERGE Fix OOB read in process_l2cap_cmd 

Test: manual
Bug: 79488381
Change-Id: I723866ed40d3647fed99875f659bb95df96a6969
parent b687d3e3

system/stack/l2cap/l2c_main.cc

+4 −0
Original line number Diff line number Diff line
@@ -545,6 +545,10 @@ static void process_l2cap_cmd(tL2C_LCB* p_lcb, uint8_t* p, uint16_t pkt_len) { 
            default:

              /* sanity check option length */

              if ((cfg_len + L2CAP_CFG_OPTION_OVERHEAD) <= cmd_len) {

                if (p + cfg_len > p_next_cmd) {

                  android_errorWriteLog(0x534e4554, "79488381");

                  return;

                }

                p += cfg_len;

                if ((cfg_code & 0x80) == 0) {

                  cfg_rej_len += cfg_len + L2CAP_CFG_OPTION_OVERHEAD;