Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 781b51b3 authored by Chris Manton's avatar Chris Manton
Browse files

Security fix for potential OOB read in L2CAP 

Bug: 212694559
Tag: #security
Test: gd/cert/run

Ignore-AOSP-First: Security fix
Change-Id: I6b5580a48295911f41e131e2328a3e284daeb68f
parent 5f48c3a4

system/stack/l2cap/l2c_ble.cc

+5 −0
Original line number Diff line number Diff line
@@ -812,6 +812,11 @@ void l2cble_process_sig_cmd(tL2C_LCB* p_lcb, uint8_t* p, uint16_t pkt_len) { 


    case L2CAP_CMD_CREDIT_BASED_RECONFIG_RES: {

      uint16_t result;

      if (p + sizeof(uint16_t) > p_pkt_end) {

        android_errorWriteLog(0x534e4554, "212694559");

        LOG(ERROR) << "invalid read";

        return;

      }

      STREAM_TO_UINT16(result, p);



      L2CAP_TRACE_DEBUG(