Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Skip to content
Commit 7bbdb139 authored by Brian Delwiche's avatar Brian Delwiche
Browse files

Fix heap-buffer overflow in sdp_utils.cc 

Fuzzer identifies a case where sdpu_compare_uuid_with_attr crashes with
an out of bounds comparison.  Although the bug claims this is due to a
comparison of a uuid with a smaller data field thana the discovery
attribute, my research suggests that this instead stems from a
comparison of a 128 bit UUID with a discovery attribute of some other,
invalid size.

Add checks for discovery attribute size.

Bug: 287184435
Test: atest bluetooth_test_gd_unit, net_test_stack_sdp
Tag: #security
Ignore-AOSP-First: Security
Merged-In: Id06699e51937515b2465f0b3ad72eab9e0a8e532
Change-Id: I8e16ae525815bcdd47a2379ee8e5a6de47a3ac43
parent b9bcb27e
Hide whitespace changes
Inline Side-by-side
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment