Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit db64568e authored by Martin Brabham's avatar Martin Brabham
Browse files

btm_sec: p_name fails matching security records 

When doing a comparison on p_name that is passed in against
the p_name in the struct will never match if the passed in
name is >= 21 characters.  This is due to the strlcpy replacing
the last character with a null termination character.

Without this patch, you will observe 2 security records for
"Android Network Acce" (which is supposed to be "Android Network Access Point")

BTM_SEC_SERVCE_NAME_LEN = 21

                                                    21
passed in: |A|n|d|r|o|i|d| |N|e|t|w|o|r|k| |A|c|c|e|s|s| |P|o|i|n|t|
           ---------------------------------------------------------
structval: |A|n|d|r|o|i|d| |N|e|t|w|o|r|k| |A|c|c|e|\0|

Bug: 34707848
Test: Compile, Manual
Change-Id: I24e0204d8faf54545c7b720a0fbc6765db9a1295
parent cbbaf1d7

system/stack/btm/btm_sec.cc

+4 −2
Original line number Diff line number Diff line
@@ -532,9 +532,11 @@ static bool btm_sec_set_security_level(CONNECTION_TYPE conn_type, 
      if (p_srec->psm == psm && p_srec->mx_proto_id == mx_proto_id &&

          service_id == p_srec->service_id && p_name &&

          (!strncmp(p_name, (char*)p_srec->orig_service_name,

                    BTM_SEC_SERVICE_NAME_LEN) ||

                    /* strlcpy replaces end char with termination char*/

                    BTM_SEC_SERVICE_NAME_LEN - 1) ||

           !strncmp(p_name, (char*)p_srec->term_service_name,

                    BTM_SEC_SERVICE_NAME_LEN)))

                    /* strlcpy replaces end char with termination char*/

                    BTM_SEC_SERVICE_NAME_LEN - 1)))

#else

      if (p_srec->psm == psm && p_srec->mx_proto_id == mx_proto_id &&

          service_id == p_srec->service_id)