DivestOS/Patches/LineageOS-15.1/android_system_nfc/344180-backport.patch

30 lines
1.2 KiB
Diff
Raw Permalink Normal View History

From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: Alisher Alikhodjaev <alisher@google.com>
Date: Wed, 3 Aug 2022 12:25:33 -0700
Subject: [PATCH] OOBW in phNxpNciHal_write_unlocked()
Bug: 230356196
Test: builds ok
Merged-In: Ief580984ad58dbc7c57c2537c511d6b81c91b581
Change-Id: I7f22b9ce4a7f101a9218de746b71def74a5efa8c
(cherry picked from commit a0c461b91a67f6ee0e86f856bcea2bdac2318491)
Merged-In: I7f22b9ce4a7f101a9218de746b71def74a5efa8c
---
halimpl/pn54x/hal/phNxpNciHal_ext.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/halimpl/pn54x/hal/phNxpNciHal_ext.c b/halimpl/pn54x/hal/phNxpNciHal_ext.c
index 0e9f2ae..ed996e0 100644
--- a/halimpl/pn54x/hal/phNxpNciHal_ext.c
+++ b/halimpl/pn54x/hal/phNxpNciHal_ext.c
@@ -735,7 +735,8 @@ NFCSTATUS phNxpNciHal_write_ext(uint16_t* cmd_len, uint8_t* p_cmd_data,
status = NFCSTATUS_FAILED;
}
// 2002 0904 3000 3100 3200 5000
- else if ((p_cmd_data[0] == 0x20 && p_cmd_data[1] == 0x02) &&
+ else if (*cmd_len <= (NCI_MAX_DATA_LEN - 1) &&
+ (p_cmd_data[0] == 0x20 && p_cmd_data[1] == 0x02) &&
((p_cmd_data[2] == 0x09 && p_cmd_data[3] == 0x04) /*||
(p_cmd_data[2] == 0x0D && p_cmd_data[3] == 0x04)*/
)) {