DivestOS/Patches/LineageOS-14.1/android_external_libnfc-nci/343955.patch

30 lines
1.2 KiB
Diff
Raw Normal View History

From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: Alisher Alikhodjaev <alisher@google.com>
Date: Wed, 3 Aug 2022 12:25:33 -0700
Subject: [PATCH] OOBW in phNxpNciHal_write_unlocked()
Bug: 230356196
Test: builds ok
Merged-In: Ief580984ad58dbc7c57c2537c511d6b81c91b581
Change-Id: I7f22b9ce4a7f101a9218de746b71def74a5efa8c
(cherry picked from commit a0c461b91a67f6ee0e86f856bcea2bdac2318491)
Merged-In: I7f22b9ce4a7f101a9218de746b71def74a5efa8c
---
halimpl/pn54x/hal/phNxpNciHal_ext.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/halimpl/pn54x/hal/phNxpNciHal_ext.c b/halimpl/pn54x/hal/phNxpNciHal_ext.c
index bb667e9..4d458e3 100644
--- a/halimpl/pn54x/hal/phNxpNciHal_ext.c
+++ b/halimpl/pn54x/hal/phNxpNciHal_ext.c
@@ -787,7 +787,8 @@ NFCSTATUS phNxpNciHal_write_ext(uint16_t *cmd_len, uint8_t *p_cmd_data,
status = NFCSTATUS_FAILED;
}
//2002 0904 3000 3100 3200 5000
- else if ( (p_cmd_data[0] == 0x20 && p_cmd_data[1] == 0x02 ) &&
+ else if (*cmd_len <= (NCI_MAX_DATA_LEN - 1) &&
+ (p_cmd_data[0] == 0x20 && p_cmd_data[1] == 0x02) &&
( (p_cmd_data[2] == 0x09 && p_cmd_data[3] == 0x04) /*||
(p_cmd_data[2] == 0x0D && p_cmd_data[3] == 0x04)*/
)