DivestOS/Patches/LineageOS-11.0/android_external_bluetooth_bluedroid/265494.patch

32 lines
1.2 KiB
Diff
Raw Normal View History

From 583460635a78028e8724275ad5370a8db3ae9d54 Mon Sep 17 00:00:00 2001
From: Zongheng Wang <wangzongheng@google.com>
Date: Tue, 20 Aug 2019 17:56:04 -0700
Subject: [PATCH] SDP: Disconnect when there is a bad length
Handle the case when SDP_RAW_DATA_INCLUDED is FALSE.
Related to: I9f0df8b2de28970e7d69b737ce5d363785183bf3
Bug: 137239831
Bug: 117105007
Test: manual test
Change-Id: I354494565005f2ca9093486546fc54c145066413
Merged-In: I354494565005f2ca9093486546fc54c145066413
(cherry picked from commit e45fe0a8ec678c73c57967b69c2fd485eef92927)
(cherry picked from commit 7f555a1a9b641a8e4892a4e7a7cc1ff294d8f2b7)
---
stack/sdp/sdp_discovery.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/stack/sdp/sdp_discovery.c b/stack/sdp/sdp_discovery.c
index 474ce6b7..68308e67 100644
--- a/stack/sdp/sdp_discovery.c
+++ b/stack/sdp/sdp_discovery.c
@@ -830,6 +830,7 @@ static void process_service_search_attr_rsp (tCONN_CB *p_ccb, UINT8 *p_reply,
if (p == NULL || (p + seq_len) > (p + p_ccb->list_len))
{
SDP_TRACE_WARNING1("%s: bad length", __func__);
+ sdp_disconnect(p_ccb, SDP_ILLEGAL_PARAMETER);
return;
}
p_end = &p_ccb->rsp_list[p_ccb->list_len];