Git-Mirrors/DivestOS
1
0
Fork 0
mirror of https://github.com/Divested-Mobile/DivestOS-Build.git synced 2024-07-05 19:11:15 +00:00
Code Issues Packages Projects Releases Wiki Activity
4cf2b308ff
DivestOS/Patches/LineageOS-14.1/android_packages_apps_Nfc/332455.patch
Tad 202033c013
Pull in old cherrypicks + 5 missing patches from syphyr 
This adds 3 expat patches for n-asb-2022-09
from https://github.com/syphyr/android_external_expat/commits/cm-14.1
and also applies 2 of them to 15.1

Signed-off-by: Tad <tad@spotco.us>
2022-09-11 14:02:35 -04:00

45 lines
1.9 KiB
Diff
Raw Blame History

From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: Alisher Alikhodjaev <alisher@google.com>
Date: Fri, 18 Mar 2022 17:13:05 -0700
Subject: [PATCH] OOB read in phNciNfc_RecvMfResp()
The size of RspBuff for Mifare shall be at least 2 bytes:
Mifare Req/Rsp Id + Status
Bug: 221852424
Test: build ok
Change-Id: I3a1e10997de8d2a7cb8bbb524fc8788aaf97944e
(cherry picked from commit f0d86f7fe23499cd4c6631348618463fbc496436)
Merged-In: I3a1e10997de8d2a7cb8bbb524fc8788aaf97944e
---
nci/jni/extns/pn54x/src/mifare/phNxpExtns_MifareStd.c | 9 +--------
1 file changed, 1 insertion(+), 8 deletions(-)
diff --git a/nci/jni/extns/pn54x/src/mifare/phNxpExtns_MifareStd.c b/nci/jni/extns/pn54x/src/mifare/phNxpExtns_MifareStd.c
index d3d78a03..0ee2314d 100755
--- a/nci/jni/extns/pn54x/src/mifare/phNxpExtns_MifareStd.c
+++ b/nci/jni/extns/pn54x/src/mifare/phNxpExtns_MifareStd.c
@@ -1230,7 +1230,7 @@ phNciNfc_RecvMfResp(phNciNfc_Buff_t* RspBuffInfo,
}
else
{
- if((0 == (RspBuffInfo->wLen))
+ if(((PHNCINFC_EXTNID_SIZE + PHNCINFC_EXTNSTATUS_SIZE) > RspBuffInfo->wLen)
|| (PH_NCINFC_STATUS_OK != wStatus)
|| (NULL == (RspBuffInfo->pBuff))
)
@@ -1250,13 +1250,6 @@ phNciNfc_RecvMfResp(phNciNfc_Buff_t* RspBuffInfo,
{
status = NFCSTATUS_SUCCESS;
- if ((PHNCINFC_EXTNID_SIZE + PHNCINFC_EXTNSTATUS_SIZE) >
- RspBuffInfo->wLen)
- {
- android_errorWriteLog(0x534e4554, "181346550");
- return NFCSTATUS_FAILED;
- }
-
/* DataLen = TotalRecvdLen - (sizeof(RspId) + sizeof(Status)) */
wPldDataSize = ((RspBuffInfo->wLen) -
(PHNCINFC_EXTNID_SIZE + PHNCINFC_EXTNSTATUS_SIZE));
Reference in New Issue View Git Blame Copy Permalink