mirror of
https://github.com/Divested-Mobile/DivestOS-Build.git
synced 2024-12-14 10:24:32 -05:00
082bc48c32
https://review.lineageos.org/q/topic:P_asb_2022-05 https://review.lineageos.org/q/topic:P_asb_2022-06 https://review.lineageos.org/q/topic:P_asb_2022-07 https://review.lineageos.org/q/topic:P_asb_2022-08 https://review.lineageos.org/q/topic:P_asb_2022-09 https://review.lineageos.org/q/topic:P_asb_2022-10 https://review.lineageos.org/q/topic:P_asb_2022-11 https://review.lineageos.org/q/topic:P_asb_2022-12 https://review.lineageos.org/q/topic:P_asb_2023-01 https://review.lineageos.org/q/topic:P_asb_2023-02 https://review.lineageos.org/q/topic:P_asb_2023-03 https://review.lineageos.org/q/topic:P_asb_2023-04 https://review.lineageos.org/q/topic:P_asb_2023-05 https://review.lineageos.org/q/topic:P_asb_2023-06 https://review.lineageos.org/q/topic:P_asb_2023-07 accounted for via manifest change: https://review.lineageos.org/c/LineageOS/android_external_freetype/+/361250 https://review.lineageos.org/q/topic:P_asb_2023-08 accounted for via manifest change: https://review.lineageos.org/c/LineageOS/android_external_freetype/+/364606 accounted for via patches: https://review.lineageos.org/c/LineageOS/android_system_ca-certificates/+/365328 https://review.lineageos.org/q/topic:P_asb_2023-09 https://review.lineageos.org/q/topic:P_asb_2023-10 https://review.lineageos.org/q/topic:P_asb_2023-11 accounted for via patches: https://review.lineageos.org/c/LineageOS/android_system_ca-certificates/+/374916 https://review.lineageos.org/q/topic:P_asb_2023-12 https://review.lineageos.org/q/topic:P_asb_2024-01 https://review.lineageos.org/q/topic:P_asb_2024-02 https://review.lineageos.org/q/topic:P_asb_2024-03 https://review.lineageos.org/q/topic:P_asb_2024-04 Signed-off-by: Tavi <tavi@divested.dev>
45 lines
1.6 KiB
Diff
45 lines
1.6 KiB
Diff
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
|
|
From: Hui Peng <phui@google.com>
|
|
Date: Wed, 29 Nov 2023 00:53:33 +0000
|
|
Subject: [PATCH] Fix an OOB bug in btif_to_bta_response and
|
|
attp_build_value_cmd
|
|
|
|
this is a backport of Iefa66f3a293ac2072ba79853a9ec23cdfe4c1368
|
|
|
|
Bug: 276898739
|
|
Test: manual
|
|
Tag: #security
|
|
Ignore-AOSP-First: security
|
|
(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:138120c65f9b5a03d462d01da9c5c7f71c875e1e)
|
|
Merged-In: Ia13e47e416d43243e90fb1430f65ae68c50f9ff3
|
|
Change-Id: Ia13e47e416d43243e90fb1430f65ae68c50f9ff3
|
|
---
|
|
btif/src/btif_gatt_util.cc | 6 ++++--
|
|
1 file changed, 4 insertions(+), 2 deletions(-)
|
|
|
|
diff --git a/btif/src/btif_gatt_util.cc b/btif/src/btif_gatt_util.cc
|
|
index 16f227511..a0798df15 100644
|
|
--- a/btif/src/btif_gatt_util.cc
|
|
+++ b/btif/src/btif_gatt_util.cc
|
|
@@ -18,6 +18,8 @@
|
|
|
|
#define LOG_TAG "bt_btif_gatt"
|
|
|
|
+#include <algorithm>
|
|
+
|
|
#include "btif_gatt_util.h"
|
|
|
|
#include <errno.h>
|
|
@@ -48,9 +50,9 @@ using bluetooth::Uuid;
|
|
void btif_to_bta_response(tGATTS_RSP* p_dest, btgatt_response_t* p_src) {
|
|
p_dest->attr_value.auth_req = p_src->attr_value.auth_req;
|
|
p_dest->attr_value.handle = p_src->attr_value.handle;
|
|
- p_dest->attr_value.len = p_src->attr_value.len;
|
|
+ p_dest->attr_value.len = std::min<uint16_t>(p_src->attr_value.len, GATT_MAX_ATTR_LEN);
|
|
p_dest->attr_value.offset = p_src->attr_value.offset;
|
|
- memcpy(p_dest->attr_value.value, p_src->attr_value.value, GATT_MAX_ATTR_LEN);
|
|
+ memcpy(p_dest->attr_value.value, p_src->attr_value.value, p_dest->attr_value.len);
|
|
}
|
|
|
|
/*******************************************************************************
|