mirror of
https://github.com/Divested-Mobile/DivestOS-Build.git
synced 2024-10-01 01:35:54 -04:00
ebdf629cbc
Compile tested Signed-off-by: Tad <tad@spotco.us>
44 lines
1.9 KiB
Diff
44 lines
1.9 KiB
Diff
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
|
|
From: Alisher Alikhodjaev <alisher@google.com>
|
|
Date: Fri, 18 Mar 2022 17:13:05 -0700
|
|
Subject: [PATCH] OOB read in phNciNfc_RecvMfResp()
|
|
|
|
The size of RspBuff for Mifare shall be at least 2 bytes:
|
|
Mifare Req/Rsp Id + Status
|
|
|
|
Bug: 221852424
|
|
Test: build ok
|
|
Change-Id: I3a1e10997de8d2a7cb8bbb524fc8788aaf97944e
|
|
(cherry picked from commit f0d86f7fe23499cd4c6631348618463fbc496436)
|
|
Merged-In: I3a1e10997de8d2a7cb8bbb524fc8788aaf97944e
|
|
---
|
|
nci/jni/extns/pn54x/src/mifare/phNxpExtns_MifareStd.c | 8 +-------
|
|
1 file changed, 1 insertion(+), 7 deletions(-)
|
|
|
|
diff --git a/nci/jni/extns/pn54x/src/mifare/phNxpExtns_MifareStd.c b/nci/jni/extns/pn54x/src/mifare/phNxpExtns_MifareStd.c
|
|
index 01d83f59..86657d53 100755
|
|
--- a/nci/jni/extns/pn54x/src/mifare/phNxpExtns_MifareStd.c
|
|
+++ b/nci/jni/extns/pn54x/src/mifare/phNxpExtns_MifareStd.c
|
|
@@ -1231,7 +1231,7 @@ phNciNfc_RecvMfResp(phNciNfc_Buff_t* RspBuffInfo,
|
|
}
|
|
else
|
|
{
|
|
- if((0 == (RspBuffInfo->wLen))
|
|
+ if(((PHNCINFC_EXTNID_SIZE + PHNCINFC_EXTNSTATUS_SIZE) > RspBuffInfo->wLen)
|
|
|| (PH_NCINFC_STATUS_OK != wStatus)
|
|
|| (NULL == (RspBuffInfo->pBuff))
|
|
)
|
|
@@ -1271,12 +1271,6 @@ phNciNfc_RecvMfResp(phNciNfc_Buff_t* RspBuffInfo,
|
|
status = NFCSTATUS_SUCCESS;
|
|
uint16_t wRecvDataSz = 0;
|
|
|
|
- if ((PHNCINFC_EXTNID_SIZE + PHNCINFC_EXTNSTATUS_SIZE) >
|
|
- RspBuffInfo->wLen)
|
|
- {
|
|
- android_errorWriteLog(0x534e4554, "181346550");
|
|
- return NFCSTATUS_FAILED;
|
|
- }
|
|
/* DataLen = TotalRecvdLen - (sizeof(RspId) + sizeof(Status)) */
|
|
wPldDataSize = ((RspBuffInfo->wLen) -
|
|
(PHNCINFC_EXTNID_SIZE + PHNCINFC_EXTNSTATUS_SIZE));
|