Snippets Groups Projects

Commit 367ed057 authored 2 years ago by Brian Delwiche

Validate buffer length in sdpu_build_uuid_seq

sdpu_build_uuid_seq accepts a UUID sequence of arbitrary length
but does not validate against the boundaries of the buffer it's
filling.  This can lead to an OOB write.

Add validation.

Bug: 239414876
Test: atest: bluetooth, validated against POC
Tag: #security
Ignore-AOSP-First: Security

Change-Id: I6c0b91428bd37d73ae707b8a1843338998fb9562

parent e6d1eec3

No related branches found

No related tags found

Hide whitespace changes

Inline Side-by-side

Showing with 53 additions and 5 deletions

LMO GerritBot @lmo-gerritbot
mentioned in commit e6cf2700
· 1 year ago

mentioned in commit e6cf2700

mentioned in commit e6cf2700522cf639d8115b025833edc24702c7e9

Toggle commit list
LMO GerritBot @lmo-gerritbot
mentioned in commit 95ff9958
· 1 year ago

mentioned in commit 95ff9958

mentioned in commit 95ff99582cb89eed7944ec1feb53eb3fce6744d5

Toggle commit list
LMO GerritBot @lmo-gerritbot
mentioned in commit 375fe281
· 1 year ago

mentioned in commit 375fe281

mentioned in commit 375fe2818642dcfeaef130c4cf49c49b0eb56c36

Toggle commit list

Please register or to comment