Validate buffer length in sdpu_build_uuid_seq
sdpu_build_uuid_seq accepts a UUID sequence of arbitrary length but does not validate against the boundaries of the buffer it's filling. This can lead to an OOB write. Add validation. Bug: 239414876 Test: atest: bluetooth, validated against POC Tag: #security Ignore-AOSP-First: Security (cherry picked from commit 367ed057) (cherry picked from https://googleplex-android-review.googlesource.com/q/commit:7a62a311d1a0c229ba75529dbedcb47a7af18142) Merged-In: Ibce32cc09ad2991789569f35ef2f71f90537fdce Change-Id: Ibce32cc09ad2991789569f35ef2f71f90537fdce
Loading
Please register or sign in to comment