Fix buffer overflow in BRSF
bta_hf_client_at does not properly check bounds on its inputs, allowing a buffer overflow when fed a buffer that is more than twice the expected maximum size. Add a new bounds check to enforce, and a new security test to validate. Bug: 231156521 Test: atest: BtaHfClientSecurityTest Tag: #security Ignore-AOSP-First: Security Change-Id: I2cf89a786ba7cd0423eaccd8082bd824ac2f0d43
Showing
- system/bta/Android.bp 33 additions, 0 deletionssystem/bta/Android.bp
- system/bta/hf_client/bta_hf_client_at.cc 7 additions, 0 deletionssystem/bta/hf_client/bta_hf_client_at.cc
- system/bta/test/bta_hf_client_security_test.cc 79 additions, 0 deletionssystem/bta/test/bta_hf_client_security_test.cc
- system/test/mock/mock_device_esco_parameters.cc 5 additions, 0 deletionssystem/test/mock/mock_device_esco_parameters.cc
- system/test/run_unit_tests.sh 4 additions, 0 deletionssystem/test/run_unit_tests.sh
Loading
Please register or sign in to comment