Commits · 65930cfb207af3111cdb528dc5eb5b186437857d · LMODroid / platform_packages_modules_Bluetooth

Feb 07, 2023
- Merge "Fix an OOB bug in remove_sdp_record" into tm-dev · 65930cfb
  Hui Peng authored 2 years ago
  
  65930cfb
- Merge "Fix an OOB bug in btm_ble_periodic_adv_sync_tx_rcvd" into tm-dev · 5d3fdb27
  Hui Peng authored 2 years ago
  
  5d3fdb27
- Merge "Fix an OOB bug in on_remove_iso_data_path" into tm-dev · b8354c4e
  Hui Peng authored 2 years ago
  
  b8354c4e
Feb 06, 2023
- Merge "Fix a nullptr-deref in on_create_record_event" into tm-dev · 334a5b3d
  Hui Peng authored 2 years ago
  
  334a5b3d
- Merge "Fix an OOB bug in register_notification_rsp" into tm-dev · e2418045
  Hui Peng authored 2 years ago
  
  e2418045
- Fix an OOB bug in remove_sdp_record · b9a94d52
  Hui Peng authored 2 years ago
  
  Bug: 245517503 Test: manual Ignore-AOSP-First: security Change-Id: If768b0b2e11bbc4444835fda28e246e285a7e8ab
  b9a94d52
- Fix an OOB bug in btm_ble_periodic_adv_sync_tx_rcvd · a24402da
  Hui Peng authored 2 years ago
  
  Bug: 233879420 Test: manual Ignore-AOSP-First: security Change-Id: Ic740e5ff3ceabf3df1e78431f7d31adf356479f0
  a24402da
Jan 31, 2023

Fix an OOB bug in on_remove_iso_data_path · 1a8a5ece

Hui Peng authored 2 years ago

Bug: 236688764
Test: manul
Ignore-AOSP-First: security
Tag: #security
Change-Id: I0ef4855e715be8fa9a69916e35d3a6c97498a9cc

1a8a5ece

Jan 25, 2023
- Merge "Revert "Fix an OOB bug in bta_hh_co_get_rpt_rsp"" into tm-dev · f9f1695e
  David Duarte authored 2 years ago
  
  f9f1695e
- Revert "Fix an OOB bug in bta_hh_co_get_rpt_rsp" · 2506a98f
  Hui Peng authored 2 years ago
  
  This reverts commit d2e67f50. Reason for revert: regression caused in 266585826 Change-Id: I86a5bb0b96332880a2a173ad57b96fb007e3ea83
  2506a98f
Jan 14, 2023

Fix an OOB bug in register_notification_rsp · daa3efc5

Hui Peng authored 2 years ago

Bug: 245916076
Test: manual
Ignore-AOSP-First: security
Change-Id: I901d973a736678d7f3cc816ddf0cbbcbbd1fe93f

daa3efc5

Jan 12, 2023
- Fix a nullptr-deref in on_create_record_event · b45b8479
  Hui Peng authored 2 years ago
  
  Bug: 263545186 Test: manual Ignore-AOSP-First: security Change-Id: I0abbb67842850cc2f1298b43dc49a89445b40a43
  b45b8479
- Merge "Harden array bounds validation" into tm-dev · d0fc4262
  Brian Delwiche authored 2 years ago
  
  d0fc4262
Jan 11, 2023

Merge "Fix an OOB access bug in btm_vendor_specific_evt" into tm-dev · cbea7ae0
Hui Peng authored 2 years ago

cbea7ae0
Merge "Fix a potential OOB read resulted from integer underflow" into tm-dev · 0e1b29ee
Hui Peng authored 2 years ago

0e1b29ee

Fix an OOB bug in btm_read_rssi_complete · 047a68b1

Hui Peng authored 2 years ago

Bug: 260569232
Test: manual, to add regression
Tag: #security
Ignore-AOSP-First: security
Merged-In: I3d56c64f205c3675ba3856c1e553878b945ec261
Change-Id: I3d56c64f205c3675ba3856c1e553878b945ec261

047a68b1

Merge "Add regression test for b/254774758" into tm-dev · 976361c4
Hui Peng authored 2 years ago

976361c4

Add regression test for b/254774758 · be2a1570

Hui Peng authored 2 years ago

Bug: 254774758
Ignore-AOSP-First: security
Test: atest bluetooth_test_gd_unit
Merged-In: I1709af943b6fa238dd4df41a62e6add36984c9ec
Change-Id: I1709af943b6fa238dd4df41a62e6add36984c9ec

be2a1570

Merge "Add mocking support for now function in AttributionProcessor" into tm-dev · a3141b5d
Hui Peng authored 2 years ago

a3141b5d

Harden array bounds validation · 5409196d

Brian Delwiche authored 2 years ago

Several bounds checks in btif_rc.cc are not validated against
AVRC_MAX_APP_ATTR_SIZE, leading to a potential buffer overflow when
processing AVRCP responses exceeding that length.

This is a patch from Qualcomm which has been adapted to T.

Bug: 261468700
Test: atest bluetooth_test_gd_unit
Tag: #security
Ignore-AOSP-First: Security
Change-Id: Ia71c9f22fa3eb0d2c2b50bf751a873a78919c38f

5409196d

Jan 10, 2023
- Fix an OOB access bug in btm_vendor_specific_evt · 9c12298c
  Hui Peng authored 2 years ago
  
  This CL also fix one of vendor specific event callbacks: BleAdvertiserVscHciInterfaceImpl::VendorSpecificEventCback. Other issues in the callbacks of this function are: - b/261857395, fix in I1ba4d1f1e62b1d77ac635cfb6b16cf175bfbf254. - b/264921486, fix in Ifed6a81c2a980394efbd5666305d10227d5ec186, Bug: 255304665 Test: manual Ignore-AOSP-First: security Tag: #security Change-Id: Ic9c43064db88a36aecb2a88f024db85f6cfc05f1
  9c12298c
- Merge "Fix an OOB bug in btm_delete_stored_link_key_complete" into tm-dev · e6d1eec3
  Hui Peng authored 2 years ago
  
  e6d1eec3
- Merge "Fix an OOB bug in btm_ble_rand_enc_complete" into tm-dev · 56bb00a1
  Hui Peng authored 2 years ago
  
  56bb00a1
- Merge "Fix an OOB bug in btm_read_tx_power_complete" into tm-dev · ba4fd4c7
  Hui Peng authored 2 years ago
  
  ba4fd4c7
- Merge "Fix an OOB bug in btu_ble_rc_param_req_evt" into tm-dev · 90569993
  Hui Peng authored 2 years ago
  
  90569993
- Merge "Fix an OOB bug in btm_ble_read_remote_features_complete" into tm-dev · 398f10c5
  Hui Peng authored 2 years ago
  
  398f10c5
- Merge "Fix an OOB bug in btu_ble_ll_conn_param_upd_evt" into tm-dev · 78e6c132
  Hui Peng authored 2 years ago
  
  78e6c132
- Merge "Fix an OOB write in BTA_GATTS_HandleValueIndication" into tm-dev · 45027bbe
  Hui Peng authored 2 years ago
  
  45027bbe
- Merge "Fix an OOB bug in btm_create_conn_cancel_complete" into tm-dev · 0a903879
  Hui Peng authored 2 years ago
  
  0a903879
- Merge "Fix an OOB bug in btm_ble_write_adv_enable_complete" into tm-dev · 96c12159
  Hui Peng authored 2 years ago
  
  96c12159
- Merge "Fix an OOB bug in btm_read_local_oob_complete" into tm-dev · 993b0731
  Hui Peng authored 2 years ago
  
  993b0731
- Merge "Fix an OOB access bug in BtaAvCo::GetNextSourceDataPacket" into tm-dev · bfdef9b8
  TreeHugger Robot authored 2 years ago
  
  bfdef9b8
- Merge "Fix an OOB bug in btm_read_link_quality_complete" into tm-dev · 8855f6c4
  Hui Peng authored 2 years ago
  
  8855f6c4
- Merge "Fix an OOB bug in btm_ble_process_periodic_adv_sync_lost_evt" into tm-dev · 6494326a
  Hui Peng authored 2 years ago
  
  6494326a
- Fix an OOB access bug in BtaAvCo::GetNextSourceDataPacket · d1047690
  Hui Peng authored 2 years ago
  
  If the length of the packet is less than 4 or the offset is 0 OOB access is triggered. Bug: 259939364 Test: manual Ignore-AOSP-First: security Merged-In: I11a3ebf20c45e9e69a4008a7d7271470e6235fe1 Change-Id: I11a3ebf20c45e9e69a4008a7d7271470e6235fe1
  d1047690
- Fix an OOB bug in on_iso_link_quality_read · f7679c19
  Hui Peng authored 2 years ago
  
  Bug: 260568750 Test: manual Tag: #security Ignore-AOSP-First: security Merged-In: I58b259541a507d65271c4e8b61fcd878a3f90ec0 Change-Id: I58b259541a507d65271c4e8b61fcd878a3f90ec0
  f7679c19
- Fix an OOB bug in btm_delete_stored_link_key_complete · 0ab9b925
  Hui Peng authored 2 years ago
  
  Bug: 260568359 Test: manual Tag: #security Ignore-AOSP-First: security Merged-In: Icb13312b79a59117c9524ddad4163135b364baba Change-Id: Icb13312b79a59117c9524ddad4163135b364baba
  0ab9b925
- Fix an OOB bug in btm_ble_read_remote_features_complete · 6aedab38
  Hui Peng authored 2 years ago
  
  Bug: 254445952 Test: manual Tag: #security Ignore-AOSP-First: security Merged-In: I25f928cc9fa4b3338b1885412e5f894b4155da71 Change-Id: I25f928cc9fa4b3338b1885412e5f894b4155da71
  6aedab38
- Fix an OOB bug in btm_read_local_oob_complete · 14eaa92e
  Hui Peng authored 2 years ago
  
  Bug: 260568354 Test: manual Tag: #security Ignore-AOSP-First: security Merged-In: I739a42519df656b28d6043f179d02316bf5a71f2 Change-Id: I739a42519df656b28d6043f179d02316bf5a71f2
  14eaa92e
- Fix an OOB bug in btm_read_tx_power_complete · 606824af
  Hui Peng authored 2 years ago
  
  Bug: 260568083 Test: manual Tag: #security Ignore-AOSP-First: security Merged-In: I47f4806743b5837f4d7de774eafc95824b0abdd6 Change-Id: I47f4806743b5837f4d7de774eafc95824b0abdd6
  606824af