Skip to content

November Patches #2

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 7 commits into
base: 12.1
Choose a base branch
from
Open

November Patches #2

wants to merge 7 commits into from

Conversation

@OhMyVenyx
Copy link

@OhMyVenyx OhMyVenyx commented Nov 13, 2022

No description provided.

Brian Delwiche and others added 7 commits November 13, 2022 14:14
@OhMyVenyx
Add negative length check in process_service_search_rsp
3168386 
Bug: 225876506
Test: run supplied POC (updated to Android T)
Tag: #security
Ignore-AOSP-First: Security
Change-Id: I0054806e47ed9d6eb8b034a41c8c872fee7f1eca
(cherry picked from commit eac9616fc32f0bf40d2d2e6d1ff7b453edffc01c)
Merged-In: I0054806e47ed9d6eb8b034a41c8c872fee7f1eca
@OhMyVenyx
resolve merge conflicts of 9c93920de7a8d8106a1bc2e11ebfed79df66946b t…
681a61e 
…o sc-dev

Ignore-AOSP-First: Security
Test: I solemnly swear I tested this conflict resolution.
Bug: 245420598
Change-Id: I029b5e310485e0180e4b7c7280db022848fcd646
(cherry picked from commit be2f542a6a1fb7f89b4562bc149cfdb8ac02748d)
Merged-In: I029b5e310485e0180e4b7c7280db022848fcd646
@OhMyVenyx
Add length check when copy AVDTP packet
43a8cd0 
Bug: 232023771
Test: make
Tag: #security
Ignore-AOSP-First: Security
Change-Id: I68dd78c747eeafee5190dc56d7c71e9eeed08a5b
Merged-In: I68dd78c747eeafee5190dc56d7c71e9eeed08a5b
(cherry picked from commit a75b650a2a4b6b62be1ceb2040c598b0feb0dacb)
Merged-In: I68dd78c747eeafee5190dc56d7c71e9eeed08a5b
@OhMyVenyx
Added max buffer length check
17e38a1 
Bug: 230867224
Test: Manual -- paired Bluetooth headset and played audio
Tags: #security
Ignore-AOSP-First: Security
Change-Id: I740038288143715a1c06db781efd674b269a7f3e
(cherry picked from commit 2992109ab975def57192c5e3d40078e69b1e8717)
Merged-In: I740038288143715a1c06db781efd674b269a7f3e
@OhMyVenyx
Add missing increment in bnep_api.cc
f35ca9d 
Bug: 228450451
Test: manual, pair BT and play audio
Tag: #security
Ignore-AOSP-First: Security
Change-Id: I681878508feae3d0526ed3e928af7a415e7d5c36
(cherry picked from commit 0fa54c7d8a2c061202e61d75b805661c1e89a76d)
Merged-In: I681878508feae3d0526ed3e928af7a415e7d5c36
@ek9852 @OhMyVenyx
Add length check when copy AVDT and AVCT packet
359f0a7 
Previous fix for AVDT causing memory leak.
And missing similar fix for AVCT packet.

Bug: 232023771
Test: make
Tag: #security
Ignore-AOSP-First: Security
Merged-In: Ifa8ed1cd9ea118acba78bdfdf6d5861fad254a90
Change-Id: Ifa8ed1cd9ea118acba78bdfdf6d5861fad254a90
(cherry picked from commit 62986e6a11a7340925d79c4282513aebc28da176)
Merged-In: Ifa8ed1cd9ea118acba78bdfdf6d5861fad254a90
@ek9852 @OhMyVenyx
Fix integer overflow when parsing avrc response
62c3813 
Convert min_len from 16 bits to 32 bits to avoid
length checking overflow.
Also, use calloc instead of malloc for list allocation
since caller need to clean up string memory in the list items

Bug: 242459126
Test: fuzz_avrc
Tag: #security
Ignore-AOSP-First: Security
Merged-In: I7250509f2b320774926a8b24fd28828c5217d8a4
Change-Id: I7250509f2b320774926a8b24fd28828c5217d8a4
(cherry picked from commit 44df45d0385f501150b2221c1c7a02a4d7f5b6d1)
Merged-In: I7250509f2b320774926a8b24fd28828c5217d8a4
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@OhMyVenyx @ek9852