diff options
author | Cheney Ni <cheneyni@google.com> | 2019-08-23 23:05:19 +0800 |
---|---|---|
committer | Vasyl Gello <vasek.gello@gmail.com> | 2019-11-05 19:26:24 +0000 |
commit | a19f952ddaa36596aa9f1eeab798db81ccd076bc (patch) | |
tree | 5d396dde76d999ca8a1a02a9d1d5426a41d35475 | |
parent | 17556d9696134778f70ccd813b7734fe202aace5 (diff) | |
download | android_packages_apps_Bluetooth-cm-14.1.tar.gz android_packages_apps_Bluetooth-cm-14.1.tar.bz2 android_packages_apps_Bluetooth-cm-14.1.zip |
DO NOT MERGE: AdapterService: Check the PIN code length before usingcm-14.1
The length is assigned by the framework. We should be better to check
again before using, and dropped any unexcepted input.
Bug: 139287605
Test: PoC
Change-Id: Ie2dd01e0b192e7ed1fe4b464618ddfa415dbf15c
(cherry picked from commit 3d7549de501ec15f973ff176435c07de018643b5)
-rw-r--r-- | src/com/android/bluetooth/btservice/AdapterService.java | 12 |
1 files changed, 12 insertions, 0 deletions
diff --git a/src/com/android/bluetooth/btservice/AdapterService.java b/src/com/android/bluetooth/btservice/AdapterService.java index b6caeb273..4104d4220 100644 --- a/src/com/android/bluetooth/btservice/AdapterService.java +++ b/src/com/android/bluetooth/btservice/AdapterService.java @@ -2268,6 +2268,12 @@ public class AdapterService extends Service { return false; } + if (pinCode.length != len) { + android.util.EventLog.writeEvent(0x534e4554, "139287605", -1, + "PIN code length mismatch"); + return false; + } + byte[] addr = Utils.getBytesFromAddress(device.getAddress()); return pinReplyNative(addr, accept, len, pinCode); } @@ -2279,6 +2285,12 @@ public class AdapterService extends Service { return false; } + if (passkey.length != len) { + android.util.EventLog.writeEvent(0x534e4554, "139287605", -1, + "Passkey length mismatch"); + return false; + } + byte[] addr = Utils.getBytesFromAddress(device.getAddress()); return sspReplyNative(addr, AbstractionLayer.BT_SSP_VARIANT_PASSKEY_ENTRY, accept, Utils.byteArrayToInt(passkey)); |