diff options
| author | Pavlin Radoslavov <pavlin@google.com> | 2017-07-17 15:41:12 -0700 |
|---|---|---|
| committer | Andreas Blaesius <skate4life@gmx.de> | 2017-09-17 22:11:27 +0200 |
| commit | 7f17ba1f8e475706727df7c50bc31ffb191d1f9d (patch) | |
| tree | 3c1454412a150ea0a17b80b0231802f66966d85c | |
| parent | 2bb37becb8efe5ba92f2804cf091bde33c8290d4 (diff) | |
| download | android_system_bt-7f17ba1f8e475706727df7c50bc31ffb191d1f9d.tar.gz android_system_bt-7f17ba1f8e475706727df7c50bc31ffb191d1f9d.tar.bz2 android_system_bt-7f17ba1f8e475706727df7c50bc31ffb191d1f9d.zip | |
Free p_pending_data from tBNEP_CONN to avoid potential memory leaks
Bug: 63146105
Test: External script
Change-Id: I1281779ccf38d1d2dfb1a6dc0e45c0e533cabbca
Merged-In: I1281779ccf38d1d2dfb1a6dc0e45c0e533cabbca
(cherry picked from commit 4982eb5df30cbcbee5c8b8807be95fdc6dfa63c5)
(cherry picked from commit a654681c5558904a8abfa1bbab8eafb651c13231)
CVE-2017-0781
| -rw-r--r-- | stack/bnep/bnep_main.c | 1 | ||||
| -rw-r--r-- | stack/bnep/bnep_utils.c | 1 |
2 files changed, 2 insertions, 0 deletions
diff --git a/stack/bnep/bnep_main.c b/stack/bnep/bnep_main.c index f8267cd80..71711c688 100644 --- a/stack/bnep/bnep_main.c +++ b/stack/bnep/bnep_main.c @@ -565,6 +565,7 @@ static void bnep_data_ind (UINT16 l2cap_cid, BT_HDR *p_buf) p_bcb->con_state != BNEP_STATE_CONNECTED && extension_present && p && rem_len) { + GKI_freebuf(p_bcb->p_pending_data); p_bcb->p_pending_data = (BT_HDR *)GKI_getbuf (rem_len + sizeof(BT_HDR)); if (p_bcb->p_pending_data) { diff --git a/stack/bnep/bnep_utils.c b/stack/bnep/bnep_utils.c index 1db329d61..4c738ea6d 100644 --- a/stack/bnep/bnep_utils.c +++ b/stack/bnep/bnep_utils.c @@ -150,6 +150,7 @@ void bnepu_release_bcb (tBNEP_CONN *p_bcb) /* Drop any response pointer we may be holding */ p_bcb->con_state = BNEP_STATE_IDLE; + GKI_freebuf(p_bcb->p_pending_data); p_bcb->p_pending_data = NULL; /* Free transmit queue */ |