summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorNingyuan Wang <nywang@google.com>2016-10-11 18:42:12 (GMT)
committerChristopher R. Palmer <crpalmer@gmail.com>2017-02-04 01:30:10 (GMT)
commit5652d3d173589244a5deeb62e1091bea61a32497 (patch)
tree911699948664f3023675280e30b188a94b6c10f9
parentbebdc4a3ae5000ac26c16071f26557eb7d8278d8 (diff)
downloadandroid_frameworks_opt_net_wifi-5652d3d173589244a5deeb62e1091bea61a32497.zip
android_frameworks_opt_net_wifi-5652d3d173589244a5deeb62e1091bea61a32497.tar.gz
android_frameworks_opt_net_wifi-5652d3d173589244a5deeb62e1091bea61a32497.tar.bz2
resolve merge conflicts of 849c5c7 to mnc-dev
merge into mmr3 This resovles the merge conflict for ag/1514448/ After Android M, this function uses num_bssid instead of num_ap. Both are prone to stack overflow attacks. Bug: 31856351 Test: compile, unit tests, manual test Change-Id: Ied24e6a7ee3047a5319bcca77a0f0f94889b6ca1
-rw-r--r--service/jni/com_android_server_wifi_WifiNative.cpp6
1 files changed, 3 insertions, 3 deletions
diff --git a/service/jni/com_android_server_wifi_WifiNative.cpp b/service/jni/com_android_server_wifi_WifiNative.cpp
index a153773..a387a0c 100644
--- a/service/jni/com_android_server_wifi_WifiNative.cpp
+++ b/service/jni/com_android_server_wifi_WifiNative.cpp
@@ -899,15 +899,15 @@ static jboolean android_net_wifi_setHotlist(
return false;
}
- if (params.num_ap >
+ if (params.num_bssid >
static_cast<int>(sizeof(params.ap) / sizeof(params.ap[0]))) {
ALOGE("setHotlist array length is too long");
android_errorWriteLog(0x534e4554, "31856351");
return false;
}
- for (int i = 0; i < params.num_ap; i++) {
- jobject objAp = env->GetObjectArrayElement(array, i);
+ for (int i = 0; i < params.num_bssid; i++) {
+ JNIObject<jobject> objAp = helper.getObjectArrayElement(array, i);
JNIObject<jstring> macAddrString = helper.getStringField(objAp, "bssid");
if (macAddrString == NULL) {