diff options
author | Ningyuan Wang <nywang@google.com> | 2017-05-15 14:24:41 -0700 |
---|---|---|
committer | Ivan Kutepov <its.kutepov@gmail.com> | 2017-08-13 18:56:47 +0300 |
commit | 2e1ff498017ee2e2a403fce604efe8947ed85411 (patch) | |
tree | 9701ade238e93608a558fd18793774a3a03c1003 /service/CleanSpec.mk | |
parent | cbb1f819c2f82af3e99e10dda29e216877a5187c (diff) | |
download | android_frameworks_opt_net_wifi-cm-13.0.tar.gz android_frameworks_opt_net_wifi-cm-13.0.tar.bz2 android_frameworks_opt_net_wifi-cm-13.0.zip |
wifinative jni: check array length for trackSignificantWifiChangeHEADreplicant-6.0-0003replicant-6.0-0002cm-13.0
params.ap is an array with length MAX_SIGNIFICANT_CHANGE_APS == 64
We should check that params.num_ap does not exceed this value,
otherwise this could be a stack overflow security vulnerability.
CTS test is not available because CTS test doesn't have the
privilege to access system API.
Bug: 37207928
Test: compile
Test: SafetyNet log not triggered under non-exploit conditions
Change-Id: I541bacd5448124864f28ef1671edf065cc0e35ed
(cherry picked from commit dc96644e72bbac7b579c3ac4b8c5beed1fe7f0b6)
Diffstat (limited to 'service/CleanSpec.mk')
0 files changed, 0 insertions, 0 deletions