summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorGeorge Chang <georgekgchang@google.com>2020-03-26 06:29:57 +0000
committerAndroid (Google) Code Review <android-gerrit@google.com>2020-03-26 06:29:57 +0000
commitfe643c6403a179faf26803bc203b6e821db02acd (patch)
tree66848a556e6ec177f99c2a2828981ab2a9e8132d
parent1f119ee6542ca119eadb5b0a4a9689583dc50b38 (diff)
parent4e4e0923eb1841698ad539403b7c0687bb2920b0 (diff)
downloadandroid_hardware_nxp_nfc-fe643c6403a179faf26803bc203b6e821db02acd.tar.gz
android_hardware_nxp_nfc-fe643c6403a179faf26803bc203b6e821db02acd.tar.bz2
android_hardware_nxp_nfc-fe643c6403a179faf26803bc203b6e821db02acd.zip
Merge "Prevent OOB write in phNxpNciHal_send_ese_hal_cmd" into qt-qpr1-dev
Diffstat
-rwxr-xr-xhalimpl/hal/phNxpNciHal_ext.cc4
1 files changed, 4 insertions, 0 deletions
diff --git a/halimpl/hal/phNxpNciHal_ext.cc b/halimpl/hal/phNxpNciHal_ext.cc
index 7908141..1bbd25f 100755
--- a/halimpl/hal/phNxpNciHal_ext.cc
+++ b/halimpl/hal/phNxpNciHal_ext.cc
@@ -901,6 +901,10 @@ NFCSTATUS phNxpNciHal_send_ext_cmd(uint16_t cmd_len, uint8_t* p_cmd) {
******************************************************************************/
NFCSTATUS phNxpNciHal_send_ese_hal_cmd(uint16_t cmd_len, uint8_t* p_cmd) {
NFCSTATUS status = NFCSTATUS_FAILED;
+ if (cmd_len > NCI_MAX_DATA_LEN) {
+ NXPLOG_NCIHAL_E("cmd_len exceeds limit NCI_MAX_DATA_LEN");
+ return status;
+ }
nxpncihal_ctrl.cmd_len = cmd_len;
memcpy(nxpncihal_ctrl.p_cmd_data, p_cmd, cmd_len);
status = phNxpNciHal_process_ext_cmd_rsp(nxpncihal_ctrl.cmd_len,
generated by cgit v1.2.3 (git 2.25.1) at 2026-03-14 09:05:17 +0000