diff options
| author | George Chang <georgekgchang@google.com> | 2020-02-20 21:58:58 +0800 |
|---|---|---|
| committer | George Chang <georgekgchang@google.com> | 2020-02-21 06:01:02 +0000 |
| commit | 4e4e0923eb1841698ad539403b7c0687bb2920b0 (patch) | |
| tree | 60c05d0bc3a9fc9be7c3b83a3356c02fd1a4dd2e /halimpl/hal/phNxpNciHal_ext.cc | |
| parent | f384f95bfe983c90d6d549388bbc903ac8f50c3b (diff) | |
| download | android_hardware_nxp_nfc-4e4e0923eb1841698ad539403b7c0687bb2920b0.tar.gz android_hardware_nxp_nfc-4e4e0923eb1841698ad539403b7c0687bb2920b0.tar.bz2 android_hardware_nxp_nfc-4e4e0923eb1841698ad539403b7c0687bb2920b0.zip | |
Prevent OOB write in phNxpNciHal_send_ese_hal_cmd
Bug: 139736386
Test: manual
Change-Id: Ibb9fa346038c3645eaf80bd814bf880d9a3c3e7f
Diffstat (limited to 'halimpl/hal/phNxpNciHal_ext.cc')
| -rwxr-xr-x | halimpl/hal/phNxpNciHal_ext.cc | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/halimpl/hal/phNxpNciHal_ext.cc b/halimpl/hal/phNxpNciHal_ext.cc index 7908141..1bbd25f 100755 --- a/halimpl/hal/phNxpNciHal_ext.cc +++ b/halimpl/hal/phNxpNciHal_ext.cc @@ -901,6 +901,10 @@ NFCSTATUS phNxpNciHal_send_ext_cmd(uint16_t cmd_len, uint8_t* p_cmd) { ******************************************************************************/ NFCSTATUS phNxpNciHal_send_ese_hal_cmd(uint16_t cmd_len, uint8_t* p_cmd) { NFCSTATUS status = NFCSTATUS_FAILED; + if (cmd_len > NCI_MAX_DATA_LEN) { + NXPLOG_NCIHAL_E("cmd_len exceeds limit NCI_MAX_DATA_LEN"); + return status; + } nxpncihal_ctrl.cmd_len = cmd_len; memcpy(nxpncihal_ctrl.p_cmd_data, p_cmd, cmd_len); status = phNxpNciHal_process_ext_cmd_rsp(nxpncihal_ctrl.cmd_len, |