android_system_bt/stack/mcap, branch cm-13.0 Unnamed repository; edit this file 'description' to name the repository. MCAP: Check response length in mca_ccb_hdl_rsp 2019-02-03T11:40:00+00:00 Myles Watson mylesgw@google.com 2018-10-25T22:27:03+00:00 409e6b9b92ed7104ce03ffb9842f1960461db6b7 Bug: 116319076 Test: Send a short MCAP response Change-Id: I0452f7d2c0f4ecccc7a6501773e26b403b116179 (cherry picked from commit 0ab53ca2af26f70126d6d9d6600d090a720758fa) CVE-2018-9592 
Bug: 116319076
Test: Send a short MCAP response
Change-Id: I0452f7d2c0f4ecccc7a6501773e26b403b116179
(cherry picked from commit 0ab53ca2af26f70126d6d9d6600d090a720758fa)
CVE-2018-9592
Add packet length checks in mca_ccb_hdl_req 2018-11-18T07:45:39+00:00 Cheney Ni cheneyni@google.com 2018-08-07T13:32:07+00:00 aa1c0edaabb7d7f33177dc2de1877eaa30478ec2 Bug: 110791536 Test: manual Change-Id: Ica5d8037246682fdb190b2747a86ed8d44c2869a (cherry picked from commit 4de7ccdd914b7a178df9180d15f675b257ea6e02) 
Bug: 110791536
Test: manual
Change-Id: Ica5d8037246682fdb190b2747a86ed8d44c2869a
(cherry picked from commit 4de7ccdd914b7a178df9180d15f675b257ea6e02)
Allocate buffers of the right size when BT_HDR is included 2017-09-17T20:11:26+00:00 Pavlin Radoslavov pavlin@google.com 2017-07-06T20:39:02+00:00 2bb37becb8efe5ba92f2804cf091bde33c8290d4 Bug: 63146105 Test: External script Change-Id: I1f2c871e3fcf57aabdad9d07905e6dae643bd496 Merged-In: I1f2c871e3fcf57aabdad9d07905e6dae643bd496 (cherry picked from commit 8810ffba990f8f53172c445ebde8707525bb7813) CVE-2017-0781 
Bug: 63146105
Test: External script
Change-Id: I1f2c871e3fcf57aabdad9d07905e6dae643bd496
Merged-In: I1f2c871e3fcf57aabdad9d07905e6dae643bd496
(cherry picked from commit 8810ffba990f8f53172c445ebde8707525bb7813)
CVE-2017-0781
BT: Fixed Static Analysis Issues 2015-10-06T09:22:00+00:00 Matadeen Mishra matade@codeaurora.org 2015-08-21T04:17:05+00:00 fada44256f77be2e7cdf1b6089c15c4b08a76046 - This fix avoids NULL pointer dereferences, Array Index Out of Bounds Exceptions and Banned funciton in the bluedroid code space of Bluetooth. CRs-Fixed: 890309, 890321 Change-Id: I24ae794ee01b65b5ab15c73cd82677b0481910ad 
  - This fix avoids NULL pointer dereferences,
    Array Index Out of Bounds Exceptions
    and Banned funciton in the bluedroid code
    space of Bluetooth.
CRs-Fixed: 890309, 890321

Change-Id: I24ae794ee01b65b5ab15c73cd82677b0481910ad
Bluetooth: LE-L2CAP-COC on M. 2015-10-06T09:21:48+00:00 Balraj Selvaraj bselva@codeaurora.org 2015-07-21T15:20:27+00:00 273de486f3b1771be80b83ed30fa7df4449c7eab LE L2CAP Connection Oriented Channel implementation for credit based flow control on LE L2CAP. - This feature is enabled only when BLE feature is enabled. - Handled signalling commands on channel id 5 to establish the connection of LE COC. - Implemented the SM for LE L2CAP channel to handle events from App layer and hci layer. - Introduced security levels for LE L2CAP channels. - Introduced tranport variable for major functions where BREDR and LE shares common data structures. - Implemented segmentation and reassembly of LE L2CAP SDU. - Introduced congestion mechanism for LE L2CAP channel - As the new LE L2CAP callbacks not required for existing BREDR services, made it as null for newly introduced LE L2CAP callbacks. - New APIs introduced for LE L2CAP connection establishment. - New APIs provided for LE L2CAP security procedure. - Relevent L2cap APIs from Test app interface exposed to the test tool. - New macros, definitions, structures introduced for LE L2CAP channel establishment/data tranfer. CRs-Fixed: 776657 Change-Id: I50a24374659f9802cbc92421db139f75f2790f2e 
LE L2CAP Connection Oriented Channel implementation for
credit based flow control on LE L2CAP.

- This feature is enabled only when BLE feature is enabled.
- Handled signalling commands on channel id 5 to establish
  the connection of LE COC.
- Implemented the SM for LE L2CAP channel to handle events
  from App layer and hci layer.
- Introduced security levels for LE L2CAP channels.
- Introduced tranport variable for major functions where
  BREDR and LE shares common data structures.
- Implemented segmentation and reassembly of LE L2CAP SDU.
- Introduced congestion mechanism for LE L2CAP channel
- As the new LE L2CAP callbacks not required for existing
  BREDR services, made it as null for newly introduced
  LE L2CAP callbacks.
- New APIs introduced for LE L2CAP connection establishment.
- New APIs provided for LE L2CAP security procedure.
- Relevent L2cap APIs from Test app interface exposed to the
  test tool.
- New macros, definitions, structures introduced for LE L2CAP
  channel establishment/data tranfer.

CRs-Fixed: 776657
Change-Id: I50a24374659f9802cbc92421db139f75f2790f2e
Merge commit '4bf68bf020c7fd1aabcdc4b5d8f5fbb8bacdec9d' into merge_work 2015-04-10T20:48:17+00:00 Prerepa Viswanadham dham@google.com 2015-04-10T20:48:17+00:00 b246a1a750c5a337faaa6033b39e78c8bdd4c2fb Change-Id: Ibc6d6e691b7f97611d16f96220346dfd6ffbbf52 
Change-Id: Ibc6d6e691b7f97611d16f96220346dfd6ffbbf52
Static code analysis cleanups and minor bug fixes 2015-04-07T01:14:22+00:00 VenkatRaghavan VijayaRaghavan venkatrv@broadcom.com 2015-02-05T12:40:47+00:00 4540f59bc447dc2b7b31a3e974b74a60b2417e7d - Fix for initializing all the un-initialized variables - Handling system call failure like socket,fcntl etc... - In btpan_tap_close validate tap_if_down and close the socket. - Invalid memset size, which could have potential memory issue - Change -1 to INVALID_FD where appropriate Bug: 19417758 Change-Id: Id31832f8678b2d72c80740c29b946a94e7ae0197 
- Fix for initializing all the un-initialized variables
- Handling system call failure like socket,fcntl etc...
- In btpan_tap_close validate tap_if_down and close the socket.
- Invalid memset size, which could have potential memory issue
- Change -1 to INVALID_FD where appropriate

Bug: 19417758
Change-Id: Id31832f8678b2d72c80740c29b946a94e7ae0197
Fix missing #includes needed for glibc 2015-04-02T22:22:14+00:00 Scott James Remnant keybuk@google.com 2015-04-02T22:22:14+00:00 933926c92e1378cc76bc9c149107e670c4872d4e Some standard library functions are used while relying on bionic headers including the headers the functions were actually declared on. Add those missing #includes so that bluetooth.default.so will compile on glibc. Change-Id: Ied9f89ce5a05911fca63f6bfe1b8cc8196ab3b1c 
Some standard library functions are used while relying on bionic headers
including the headers the functions were actually declared on. Add those
missing #includes so that bluetooth.default.so will compile on glibc.

Change-Id: Ied9f89ce5a05911fca63f6bfe1b8cc8196ab3b1c
Merge commit 'f7f839985b3931682363d2ef3b7c5cae55a842ee' into merge 2015-03-31T17:41:53+00:00 Etan Cohen etancohen@google.com 2015-03-31T17:41:53+00:00 e1a9e52ff59d36bd1bb5b7b3a02fafba6394edfe Change-Id: Iaaec1ea0bf3009b7e32a9a60f697631a3f56e889 
Change-Id: Iaaec1ea0bf3009b7e32a9a60f697631a3f56e889
Eliminate unusable wcassert code in favor of plain old C asssert. 2015-03-16T23:51:42+00:00 Sharvil Nanavati sharvil@google.com 2014-12-29T12:23:30+00:00 181932fad8b91dc6831222e5b616574c39a21565 The WC_* macros only expand to something meaningful when _DEBUG is also defined. However, on enabling _DEBUG, bluedroid fails to build because the wc_assert function is not defined anywhere. We can get what I imagine is the equivalent behavior by switching over to the standard C assert macro. 
The WC_* macros only expand to something meaningful when _DEBUG is
also defined. However, on enabling _DEBUG, bluedroid fails to build
because the wc_assert function is not defined anywhere. We can get
what I imagine is the equivalent behavior by switching over to the
standard C assert macro.