diff options
author | Treehugger Robot <android-test-infra-autosubmit@system.gserviceaccount.com> | 2023-06-21 11:04:12 +0000 |
---|---|---|
committer | Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com> | 2023-06-21 11:04:12 +0000 |
commit | 0efc5a0b09e67d743b3465f4af3e3409da1f2853 (patch) | |
tree | dbe6a477ec6dd8d787a462e6c1a1a7b5dbf54f37 /pn8x/libese-spi/p73/lib/phNxpEseDataMgr.cpp | |
parent | dda0694630b9837a2d824e28c7d553c5e54243f6 (diff) | |
parent | 0ade407804ddcde95c3ea115822592fc7c4cbae7 (diff) | |
download | secure_element-0efc5a0b09e67d743b3465f4af3e3409da1f2853.tar.gz |
Merge "Fix for potential OOB write due to missing boundary check." am: 1d59235c78 am: 4fedde4020 am: 3ff29ccaf3 am: 0d97c00448 am: 0234dd89da am: 0ade407804
Original change: https://android-review.googlesource.com/c/platform/hardware/nxp/secure_element/+/2628856
Change-Id: I75b338c8e2cf197e894bdf3d3fff5a11d53c00c4
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
Diffstat (limited to 'pn8x/libese-spi/p73/lib/phNxpEseDataMgr.cpp')
-rwxr-xr-x | pn8x/libese-spi/p73/lib/phNxpEseDataMgr.cpp | 6 |
1 files changed, 5 insertions, 1 deletions
diff --git a/pn8x/libese-spi/p73/lib/phNxpEseDataMgr.cpp b/pn8x/libese-spi/p73/lib/phNxpEseDataMgr.cpp index 0213e18..ef0ca3a 100755 --- a/pn8x/libese-spi/p73/lib/phNxpEseDataMgr.cpp +++ b/pn8x/libese-spi/p73/lib/phNxpEseDataMgr.cpp @@ -1,6 +1,6 @@ /****************************************************************************** * - * Copyright 2018 NXP + * Copyright 2018,2023 NXP * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -79,6 +79,10 @@ ESESTATUS phNxpEse_GetData(uint32_t* data_len, uint8_t** pbuffer) { * ******************************************************************************/ ESESTATUS phNxpEse_StoreDatainList(uint32_t data_len, uint8_t* pbuff) { + if (data_len > MAX_DATA_LEN) { + ALOGE("%s Data length causes oob write error", __FUNCTION__); + return ESESTATUS_INVALID_RECEIVE_LENGTH; + } phNxpEse_sCoreRecvBuff_List_t* newNode = NULL; newNode = (phNxpEse_sCoreRecvBuff_List_t*)phNxpEse_memalloc( |