Merge "Fix for potential OOB write due to missing boundary check." am: 1d59235c78 am: 4fedde4020 am: 3ff29ccaf3 am: 0d97c00448 am: 0234dd89da am: 0ade407804

Original change: https://android-review.googlesource.com/c/platform/hardware/nxp/secure_element/+/2628856

Change-Id: I75b338c8e2cf197e894bdf3d3fff5a11d53c00c4
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>

1 files changed, 5 insertions, 1 deletions

diff --git a/pn8x/libese-spi/p73/lib/phNxpEseDataMgr.cpp b/pn8x/libese-spi/p73/lib/phNxpEseDataMgr.cpp
index 0213e18..ef0ca3a 100755
--- a/pn8x/libese-spi/p73/lib/phNxpEseDataMgr.cpp
+++ b/pn8x/libese-spi/p73/lib/phNxpEseDataMgr.cpp
@@ -1,6 +1,6 @@
 /******************************************************************************
  *
- *  Copyright 2018 NXP
+ *  Copyright 2018,2023 NXP
  *
  *  Licensed under the Apache License, Version 2.0 (the "License");
  *  you may not use this file except in compliance with the License.
@@ -79,6 +79,10 @@ ESESTATUS phNxpEse_GetData(uint32_t* data_len, uint8_t** pbuffer) {
  *
  ******************************************************************************/
 ESESTATUS phNxpEse_StoreDatainList(uint32_t data_len, uint8_t* pbuff) {
+  if (data_len > MAX_DATA_LEN) {
+    ALOGE("%s Data length causes oob write error", __FUNCTION__);
+    return ESESTATUS_INVALID_RECEIVE_LENGTH;
+  }
   phNxpEse_sCoreRecvBuff_List_t* newNode = NULL;
 
   newNode = (phNxpEse_sCoreRecvBuff_List_t*)phNxpEse_memalloc(