Snap for 9929149 from 572566f562ad6070b803666627068f3eb255028e to tm-qpr3-c-releaseandroid-13.0.0_r82 android-13.0.0_r81 android-13.0.0_r80 android-13.0.0_r74 android-13.0.0_r73 android-13.0.0_r72 android-13.0.0_r66 android-13.0.0_r65 android-13.0.0_r64 android-13.0.0_r60 android-13.0.0_r59 android-13.0.0_r58 android13-qpr3-c-s8-release android13-qpr3-c-s7-release android13-qpr3-c-s6-release android13-qpr3-c-s5-release android13-qpr3-c-s4-release android13-qpr3-c-s3-release android13-qpr3-c-s2-release android13-qpr3-c-s12-release android13-qpr3-c-s11-release android13-qpr3-c-s10-release android13-qpr3-c-s1-release

Change-Id: I8b4b35db6719b4f7c6e21ef33551b49fa3ac8e4d
author: Android Build Coastguard Worker <android-build-coastguard-worker@google.com> 2023-04-14 08:11:31 +0000
committer: Android Build Coastguard Worker <android-build-coastguard-worker@google.com> 2023-04-14 08:11:31 +0000
commit: 67f9ad55333fa380095c4478b246848483d46aaf (patch)
tree: 24c1e01f242bcf58db94d6d292eacfd6d7b75108
parent: e69d04f02edf88af6ed2bca1c2eb7719d9abc155 (diff)
parent: 572566f562ad6070b803666627068f3eb255028e (diff)
download: secure_element-android13-qpr3-c-s12-release.tar.gz
3 files changed, 42 insertions, 0 deletions
diff --git a/1.0/SecureElement.cpp b/1.0/SecureElement.cpp
index a1bb997..7a71738 100644
--- a/1.0/SecureElement.cpp
+++ b/1.0/SecureElement.cpp
@@ -157,6 +157,13 @@ Return<void> SecureElement::openLogicalChannel(const hidl_vec<uint8_t>& aid,
   memset(&resApduBuff, 0x00, sizeof(resApduBuff));
   STLOG_HAL_D("%s: Enter", __func__);
 
+  if (aid.size() > 16) {
+    STLOG_HAL_E("%s: Invalid AID size: %u", __func__, (unsigned)aid.size());
+    _hidl_cb(resApduBuff, SecureElementStatus::FAILED);
+    OpenLogicalChannelProcessing = false;
+    return Void();
+  }
+
   if (!isSeInitialized()) {
     STLOG_HAL_D("%s: Enter SeInitialized", __func__);
     ESESTATUS status = seHalInit();
@@ -308,6 +315,13 @@ Return<void> SecureElement::openBasicChannel(const hidl_vec<uint8_t>& aid,
   OpenBasicChannelProcessing = true;
   STLOG_HAL_D("%s: Enter", __func__);
 
+  if (aid.size() > 16) {
+    STLOG_HAL_E("%s: Invalid AID size: %u", __func__, (unsigned)aid.size());
+    _hidl_cb(result, SecureElementStatus::FAILED);
+    OpenBasicChannelProcessing = false;
+    return Void();
+  }
+
   if (!isSeInitialized()) {
     ESESTATUS status = seHalInit();
     if (status != ESESTATUS_SUCCESS) {
diff --git a/1.1/SecureElement.cpp b/1.1/SecureElement.cpp
index ba8c3b2..34b7e30 100644
--- a/1.1/SecureElement.cpp
+++ b/1.1/SecureElement.cpp
@@ -158,6 +158,13 @@ Return<void> SecureElement::openLogicalChannel(const hidl_vec<uint8_t>& aid,
   memset(&resApduBuff, 0x00, sizeof(resApduBuff));
   STLOG_HAL_D("%s: Enter", __func__);
 
+  if (aid.size() > 16) {
+    STLOG_HAL_E("%s: Invalid AID size: %u", __func__, (unsigned)aid.size());
+    _hidl_cb(resApduBuff, SecureElementStatus::FAILED);
+    OpenLogicalChannelProcessing = false;
+    return Void();
+  }
+
   if (!isSeInitialized()) {
     STLOG_HAL_D("%s: Enter SeInitialized", __func__);
     ESESTATUS status = seHalInit();
@@ -297,6 +304,13 @@ Return<void> SecureElement::openBasicChannel(const hidl_vec<uint8_t>& aid,
   OpenBasicChannelProcessing = true;
   STLOG_HAL_D("%s: Enter", __func__);
 
+  if (aid.size() > 16) {
+    STLOG_HAL_E("%s: Invalid AID size: %u", __func__, (unsigned)aid.size());
+    _hidl_cb(result, SecureElementStatus::FAILED);
+    OpenBasicChannelProcessing = false;
+    return Void();
+  }
+
   if (!isSeInitialized()) {
     ESESTATUS status = seHalInit();
     if (status != ESESTATUS_SUCCESS) {
diff --git a/1.2/SecureElement.cpp b/1.2/SecureElement.cpp
index b8b020f..222f41e 100644
--- a/1.2/SecureElement.cpp
+++ b/1.2/SecureElement.cpp
@@ -163,6 +163,13 @@ Return<void> SecureElement::openLogicalChannel(const hidl_vec<uint8_t>& aid,
   memset(&resApduBuff, 0x00, sizeof(resApduBuff));
   STLOG_HAL_D("%s: Enter", __func__);
 
+  if (aid.size() > 16) {
+    STLOG_HAL_E("%s: Invalid AID size: %u", __func__, (unsigned)aid.size());
+    _hidl_cb(resApduBuff, SecureElementStatus::FAILED);
+    OpenLogicalChannelProcessing = false;
+    return Void();
+  }
+
   if (!isSeInitialized()) {
     STLOG_HAL_D("%s: Enter SeInitialized", __func__);
     ESESTATUS status = seHalInit();
@@ -302,6 +309,13 @@ Return<void> SecureElement::openBasicChannel(const hidl_vec<uint8_t>& aid,
   OpenBasicChannelProcessing = true;
   STLOG_HAL_D("%s: Enter", __func__);
 
+  if (aid.size() > 16) {
+    STLOG_HAL_E("%s: Invalid AID size: %u", __func__, (unsigned)aid.size());
+    _hidl_cb(result, SecureElementStatus::FAILED);
+    OpenBasicChannelProcessing = false;
+    return Void();
+  }
+
   if (!isSeInitialized()) {
     ESESTATUS status = seHalInit();
     if (status != ESESTATUS_SUCCESS) {
author	Android Build Coastguard Worker <android-build-coastguard-worker@google.com>	2023-04-14 08:11:31 +0000
committer	Android Build Coastguard Worker <android-build-coastguard-worker@google.com>	2023-04-14 08:11:31 +0000
commit	67f9ad55333fa380095c4478b246848483d46aaf (patch)
tree	24c1e01f242bcf58db94d6d292eacfd6d7b75108
parent	e69d04f02edf88af6ed2bca1c2eb7719d9abc155 (diff)
parent	572566f562ad6070b803666627068f3eb255028e (diff)
download	secure_element-android13-qpr3-c-s12-release.tar.gz