FPII-2585: Elevation of privilege vulnerability in Wi-Fi CVE-2016-6772 A-31856351
wifinative jni: check array length to prevent stack overflow
params.ap is an array with length MAX_HOTLIST_APS == 128
We should check that params.num_bssid does not exceed this value,
otherwise this could be a stack overflow security vulnerability.
CTS will be added in another CL.
Bug: 31856351
Test: compile, unit tests, manual test
Test: SafetyNet log not triggered under non-exploit conditions
Test: POC executable does not crash wifi anymore.
(cherry picked from commit a5a18239096f6faee80f15f3fff39c3311898484)
Change-Id: Id45fdcf1b7c59c3737f6f33c92d424fb64072c83
1 file changed
tree: 74852341bfeaad786e9ac222daf1df9f4022fda9
- service/