| commit | 4115fb1c275be86eb720cbc72fc4285b86d622c5 | [log] [tgz] |
|---|---|---|
| author | Alisher Alikhodjaev <alisher@google.com> | Wed Mar 01 12:50:11 2023 -0800 |
| committer | Bharath <bharath@teamb58.org> | Tue May 09 14:44:37 2023 +0530 |
| tree | 702a64f834ea28c20c72f6607eadf383af879e90 | |
| parent | 3035e39e3d5173e7ed0d22bd57ddb6227067fa01 [diff] |
OOBR in AnalyzeMfcResp in NxpMfcReader.cc Bug: 252763983 Test: build ok Merged-In: I91fa035ca6245e6039eeedb447d7e3306b7aebc5 Change-Id: I20b718a74afd2f4de23ee59716601f82190ea3f0 (cherry picked from commit on googleplex-android-review.googlesource.com host: 67e1db04f568cf50c90758272ceca93426aba932) Merged-In: I20b718a74afd2f4de23ee59716601f82190ea3f0
diff --git a/halimpl/mifare/NxpMfcReader.cc b/halimpl/mifare/NxpMfcReader.cc index 38b6bb5..5e4873e 100644 --- a/halimpl/mifare/NxpMfcReader.cc +++ b/halimpl/mifare/NxpMfcReader.cc
@@ -345,6 +345,10 @@ } break; case eMfcAuthRsp: { + if (*pBufflen < 2) { + status = NFCSTATUS_FAILED; + break; + } /* check the status byte */ if (NFCSTATUS_SUCCESS == pBuff[1]) { status = NFCSTATUS_SUCCESS;