commit | 4a615a23a4efcea0e13502933d34d4b7e39978e6 | [log] [tgz] |
---|---|---|
author | Alisher Alikhodjaev <alisher@google.com> | Wed Mar 01 13:00:03 2023 -0800 |
committer | android-t1 <android-t1@t2mobile.com> | Mon May 08 14:39:08 2023 +0800 |
tree | f2117a31825919ccd03926db4b331fc1503d834f | |
parent | b99a09096586252f8cd292f9b8c67af45e405bfd [diff] |
OOBR in AnalyzeMfcResp in NxpMfcReader.cc Bug: 252763983 Test: build ok Change-Id: I91fa035ca6245e6039eeedb447d7e3306b7aebc5 (cherry picked from commit on googleplex-android-review.googlesource.com host: 69c53a6f1bca6d450e5100c1044114ffad615e5c) Merged-In: I91fa035ca6245e6039eeedb447d7e3306b7aebc5
diff --git a/pn8x/halimpl/mifare/NxpMfcReader.cc b/pn8x/halimpl/mifare/NxpMfcReader.cc index 602a2b7..9ee49db 100644 --- a/pn8x/halimpl/mifare/NxpMfcReader.cc +++ b/pn8x/halimpl/mifare/NxpMfcReader.cc
@@ -349,6 +349,10 @@ } break; case eMfcAuthRsp: { + if (*pBufflen < 2) { + status = NFCSTATUS_FAILED; + break; + } /* check the status byte */ if (NFCSTATUS_SUCCESS == pBuff[1]) { status = NFCSTATUS_SUCCESS;
diff --git a/snxxx/halimpl/mifare/NxpMfcReader.cc b/snxxx/halimpl/mifare/NxpMfcReader.cc index ac0a0c3..7a2f46d 100644 --- a/snxxx/halimpl/mifare/NxpMfcReader.cc +++ b/snxxx/halimpl/mifare/NxpMfcReader.cc
@@ -383,6 +383,10 @@ } break; case eMfcAuthRsp: { + if (*pBufflen < 2) { + status = NFCSTATUS_FAILED; + break; + } /* check the status byte */ if (NFCSTATUS_SUCCESS == pBuff[1]) { status = NFCSTATUS_SUCCESS;