OOBR in AnalyzeMfcResp in NxpMfcReader.cc Bug: 252763983 Test: build ok Change-Id: I91fa035ca6245e6039eeedb447d7e3306b7aebc5 (cherry picked from commit on googleplex-android-review.googlesource.com host: 69c53a6f1bca6d450e5100c1044114ffad615e5c) Merged-In: I91fa035ca6245e6039eeedb447d7e3306b7aebc5 (cherry picked from commit 1a027f523ff5cb69a71a5013082d84c40461b351)

commit: caf62b70b26c0c481cd2a7ec03926ab5dc2dc4cf [log] [tgz]
author: Alisher Alikhodjaev <alisher@google.com> Wed Mar 01 13:00:03 2023 -0800
committer: Fairphone ODM <fairphone-odm@localhost> Thu May 04 16:19:01 2023 +0800
tree: c56fb9355c421887e32dea918f8c750cdbcc0af3
parent: 124807cf4eb189d20f01c27dc8736e4ba92e48eb [diff]
diff --git a/pn8x/halimpl/mifare/NxpMfcReader.cc b/pn8x/halimpl/mifare/NxpMfcReader.cc
index 602a2b7..9ee49db 100644
--- a/pn8x/halimpl/mifare/NxpMfcReader.cc
+++ b/pn8x/halimpl/mifare/NxpMfcReader.cc

@@ -349,6 +349,10 @@
       } break;
 
       case eMfcAuthRsp: {
+        if (*pBufflen < 2) {
+          status = NFCSTATUS_FAILED;
+          break;
+        }
         /* check the status byte */
         if (NFCSTATUS_SUCCESS == pBuff[1]) {
           status = NFCSTATUS_SUCCESS;

diff --git a/snxxx/halimpl/mifare/NxpMfcReader.cc b/snxxx/halimpl/mifare/NxpMfcReader.cc
index 83fe1d9..7ac930b 100644
--- a/snxxx/halimpl/mifare/NxpMfcReader.cc
+++ b/snxxx/halimpl/mifare/NxpMfcReader.cc

@@ -353,6 +353,10 @@
       } break;
 
       case eMfcAuthRsp: {
+        if (*pBufflen < 2) {
+          status = NFCSTATUS_FAILED;
+          break;
+        }
         /* check the status byte */
         if (NFCSTATUS_SUCCESS == pBuff[1]) {
           status = NFCSTATUS_SUCCESS;
commit	caf62b70b26c0c481cd2a7ec03926ab5dc2dc4cf	[log] [tgz]
author	Alisher Alikhodjaev <alisher@google.com>	Wed Mar 01 13:00:03 2023 -0800
committer	Fairphone ODM <fairphone-odm@localhost>	Thu May 04 16:19:01 2023 +0800
tree	c56fb9355c421887e32dea918f8c750cdbcc0af3
parent	124807cf4eb189d20f01c27dc8736e4ba92e48eb [diff]