Merge tag 'android-13.0.0_r43' into int/13/fp3 Android 13.0.0 release 43 * tag 'android-13.0.0_r43': OOBR in AnalyzeMfcResp in NxpMfcReader.cc Change-Id: Ife83235039a14d6412b0a073ba03989d5d266e3f

commit: a8d70d6d69134be49feaaec2f35df709a284f4db [log] [tgz]
author: Bharath <bharath@teamb58.org> Tue May 02 12:47:15 2023 +0530
committer: Bharath <bharath@teamb58.org> Tue May 02 12:47:15 2023 +0530
tree: f2117a31825919ccd03926db4b331fc1503d834f
parent: 7147c2a903f8fd5a70768ff055d5438910feb0dd [diff]
parent: 67e9823cf953f055d70461c757c3f42e63cb4175 [diff]
diff --git a/pn8x/halimpl/mifare/NxpMfcReader.cc b/pn8x/halimpl/mifare/NxpMfcReader.cc
index 602a2b7..9ee49db 100644
--- a/pn8x/halimpl/mifare/NxpMfcReader.cc
+++ b/pn8x/halimpl/mifare/NxpMfcReader.cc

@@ -349,6 +349,10 @@
       } break;
 
       case eMfcAuthRsp: {
+        if (*pBufflen < 2) {
+          status = NFCSTATUS_FAILED;
+          break;
+        }
         /* check the status byte */
         if (NFCSTATUS_SUCCESS == pBuff[1]) {
           status = NFCSTATUS_SUCCESS;

diff --git a/snxxx/halimpl/mifare/NxpMfcReader.cc b/snxxx/halimpl/mifare/NxpMfcReader.cc
index ac0a0c3..7a2f46d 100644
--- a/snxxx/halimpl/mifare/NxpMfcReader.cc
+++ b/snxxx/halimpl/mifare/NxpMfcReader.cc

@@ -383,6 +383,10 @@
       } break;
 
       case eMfcAuthRsp: {
+        if (*pBufflen < 2) {
+          status = NFCSTATUS_FAILED;
+          break;
+        }
         /* check the status byte */
         if (NFCSTATUS_SUCCESS == pBuff[1]) {
           status = NFCSTATUS_SUCCESS;
commit	a8d70d6d69134be49feaaec2f35df709a284f4db	[log] [tgz]
author	Bharath <bharath@teamb58.org>	Tue May 02 12:47:15 2023 +0530
committer	Bharath <bharath@teamb58.org>	Tue May 02 12:47:15 2023 +0530
tree	f2117a31825919ccd03926db4b331fc1503d834f
parent	7147c2a903f8fd5a70768ff055d5438910feb0dd [diff]
parent	67e9823cf953f055d70461c757c3f42e63cb4175 [diff]