Gitiles
Code Review Sign In
gerrit-public.fairphone.software / platform / hardware / st / secure_element / refs/heads/int/13/fp4^1..refs/heads/int/13/fp4 / .
commit56982b79969baa1ef2e79689b2ab89abee17bc06[log] [tgz]
authorAndroid Build Coastguard Worker <android-build-coastguard-worker@google.com>Wed Apr 12 23:23:27 2023 +0000
committerAndroid Build Coastguard Worker <android-build-coastguard-worker@google.com>Wed Apr 12 23:23:27 2023 +0000
tree24c1e01f242bcf58db94d6d292eacfd6d7b75108
parent0cdcb46ac56e1801b17f083ee8eda1dc57797d18 [diff]
parent572566f562ad6070b803666627068f3eb255028e [diff]
Snap for 9929149 from 572566f562ad6070b803666627068f3eb255028e to tm-qpr3-release

Change-Id: I5d83206b5e87666ab4b07efbbf3d18402b92541d

diff --git a/1.0/SecureElement.cpp b/1.0/SecureElement.cpp
index a1bb997..7a71738 100644
--- a/1.0/SecureElement.cpp
+++ b/1.0/SecureElement.cpp

@@ -157,6 +157,13 @@
   memset(&resApduBuff, 0x00, sizeof(resApduBuff));
   STLOG_HAL_D("%s: Enter", __func__);
 
+  if (aid.size() > 16) {
+    STLOG_HAL_E("%s: Invalid AID size: %u", __func__, (unsigned)aid.size());
+    _hidl_cb(resApduBuff, SecureElementStatus::FAILED);
+    OpenLogicalChannelProcessing = false;
+    return Void();
+  }
+
   if (!isSeInitialized()) {
     STLOG_HAL_D("%s: Enter SeInitialized", __func__);
     ESESTATUS status = seHalInit();
@@ -308,6 +315,13 @@
   OpenBasicChannelProcessing = true;
   STLOG_HAL_D("%s: Enter", __func__);
 
+  if (aid.size() > 16) {
+    STLOG_HAL_E("%s: Invalid AID size: %u", __func__, (unsigned)aid.size());
+    _hidl_cb(result, SecureElementStatus::FAILED);
+    OpenBasicChannelProcessing = false;
+    return Void();
+  }
+
   if (!isSeInitialized()) {
     ESESTATUS status = seHalInit();
     if (status != ESESTATUS_SUCCESS) {

diff --git a/1.1/SecureElement.cpp b/1.1/SecureElement.cpp
index ba8c3b2..34b7e30 100644
--- a/1.1/SecureElement.cpp
+++ b/1.1/SecureElement.cpp

@@ -158,6 +158,13 @@
   memset(&resApduBuff, 0x00, sizeof(resApduBuff));
   STLOG_HAL_D("%s: Enter", __func__);
 
+  if (aid.size() > 16) {
+    STLOG_HAL_E("%s: Invalid AID size: %u", __func__, (unsigned)aid.size());
+    _hidl_cb(resApduBuff, SecureElementStatus::FAILED);
+    OpenLogicalChannelProcessing = false;
+    return Void();
+  }
+
   if (!isSeInitialized()) {
     STLOG_HAL_D("%s: Enter SeInitialized", __func__);
     ESESTATUS status = seHalInit();
@@ -297,6 +304,13 @@
   OpenBasicChannelProcessing = true;
   STLOG_HAL_D("%s: Enter", __func__);
 
+  if (aid.size() > 16) {
+    STLOG_HAL_E("%s: Invalid AID size: %u", __func__, (unsigned)aid.size());
+    _hidl_cb(result, SecureElementStatus::FAILED);
+    OpenBasicChannelProcessing = false;
+    return Void();
+  }
+
   if (!isSeInitialized()) {
     ESESTATUS status = seHalInit();
     if (status != ESESTATUS_SUCCESS) {

diff --git a/1.2/SecureElement.cpp b/1.2/SecureElement.cpp
index b8b020f..222f41e 100644
--- a/1.2/SecureElement.cpp
+++ b/1.2/SecureElement.cpp

@@ -163,6 +163,13 @@
   memset(&resApduBuff, 0x00, sizeof(resApduBuff));
   STLOG_HAL_D("%s: Enter", __func__);
 
+  if (aid.size() > 16) {
+    STLOG_HAL_E("%s: Invalid AID size: %u", __func__, (unsigned)aid.size());
+    _hidl_cb(resApduBuff, SecureElementStatus::FAILED);
+    OpenLogicalChannelProcessing = false;
+    return Void();
+  }
+
   if (!isSeInitialized()) {
     STLOG_HAL_D("%s: Enter SeInitialized", __func__);
     ESESTATUS status = seHalInit();
@@ -302,6 +309,13 @@
   OpenBasicChannelProcessing = true;
   STLOG_HAL_D("%s: Enter", __func__);
 
+  if (aid.size() > 16) {
+    STLOG_HAL_E("%s: Invalid AID size: %u", __func__, (unsigned)aid.size());
+    _hidl_cb(result, SecureElementStatus::FAILED);
+    OpenBasicChannelProcessing = false;
+    return Void();
+  }
+
   if (!isSeInitialized()) {
     ESESTATUS status = seHalInit();
     if (status != ESESTATUS_SUCCESS) {