Integrate security patch 2022-09-05-CVE-2022-25704
Change-Id: If35d28221cc8c2063e58571a25fa98aaf28474a0
diff --git a/stack/bnep/bnep_api.cc b/stack/bnep/bnep_api.cc
index 809d0b2..3cd8153 100644
--- a/stack/bnep/bnep_api.cc
+++ b/stack/bnep/bnep_api.cc
@@ -344,6 +344,12 @@
BNEP_MTU_SIZE);
osi_free(p_buf);
return (BNEP_MTU_EXCEDED);
+ } else if (p_buf->len < 2) {
+ BNEP_TRACE_ERROR("%s length %d too short, must be at least 2", __func__,
+ p_buf->len);
+ osi_free(p_buf);
+ return BNEP_IGNORE_CMD;
+
}
/* Check if the packet should be filtered out */
@@ -445,6 +451,11 @@
BNEP_TRACE_ERROR("%s length %d exceeded MTU %d", __func__, len,
BNEP_MTU_SIZE);
return (BNEP_MTU_EXCEDED);
+ } else if (len < 2) {
+ BNEP_TRACE_ERROR("%s length %d too short, must be at least 2", __func__,
+ len);
+ return BNEP_IGNORE_CMD;
+
}
if ((!handle) || (handle > BNEP_MAX_CONNECTIONS)) return (BNEP_WRONG_HANDLE);