Integrate security patch 2022-09-05-CVE-2022-25704 Change-Id: If35d28221cc8c2063e58571a25fa98aaf28474a0

commit: 7898c80c4209541eadaa548af16d580311c74033 [log] [tgz]
author: android-t1 <xiaocong.gu@t2mobile.com> Mon Sep 05 17:08:22 2022 +0800
committer: android-t1 <xiaocong.gu@t2mobile.com> Tue Sep 06 15:23:06 2022 +0800
tree: 63199ba122a8fb3f777a3dfb7805e776c8959ca1
parent: 9bdf76a4e3173d861620bf1d6b91be2bdf290f08 [diff]
diff --git a/stack/bnep/bnep_api.cc b/stack/bnep/bnep_api.cc
index 809d0b2..3cd8153 100644
--- a/stack/bnep/bnep_api.cc
+++ b/stack/bnep/bnep_api.cc

@@ -344,6 +344,12 @@
                      BNEP_MTU_SIZE);
     osi_free(p_buf);
     return (BNEP_MTU_EXCEDED);
+  } else if (p_buf->len < 2) {
+    BNEP_TRACE_ERROR("%s length %d too short, must be at least 2", __func__,
+                     p_buf->len);
+    osi_free(p_buf);
+    return BNEP_IGNORE_CMD;
+
   }
 
   /* Check if the packet should be filtered out */
@@ -445,6 +451,11 @@
     BNEP_TRACE_ERROR("%s length %d exceeded MTU %d", __func__, len,
                      BNEP_MTU_SIZE);
     return (BNEP_MTU_EXCEDED);
+  } else if (len < 2) {
+    BNEP_TRACE_ERROR("%s length %d too short, must be at least 2", __func__,
+                     len);
+    return BNEP_IGNORE_CMD;
+
   }
 
   if ((!handle) || (handle > BNEP_MAX_CONNECTIONS)) return (BNEP_WRONG_HANDLE);
commit	7898c80c4209541eadaa548af16d580311c74033	[log] [tgz]
author	android-t1 <xiaocong.gu@t2mobile.com>	Mon Sep 05 17:08:22 2022 +0800
committer	android-t1 <xiaocong.gu@t2mobile.com>	Tue Sep 06 15:23:06 2022 +0800
tree	63199ba122a8fb3f777a3dfb7805e776c8959ca1
parent	9bdf76a4e3173d861620bf1d6b91be2bdf290f08 [diff]