-
-
Notifications
You must be signed in to change notification settings - Fork 8
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Fix multiple OOB bugs resulted from tx mtu in EATT
The tx mtu in EATT can be controlled by remote device. With malicious mtu values, it is possible to trigger integer overflow and OOB write at multiple places (see the bug below). This fix enforces a max tx mtu in EATT. Bug: 271335899 Test: manual Ignore-AOSP-First: security Tag: #security (cherry picked from https://googleplex-android-review.googlesource.com/q/commit:ea76b7d99e6366e2043c5621eda630d559104d36) Merged-In: Ia06c9a17f2daa5ce4c32cffa536777f47774cf31 Change-Id: Ia06c9a17f2daa5ce4c32cffa536777f47774cf31
- Loading branch information
1 parent
ce2776f
commit 585f583
Showing
2 changed files
with
8 additions
and
3 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters