Check if advertiserId value matches valid advertiser
Passing non-existing advertiserId can result in OOB
Bug: 171400004
Merged-In: I4536abc50e15cfc72489e01f8907face967df263
Change-Id: I4536abc50e15cfc72489e01f8907face967df263
diff --git a/src/com/android/bluetooth/gatt/AdvertiseManager.java b/src/com/android/bluetooth/gatt/AdvertiseManager.java
index f12cd89..f3ae59a 100644
--- a/src/com/android/bluetooth/gatt/AdvertiseManager.java
+++ b/src/com/android/bluetooth/gatt/AdvertiseManager.java
@@ -211,7 +211,7 @@
Map.Entry<IBinder, AdvertiserInfo> entry = findAdvertiser(advertiser_id);
if (entry == null) {
- Log.i(TAG, "onOwnAddressRead() - bad advertiser_id " + advertiser_id);
+ Log.w(TAG, "onOwnAddressRead() - bad advertiser_id " + advertiser_id);
return;
}
@@ -220,6 +220,11 @@
}
void getOwnAddress(int advertiserId) {
+ Map.Entry<IBinder, AdvertiserInfo> entry = findAdvertiser(advertiserId);
+ if (entry == null) {
+ Log.w(TAG, "getOwnAddress() - bad advertiserId " + advertiserId);
+ return;
+ }
getOwnAddressNative(advertiserId);
}
@@ -252,37 +257,72 @@
}
void enableAdvertisingSet(int advertiserId, boolean enable, int duration, int maxExtAdvEvents) {
+ Map.Entry<IBinder, AdvertiserInfo> entry = findAdvertiser(advertiserId);
+ if (entry == null) {
+ Log.w(TAG, "enableAdvertisingSet() - bad advertiserId " + advertiserId);
+ return;
+ }
enableAdvertisingSetNative(advertiserId, enable, duration, maxExtAdvEvents);
}
void setAdvertisingData(int advertiserId, AdvertiseData data) {
+ Map.Entry<IBinder, AdvertiserInfo> entry = findAdvertiser(advertiserId);
+ if (entry == null) {
+ Log.w(TAG, "setAdvertisingData() - bad advertiserId " + advertiserId);
+ return;
+ }
String deviceName = AdapterService.getAdapterService().getName();
setAdvertisingDataNative(
advertiserId, AdvertiseHelper.advertiseDataToBytes(data, deviceName));
}
void setScanResponseData(int advertiserId, AdvertiseData data) {
+ Map.Entry<IBinder, AdvertiserInfo> entry = findAdvertiser(advertiserId);
+ if (entry == null) {
+ Log.w(TAG, "setScanResponseData() - bad advertiserId " + advertiserId);
+ return;
+ }
String deviceName = AdapterService.getAdapterService().getName();
setScanResponseDataNative(
advertiserId, AdvertiseHelper.advertiseDataToBytes(data, deviceName));
}
void setAdvertisingParameters(int advertiserId, AdvertisingSetParameters parameters) {
+ Map.Entry<IBinder, AdvertiserInfo> entry = findAdvertiser(advertiserId);
+ if (entry == null) {
+ Log.w(TAG, "setAdvertisingParameters() - bad advertiserId " + advertiserId);
+ return;
+ }
setAdvertisingParametersNative(advertiserId, parameters);
}
void setPeriodicAdvertisingParameters(
int advertiserId, PeriodicAdvertisingParameters parameters) {
+ Map.Entry<IBinder, AdvertiserInfo> entry = findAdvertiser(advertiserId);
+ if (entry == null) {
+ Log.w(TAG, "setPeriodicAdvertisingParameters() - bad advertiserId " + advertiserId);
+ return;
+ }
setPeriodicAdvertisingParametersNative(advertiserId, parameters);
}
void setPeriodicAdvertisingData(int advertiserId, AdvertiseData data) {
+ Map.Entry<IBinder, AdvertiserInfo> entry = findAdvertiser(advertiserId);
+ if (entry == null) {
+ Log.w(TAG, "setPeriodicAdvertisingData() - bad advertiserId " + advertiserId);
+ return;
+ }
String deviceName = AdapterService.getAdapterService().getName();
setPeriodicAdvertisingDataNative(
advertiserId, AdvertiseHelper.advertiseDataToBytes(data, deviceName));
}
void setPeriodicAdvertisingEnable(int advertiserId, boolean enable) {
+ Map.Entry<IBinder, AdvertiserInfo> entry = findAdvertiser(advertiserId);
+ if (entry == null) {
+ Log.w(TAG, "setPeriodicAdvertisingEnable() - bad advertiserId " + advertiserId);
+ return;
+ }
setPeriodicAdvertisingEnableNative(advertiserId, enable);
}
