Google Git
Sign in
android / platform / system / nfc / refs/tags/q_tzdata_aml_295500002^1..refs/tags/q_tzdata_aml_295500002 / .
commit03bf3e54b05aead38d194ea6c5c625bfe863ffe6[log] [tgz]
authorAndroid Build Coastguard Worker <android-build-coastguard-worker@google.com>Thu Oct 13 08:02:57 2022 +0000
committerAndroid Build Coastguard Worker <android-build-coastguard-worker@google.com>Thu Oct 13 08:02:57 2022 +0000
treeea6d61675f0139e440c3188791e2271c7404b6c8
parent333d87993c91bf6fea3283994944eec2705d0a0e [diff]
parent6e2338cb88dae3f741ed3e1de7b674059cb74a61 [diff]
Snap for 9170954 from 6e2338cb88dae3f741ed3e1de7b674059cb74a61 to qt-aml-tzdata-release

Change-Id: I8d14f6228c951a42edfd5fd0a59353b75c8187d8

diff --git a/src/nfa/dm/nfa_dm_main.cc b/src/nfa/dm/nfa_dm_main.cc
index fe03a5b..18ca93c 100644
--- a/src/nfa/dm/nfa_dm_main.cc
+++ b/src/nfa/dm/nfa_dm_main.cc

@@ -25,6 +25,7 @@
 
 #include <android-base/stringprintf.h>
 #include <base/logging.h>
+#include <log/log.h>
 
 #include "nfa_api.h"
 #include "nfa_dm_int.h"
@@ -236,6 +237,12 @@
     len = *(p_tlv_list + xx + 1);
     p_value = p_tlv_list + xx + 2;
     p_cur_len = nullptr;
+    if (len > (tlv_list_len - xx - 2)) {
+      LOG(ERROR) << StringPrintf("error: invalid TLV length: t:0x%x, l:%d",
+                                 type, len);
+      android_errorWriteLog(0x534e4554, "221216105");
+      return NFA_STATUS_FAILED;
+    }
 
     switch (type) {
       /*

diff --git a/src/nfc/llcp/llcp_dlc.cc b/src/nfc/llcp/llcp_dlc.cc
index 5882b9a..baf6f72 100644
--- a/src/nfc/llcp/llcp_dlc.cc
+++ b/src/nfc/llcp/llcp_dlc.cc

@@ -648,14 +648,7 @@
      * i'e with improper length and service name "urn:nfc:sn:dta-co-echo-in",
      * the IUT should not send any PDU except SYMM PDU */
 
-    if (appl_dta_mode_flag == 1 &&
-        p_data[1] == strlen((const char*)&p_data[2])) {
-      DLOG_IF(INFO, nfc_debug_enabled)
-          << StringPrintf("%s: Strings are not equal", __func__);
-      llcp_util_send_dm(ssap, dsap, LLCP_SAP_DM_REASON_NO_SERVICE);
-    } else {
-      llcp_util_send_dm(ssap, dsap, LLCP_SAP_DM_REASON_NO_SERVICE);
-    }
+    llcp_util_send_dm(ssap, dsap, LLCP_SAP_DM_REASON_NO_SERVICE);
     return;
   }
 

diff --git a/src/nfc/nfc/nfc_ncif.cc b/src/nfc/nfc/nfc_ncif.cc
index f14e6f2..60cca32 100644
--- a/src/nfc/nfc/nfc_ncif.cc
+++ b/src/nfc/nfc/nfc_ncif.cc

@@ -1253,6 +1253,11 @@
   tNFC_EE_DISCOVER_INFO* p_info;
   uint8_t u8;
 
+  if (!plen) {
+    android_errorWriteLog(0x534e4554, "221856662");
+    return;
+  }
+
   DLOG_IF(INFO, nfc_debug_enabled)
       << StringPrintf("nfc_ncif_proc_ee_discover_req %d len:%d", *p, plen);
 

diff --git a/src/nfc/tags/ce_t4t.cc b/src/nfc/tags/ce_t4t.cc
index 691ac05..19dfa96 100644
--- a/src/nfc/tags/ce_t4t.cc
+++ b/src/nfc/tags/ce_t4t.cc

@@ -629,6 +629,7 @@
     } else {
       GKI_freebuf(p_c_apdu);
       ce_t4t_send_status(T4T_RSP_NOT_FOUND);
+      return;
     }
   } else if (ce_cb.mem.t4t.status & CE_T4T_STATUS_WILDCARD_AID_SELECTED) {
     DLOG_IF(INFO, nfc_debug_enabled)