Prevent OOB read in rw_t3t_act_handle_ndef_detect_rsp()

Test: NFC enable/disable Bug: 120428041 Change-Id: Iecabf9c9b2115371f02eefe3bb1fd1c8875fed45 (cherry picked from commit 352f23a26c162d5482a11660ea38571b858e0fd4)
author: Jack Yu <jackcwyu@google.com> 2019-01-08 21:20:15 +0800
committer: android-build-team Robot <android-build-team-robot@google.com> 2019-03-15 23:11:05 +0000
commit: c955b35d7c14128df87e53ac440ae45b5d6464c0 (patch)
tree: d3fb07068de3b3a75a6495799db020678c59faed
parent: b2687f9105113bbae0a221508c44300d92af0ba9 (diff)
download: libnfc-nci-c955b35d7c14128df87e53ac440ae45b5d6464c0.tar.gz
1 files changed, 4 insertions, 0 deletions
diff --git a/src/nfc/tags/rw_t3t.c b/src/nfc/tags/rw_t3t.c
index b42bb22..429cc68 100644
--- a/src/nfc/tags/rw_t3t.c
+++ b/src/nfc/tags/rw_t3t.c
@@ -1288,6 +1288,10 @@ void rw_t3t_act_handle_ndef_detect_rsp (tRW_T3T_CB *p_cb, BT_HDR *p_msg_rsp)
     {
         evt_data.status = NFC_STATUS_FAILED;
     }
+    else if (p_msg_rsp->len < (T3T_MSG_RSP_OFFSET_CHECK_DATA + T3T_MSG_BLOCKSIZE)) {
+        evt_data.status = NFC_STATUS_FAILED;
+        android_errorWriteLog(0x534e4554, "120428041");
+    }
     else
     {
         /* Get checksum from received ndef attribute msg */
author	Jack Yu <jackcwyu@google.com>	2019-01-08 21:20:15 +0800
committer	android-build-team Robot <android-build-team-robot@google.com>	2019-03-15 23:11:05 +0000
commit	c955b35d7c14128df87e53ac440ae45b5d6464c0 (patch)
tree	d3fb07068de3b3a75a6495799db020678c59faed
parent	b2687f9105113bbae0a221508c44300d92af0ba9 (diff)
download	libnfc-nci-c955b35d7c14128df87e53ac440ae45b5d6464c0.tar.gz