backports from android-security-15.0.0_r5 #50
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
In two locations in sdp_discovery.cc, log statements use structures that may, in exceptional cases, have been freed by preceding calls. This can lead to use after free and potentially to security vulnerabilities. Use local variables instead. Bug: 375408314 Bug: 375409435 Test: m libbluetooth Test: researcher POC Flag: EXEMPT trivial logic fix Ignore-AOSP-First: security Tag: #security (cherry picked from https://googleplex-android-review.googlesource.com/q/commit:bb2f54f9ed938267c2830da4a9d984529274d8a8) Merged-In: I1c8816721588acba9110257b61b4e993cf2720d6 Change-Id: I1c8816721588acba9110257b61b4e993cf2720d6
In the function process_service_search_attr_req of sdp_server.cc, a log statement uses a structure that may, in exceptional cases, have been freed by preceding calls. This can lead to use after free and potentially to security vulnerabilities. Use local variables instead. Bug: 375407167 Test: m libbluetooth Test: researcher POC Flag: EXEMPT trivial logic fix Ignore-AOSP-First: security Tag: #security (cherry picked from https://googleplex-android-review.googlesource.com/q/commit:f23300552c43a4f503debcf0236f29211ee1c557) Merged-In: I1037e592ab8910eeae5c28a41a53a2fc60a298d8 Change-Id: I1037e592ab8910eeae5c28a41a53a2fc60a298d8
In various locations around the stack, log statements use structures that may, in exceptional cases, have been freed by preceding calls. This can lead to use after free and potentially to security vulnerabilities. Use local variables instead, or store the length before the call if no local variable is already convenient. Bug: 375404242 Bug: 375398779 Bug: 375397720 Bug: 375397164 Bug: 375397370 Bug: 375396810 Bug: 375159652 Bug: 375160214 Bug: 375159480 Test: m libbluetooth Test: researcher POC Flag: EXEMPT trivial logic fix Ignore-AOSP-First: security Tag: #security (cherry picked from https://googleplex-android-review.googlesource.com/q/commit:43cfd234de9ba9557118b0014513269cc1aeefda) Merged-In: I6289907e86786eb2e10a163f7fb5d2557eab00bc Change-Id: I6289907e86786eb2e10a163f7fb5d2557eab00bc
According to the PBAP specification, The PSE user shall have to confirm at least the first Phone Book Access Profile connection from each new PCE. According to the MAP specification, The MCE and MSE shall be bonded before setting up a Message Access Profile connection. Let's remove the permissions when the device is unbonded. Flag: EXEMPT, security fix Bug: 289375038 Bug: 289811388 Test: atest BluetoothInstrumentationTests Ignore-AOSP-First: security fix (cherry picked from commit 771aed3ea225d9ca2ef91e88f45f330ced952772) (cherry picked from https://googleplex-android-review.googlesource.com/q/commit:8ef714b803127ca193773c6d032457c01c1963d6) Merged-In: I94478a4a45a434732d4bc4810da31ef45ef891af Change-Id: I94478a4a45a434732d4bc4810da31ef45ef891af
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
No description provided.