Merge "[Security bug fix] Added peer address check" into tm-qpr-dev

commit: 70e882214723d6fdc549cd96b5961e960f483c49 [log] [tgz]
author: TreeHugger Robot <treehugger-gerrit@google.com> Thu Jan 12 17:49:26 2023 +0000
committer: Android (Google) Code Review <android-gerrit@google.com> Thu Jan 12 17:49:26 2023 +0000
tree: a266ace9dfeacdeaee6de9b71f4beca2e0a9db85
parent: c55112f265a524cdebd2f6a283fd33721b5f9723 [diff]
parent: bb7c3305c0171b153a66158c46f63151204d7b8e [diff]
diff --git a/wpa_supplicant/aidl/p2p_iface.cpp b/wpa_supplicant/aidl/p2p_iface.cpp
index e7e2bf5..5f992de 100644
--- a/wpa_supplicant/aidl/p2p_iface.cpp
+++ b/wpa_supplicant/aidl/p2p_iface.cpp

@@ -1490,6 +1490,10 @@
 	const std::vector<uint8_t>& peer_address)
 {
 	struct wpa_supplicant* wpa_s = retrieveIfacePtr();
+	if (peer_address.size() != ETH_ALEN) {
+		return {std::vector<uint8_t>(),
+			createStatus(SupplicantStatusCode::FAILURE_UNKNOWN)};
+	}
 	const struct p2p_peer_info* info =
 		p2p_get_peer_info(wpa_s->global->p2p, peer_address.data(), 0);
 	if (!info) {
@@ -1512,6 +1516,10 @@
 	const std::vector<uint8_t>& peer_address)
 {
 	struct wpa_supplicant* wpa_s = retrieveIfacePtr();
+	if (peer_address.size() != ETH_ALEN) {
+		return {static_cast<P2pGroupCapabilityMask>(0),
+			createStatus(SupplicantStatusCode::FAILURE_UNKNOWN)};
+	}
 	const struct p2p_peer_info* info =
 		p2p_get_peer_info(wpa_s->global->p2p, peer_address.data(), 0);
 	if (!info) {
commit	70e882214723d6fdc549cd96b5961e960f483c49	[log] [tgz]
author	TreeHugger Robot <treehugger-gerrit@google.com>	Thu Jan 12 17:49:26 2023 +0000
committer	Android (Google) Code Review <android-gerrit@google.com>	Thu Jan 12 17:49:26 2023 +0000
tree	a266ace9dfeacdeaee6de9b71f4beca2e0a9db85
parent	c55112f265a524cdebd2f6a283fd33721b5f9723 [diff]
parent	bb7c3305c0171b153a66158c46f63151204d7b8e [diff]