Security fix for out of bound read in p2p_invite Check the p2p GO device address length before sending the invite request to core supplicant. Bug: 274443441 Test: Compile Test: Manual - P2P persistent connection Change-Id: I00f8ba9bea7bd36b52ae66250233230cac22ae83

commit: 947b5e2ed339224aa5f3751ca3b22370face0967 [log] [tgz]
author: Sunil Ravi <sunilravi@google.com> Mon Apr 03 23:01:54 2023 +0000
committer: Sunil Ravi <sunilravi@google.com> Mon Apr 03 23:01:54 2023 +0000
tree: 7aa3f027779b2317082ccf66579b25f7385c08b6
parent: 5db78de1d32fff0e24eda6de64f6c1b6e5f1fa57 [diff]
diff --git a/wpa_supplicant/aidl/p2p_iface.cpp b/wpa_supplicant/aidl/p2p_iface.cpp
index 2afd75b..a48fcb3 100644
--- a/wpa_supplicant/aidl/p2p_iface.cpp
+++ b/wpa_supplicant/aidl/p2p_iface.cpp

@@ -1117,7 +1117,7 @@
 	const std::vector<uint8_t>& peer_address)
 {
 	struct wpa_supplicant* wpa_s = retrieveIfacePtr();
-	if (peer_address.size() != ETH_ALEN) {
+	if (go_device_address.size() != ETH_ALEN || peer_address.size() != ETH_ALEN) {
 		return {createStatus(SupplicantStatusCode::FAILURE_UNKNOWN)};
 	}
 	if (wpas_p2p_invite_group(
commit	947b5e2ed339224aa5f3751ca3b22370face0967	[log] [tgz]
author	Sunil Ravi <sunilravi@google.com>	Mon Apr 03 23:01:54 2023 +0000
committer	Sunil Ravi <sunilravi@google.com>	Mon Apr 03 23:01:54 2023 +0000
tree	7aa3f027779b2317082ccf66579b25f7385c08b6
parent	5db78de1d32fff0e24eda6de64f6c1b6e5f1fa57 [diff]