Check if advertiserId value matches valid advertiser

Passing non-existing advertiserId can result in OOB Bug: 171400004 Change-Id: I4536abc50e15cfc72489e01f8907face967df263 (cherry picked from commit 389f39b3d331934fec7988dafc90c7b167d6aab3)
author: Jakub Pawlowski <jpawlowski@google.com> 2020-11-20 17:00:39 +0100
committer: mosimchah <mosimchah@gmail.com> 2021-02-06 22:55:11 -0500
commit: b236fd262458d79af76c787ef7feb118cb336fb8 (patch)
tree: fa4b29b8b352a566a07bf4a9ffd5e3e60fd71088
parent: 4e1e7b8c55acf6814a7295fa5ed4d3399ab45ab8 (diff)
1 files changed, 41 insertions, 1 deletions
diff --git a/src/com/android/bluetooth/gatt/AdvertiseManager.java b/src/com/android/bluetooth/gatt/AdvertiseManager.java
index 85917a47..b76d8619 100644
--- a/src/com/android/bluetooth/gatt/AdvertiseManager.java
+++ b/src/com/android/bluetooth/gatt/AdvertiseManager.java
@@ -217,7 +217,7 @@ class AdvertiseManager {
 
         Map.Entry<IBinder, AdvertiserInfo> entry = findAdvertiser(advertiserId);
         if (entry == null) {
-            Log.i(TAG, "onOwnAddressRead() - bad advertiserId " + advertiserId);
+            Log.w(TAG, "onOwnAddressRead() - bad advertiserId " + advertiserId);
             return;
         }
 
@@ -226,6 +226,11 @@ class AdvertiseManager {
     }
 
     void getOwnAddress(int advertiserId) {
+        Map.Entry<IBinder, AdvertiserInfo> entry = findAdvertiser(advertiserId);
+        if (entry == null) {
+            Log.w(TAG, "getOwnAddress() - bad advertiserId " + advertiserId);
+            return;
+        }
         getOwnAddressNative(advertiserId);
     }
 
@@ -260,37 +265,72 @@ class AdvertiseManager {
     }
 
     void enableAdvertisingSet(int advertiserId, boolean enable, int duration, int maxExtAdvEvents) {
+        Map.Entry<IBinder, AdvertiserInfo> entry = findAdvertiser(advertiserId);
+        if (entry == null) {
+            Log.w(TAG, "enableAdvertisingSet() - bad advertiserId " + advertiserId);
+            return;
+        }
         enableAdvertisingSetNative(advertiserId, enable, duration, maxExtAdvEvents);
     }
 
     void setAdvertisingData(int advertiserId, AdvertiseData data) {
+        Map.Entry<IBinder, AdvertiserInfo> entry = findAdvertiser(advertiserId);
+        if (entry == null) {
+            Log.w(TAG, "setAdvertisingData() - bad advertiserId " + advertiserId);
+            return;
+        }
         String deviceName = AdapterService.getAdapterService().getName();
         setAdvertisingDataNative(advertiserId,
                 AdvertiseHelper.advertiseDataToBytes(data, deviceName));
     }
 
     void setScanResponseData(int advertiserId, AdvertiseData data) {
+        Map.Entry<IBinder, AdvertiserInfo> entry = findAdvertiser(advertiserId);
+        if (entry == null) {
+            Log.w(TAG, "setScanResponseData() - bad advertiserId " + advertiserId);
+            return;
+        }
         String deviceName = AdapterService.getAdapterService().getName();
         setScanResponseDataNative(advertiserId,
                 AdvertiseHelper.advertiseDataToBytes(data, deviceName));
     }
 
     void setAdvertisingParameters(int advertiserId, AdvertisingSetParameters parameters) {
+        Map.Entry<IBinder, AdvertiserInfo> entry = findAdvertiser(advertiserId);
+        if (entry == null) {
+            Log.w(TAG, "setAdvertisingParameters() - bad advertiserId " + advertiserId);
+            return;
+        }
         setAdvertisingParametersNative(advertiserId, parameters);
     }
 
     void setPeriodicAdvertisingParameters(int advertiserId,
             PeriodicAdvertisingParameters parameters) {
+        Map.Entry<IBinder, AdvertiserInfo> entry = findAdvertiser(advertiserId);
+        if (entry == null) {
+            Log.w(TAG, "setPeriodicAdvertisingParameters() - bad advertiserId " + advertiserId);
+            return;
+        }
         setPeriodicAdvertisingParametersNative(advertiserId, parameters);
     }
 
     void setPeriodicAdvertisingData(int advertiserId, AdvertiseData data) {
+        Map.Entry<IBinder, AdvertiserInfo> entry = findAdvertiser(advertiserId);
+        if (entry == null) {
+            Log.w(TAG, "setPeriodicAdvertisingData() - bad advertiserId " + advertiserId);
+            return;
+        }
         String deviceName = AdapterService.getAdapterService().getName();
         setPeriodicAdvertisingDataNative(advertiserId,
                 AdvertiseHelper.advertiseDataToBytes(data, deviceName));
     }
 
     void setPeriodicAdvertisingEnable(int advertiserId, boolean enable) {
+        Map.Entry<IBinder, AdvertiserInfo> entry = findAdvertiser(advertiserId);
+        if (entry == null) {
+            Log.w(TAG, "setPeriodicAdvertisingEnable() - bad advertiserId " + advertiserId);
+            return;
+        }
         setPeriodicAdvertisingEnableNative(advertiserId, enable);
     }
author	Jakub Pawlowski <jpawlowski@google.com>	2020-11-20 17:00:39 +0100
committer	mosimchah <mosimchah@gmail.com>	2021-02-06 22:55:11 -0500
commit	b236fd262458d79af76c787ef7feb118cb336fb8 (patch)
tree	fa4b29b8b352a566a07bf4a9ffd5e3e60fd71088
parent	4e1e7b8c55acf6814a7295fa5ed4d3399ab45ab8 (diff)