pool/bluez
SHA256
2
0
Fork 1
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
636d87e94e
bluez/CVE-2016-9800-tool-hcidump-Fix-memory-leak-with-malformed-packet.patch

35 lines
1.2 KiB
Diff
Raw Normal View History

Accepting request 741493 from home:seife:testing add 0001-mesh-Fix-segmentation-fault-on-Join-call.patch (boo#1152672) OBS-URL: https://build.opensuse.org/request/show/741493 OBS-URL: https://build.opensuse.org/package/show/Base:System/bluez?expand=0&rev=277
2019-10-21 14:23:56 +02:00
# Upstream suggests to use btmon instead of hcidump and does not want those patches
# => PATCH-FIX-OPENSUSE for those two :-)
# fix some memory leak with malformed packet (reported upstream but not yet fixed)
From 5ca9510314d15d562e9ef5515a5483be5f28258d Mon Sep 17 00:00:00 2001
From: "Cho, Yu-Chen" <acho@suse.com>
Date: Wed, 21 Mar 2018 17:32:45 +0800
Subject: [PATCH BlueZ] tool/hcidump: Fix memory leak with malformed packet
Do not allow to read more then buffer size.
---
tools/parser/hci.c | 8 +++++++-
1 file changed, 7 insertions(+), 1 deletion(-)
- update to 5.65: * Fix issue with A2DP cache invalidation handling. * Fix issue with A2DP and not initialized SEP codec. * Fix issue with A2DP and multiple SetConfiguration to same SEP * Fix issue with AVRCP and not properly initialized volume. * Fix issue with SDP records when operating in LE only mode. * Fix issue with HoG and not reading report map of instances. * Fix issue with GATT server crashing while disconnecting. * Fix issue with not removing connected devices. * Fix issue with enabling wake support without RPA Resolution. * Fix issue with pairing failed due to the error of Already Paired. * Add support for CONFIGURATION_DIRECTORY environment variable. * Add support for STATE_DIRECTORY environment variable. * Add support for "Bonded" property with Device API. * Add experimental support for ISO socket. - drop bluez-test-2to3.diff (obsolete/upstream) OBS-URL: https://build.opensuse.org/package/show/Base:System/bluez?expand=0&rev=330
2022-08-17 22:39:29 +02:00
Index: bluez-5.65/tools/parser/hci.c
- update to 5.55: * Fix issue with handling security level for HoG. * Fix issue with handling HIDSDPDisable attribute. * Fix issue with handling HID virtual cable unplug. * Fix issue with handling HID channel disconnect order. * Fix issue with handling AVDTP delay reporting states. * Fix issue with handling AVRCP notification events. * Fix issue with handling AVRCP list player attributes. * Fix issue with handling AVRCP category 1 player settings. * Fix issue with handling AVRCP media player passthrough bitmask. * Fix issue with handling HFP 1.7 default features. * Fix issue with handling GATT disconnecting handling. * Fix issue with handling GATT database hash. * Fix issue with handling service changed characteristic. * Fix issue with handling read of multiple characteristic values. * Fix issue with handling Just-Works auto-accept pairing. * Fix issue with handling authentication of bonded devices. * Fix issue with handling L2CAP streaming mode for AVDTP. * Fix issue with handling SysEx parser for MIDI support. * Fix issue with handling configured scan parameter values. * Fix issue with handling temporary devices removal. * Fix issue with handling advertising flags. - remove input-hog-Attempt-to-set-security-level-if-not-bonde.patch, input-Add-LEAutoSecurity-setting-to-input.conf.patch: upstream - use autopatch, spec-cleaner OBS-URL: https://build.opensuse.org/package/show/Base:System/bluez?expand=0&rev=296
2020-09-10 08:23:18 +02:00
===================================================================
- update to 5.65: * Fix issue with A2DP cache invalidation handling. * Fix issue with A2DP and not initialized SEP codec. * Fix issue with A2DP and multiple SetConfiguration to same SEP * Fix issue with AVRCP and not properly initialized volume. * Fix issue with SDP records when operating in LE only mode. * Fix issue with HoG and not reading report map of instances. * Fix issue with GATT server crashing while disconnecting. * Fix issue with not removing connected devices. * Fix issue with enabling wake support without RPA Resolution. * Fix issue with pairing failed due to the error of Already Paired. * Add support for CONFIGURATION_DIRECTORY environment variable. * Add support for STATE_DIRECTORY environment variable. * Add support for "Bonded" property with Device API. * Add experimental support for ISO socket. - drop bluez-test-2to3.diff (obsolete/upstream) OBS-URL: https://build.opensuse.org/package/show/Base:System/bluez?expand=0&rev=330
2022-08-17 22:39:29 +02:00
--- bluez-5.65.orig/tools/parser/hci.c
+++ bluez-5.65/tools/parser/hci.c
@@ -976,8 +976,14 @@ static inline void pin_code_reply_dump(i
Accepting request 741493 from home:seife:testing add 0001-mesh-Fix-segmentation-fault-on-Join-call.patch (boo#1152672) OBS-URL: https://build.opensuse.org/request/show/741493 OBS-URL: https://build.opensuse.org/package/show/Base:System/bluez?expand=0&rev=277
2019-10-21 14:23:56 +02:00
memset(pin, 0, sizeof(pin));
if (parser.flags & DUMP_NOVENDOR)
memset(pin, '*', cp->pin_len);
- else
+ else {
+ if (cp->pin_len > sizeof(pin)){
+ perror("Read failed");
+ exit(1);
+ }
+
memcpy(pin, cp->pin_code, cp->pin_len);
+ }
printf("bdaddr %s len %d pin \'%s\'\n", addr, cp->pin_len, pin);
}
Reference in New Issue Copy Permalink