pool/bluez
SHA256
2
0
Fork 1
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
97cf2483b7
bluez/CVE-2016-9800-tool-hcidump-Fix-memory-leak-with-malformed-packet.patch
Stefan Seyfried 205bf4a19b Accepting request 606365 from home:acho:branches:Base:System 
Add patches for bsc#1013721 CVE-2016-9800 bsc#1013877 CVE-2016-9804

OBS-URL: https://build.opensuse.org/request/show/606365
OBS-URL: https://build.opensuse.org/package/show/Base:System/bluez?expand=0&rev=251
2018-05-14 17:33:44 +00:00

34 lines
980 B
Diff
Raw Blame History

From 5ca9510314d15d562e9ef5515a5483be5f28258d Mon Sep 17 00:00:00 2001
From: "Cho, Yu-Chen" <acho@suse.com>
Date: Wed, 21 Mar 2018 17:32:45 +0800
Subject: [PATCH BlueZ] tool/hcidump: Fix memory leak with malformed packet
Do not allow to read more then buffer size.
---
tools/parser/hci.c | 8 +++++++-
1 file changed, 7 insertions(+), 1 deletion(-)
diff --git a/tools/parser/hci.c b/tools/parser/hci.c
index 8c7bd2581..adfd9ab1d 100644
--- a/tools/parser/hci.c
+++ b/tools/parser/hci.c
@@ -988,8 +988,14 @@ static inline void pin_code_reply_dump(int level, struct frame *frm)
memset(pin, 0, sizeof(pin));
if (parser.flags & DUMP_NOVENDOR)
memset(pin, '*', cp->pin_len);
- else
+ else {
+ if (cp->pin_len > sizeof(pin)){
+ perror("Read failed");
+ exit(1);
+ }
+
memcpy(pin, cp->pin_code, cp->pin_len);
+ }
printf("bdaddr %s len %d pin \'%s\'\n", addr, cp->pin_len, pin);
}
--
2.16.2
Reference in New Issue View Git Blame Copy Permalink