SHA256
1
0
forked from pool/bluez
bluez/CVE-2016-9800-tool-hcidump-Fix-memory-leak-with-malformed-packet.patch

35 lines
1.2 KiB
Diff
Raw Normal View History

# Upstream suggests to use btmon instead of hcidump and does not want those patches
# => PATCH-FIX-OPENSUSE for those two :-)
# fix some memory leak with malformed packet (reported upstream but not yet fixed)
From 5ca9510314d15d562e9ef5515a5483be5f28258d Mon Sep 17 00:00:00 2001
From: "Cho, Yu-Chen" <acho@suse.com>
Date: Wed, 21 Mar 2018 17:32:45 +0800
Subject: [PATCH BlueZ] tool/hcidump: Fix memory leak with malformed packet
Do not allow to read more then buffer size.
---
tools/parser/hci.c | 8 +++++++-
1 file changed, 7 insertions(+), 1 deletion(-)
Index: bluez-5.65/tools/parser/hci.c
===================================================================
--- bluez-5.65.orig/tools/parser/hci.c
+++ bluez-5.65/tools/parser/hci.c
@@ -976,8 +976,14 @@ static inline void pin_code_reply_dump(i
memset(pin, 0, sizeof(pin));
if (parser.flags & DUMP_NOVENDOR)
memset(pin, '*', cp->pin_len);
- else
+ else {
+ if (cp->pin_len > sizeof(pin)){
+ perror("Read failed");
+ exit(1);
+ }
+
memcpy(pin, cp->pin_code, cp->pin_len);
+ }
printf("bdaddr %s len %d pin \'%s\'\n", addr, cp->pin_len, pin);
}