forked from pool/bluez
Marcus Meissner
c54147dd3a
* Fix issue with handling notification of scanned BISes to BASS * Fix issue with handling checking BIS caps against peer caps. * Fix issue with handling MGMT Set Device Flags overwrites. * Fix issue with handling ASE notification order. * Fix issue with handling BIG Info report events. * Fix issue with handling PACS Server role. * Fix issue with registering UHID_START multiple times. * Fix issue with pairing method not setting auto-connect. - Fix 3 rpmlint warnings, some configuration files were not marked as so. OBS-URL: https://build.opensuse.org/package/show/Base:System/bluez?expand=0&rev=375
35 lines
1.2 KiB
Diff
35 lines
1.2 KiB
Diff
# Upstream suggests to use btmon instead of hcidump and does not want those patches
|
|
# => PATCH-FIX-OPENSUSE for those two :-)
|
|
# fix some memory leak with malformed packet (reported upstream but not yet fixed)
|
|
|
|
From 5ca9510314d15d562e9ef5515a5483be5f28258d Mon Sep 17 00:00:00 2001
|
|
From: "Cho, Yu-Chen" <acho@suse.com>
|
|
Date: Wed, 21 Mar 2018 17:32:45 +0800
|
|
Subject: [PATCH BlueZ] tool/hcidump: Fix memory leak with malformed packet
|
|
|
|
Do not allow to read more then buffer size.
|
|
---
|
|
tools/parser/hci.c | 8 +++++++-
|
|
1 file changed, 7 insertions(+), 1 deletion(-)
|
|
|
|
Index: bluez-5.65/tools/parser/hci.c
|
|
===================================================================
|
|
--- bluez-5.65.orig/tools/parser/hci.c
|
|
+++ bluez-5.65/tools/parser/hci.c
|
|
@@ -976,8 +976,14 @@ static inline void pin_code_reply_dump(i
|
|
memset(pin, 0, sizeof(pin));
|
|
if (parser.flags & DUMP_NOVENDOR)
|
|
memset(pin, '*', cp->pin_len);
|
|
- else
|
|
+ else {
|
|
+ if (cp->pin_len > sizeof(pin)){
|
|
+ perror("Read failed");
|
|
+ exit(1);
|
|
+ }
|
|
+
|
|
memcpy(pin, cp->pin_code, cp->pin_len);
|
|
+ }
|
|
printf("bdaddr %s len %d pin \'%s\'\n", addr, cp->pin_len, pin);
|
|
}
|
|
|