SHA256
1
0
forked from pool/bluez
bluez/CVE-2016-9804-tool-hcidump-Fix-memory-leak-with-malformed-packet.patch
2018-05-14 17:33:44 +00:00

31 lines
805 B
Diff

From 00f50518f232c758855ac9884a841f707f41a301 Mon Sep 17 00:00:00 2001
From: "Cho, Yu-Chen" <acho@suse.com>
Date: Thu, 3 May 2018 18:52:19 +0800
Subject: [PATCH BlueZ] tool/hcidump: Fix memory leak with malformed packet
The Supported Commands is a 64 octet bit field.
Do not allow to read more then the size.
---
tools/parser/csr.c | 5 +++++
1 file changed, 5 insertions(+)
diff --git a/tools/parser/csr.c b/tools/parser/csr.c
index a0a4eb5fe..2d3db878a 100644
--- a/tools/parser/csr.c
+++ b/tools/parser/csr.c
@@ -145,6 +145,11 @@ static inline void commands_dump(int level, char *str, struct frame *frm)
unsigned char commands[64];
unsigned int i;
+ if (frm->len > 64) {
+ perror("Read failed");
+ exit(1);
+ }
+
memcpy(commands, frm->ptr, frm->len);
p_indent(level, frm);
--
2.16.3