forked from pool/bluez
205bf4a19b
Add patches for bsc#1013721 CVE-2016-9800 bsc#1013877 CVE-2016-9804 OBS-URL: https://build.opensuse.org/request/show/606365 OBS-URL: https://build.opensuse.org/package/show/Base:System/bluez?expand=0&rev=251
31 lines
805 B
Diff
31 lines
805 B
Diff
From 00f50518f232c758855ac9884a841f707f41a301 Mon Sep 17 00:00:00 2001
|
|
From: "Cho, Yu-Chen" <acho@suse.com>
|
|
Date: Thu, 3 May 2018 18:52:19 +0800
|
|
Subject: [PATCH BlueZ] tool/hcidump: Fix memory leak with malformed packet
|
|
|
|
The Supported Commands is a 64 octet bit field.
|
|
Do not allow to read more then the size.
|
|
---
|
|
tools/parser/csr.c | 5 +++++
|
|
1 file changed, 5 insertions(+)
|
|
|
|
diff --git a/tools/parser/csr.c b/tools/parser/csr.c
|
|
index a0a4eb5fe..2d3db878a 100644
|
|
--- a/tools/parser/csr.c
|
|
+++ b/tools/parser/csr.c
|
|
@@ -145,6 +145,11 @@ static inline void commands_dump(int level, char *str, struct frame *frm)
|
|
unsigned char commands[64];
|
|
unsigned int i;
|
|
|
|
+ if (frm->len > 64) {
|
|
+ perror("Read failed");
|
|
+ exit(1);
|
|
+ }
|
|
+
|
|
memcpy(commands, frm->ptr, frm->len);
|
|
|
|
p_indent(level, frm);
|
|
--
|
|
2.16.3
|
|
|