forked from pool/bluez
Dirk Mueller
b754a9895d
* Fix issue with handling security level for HoG. * Fix issue with handling HIDSDPDisable attribute. * Fix issue with handling HID virtual cable unplug. * Fix issue with handling HID channel disconnect order. * Fix issue with handling AVDTP delay reporting states. * Fix issue with handling AVRCP notification events. * Fix issue with handling AVRCP list player attributes. * Fix issue with handling AVRCP category 1 player settings. * Fix issue with handling AVRCP media player passthrough bitmask. * Fix issue with handling HFP 1.7 default features. * Fix issue with handling GATT disconnecting handling. * Fix issue with handling GATT database hash. * Fix issue with handling service changed characteristic. * Fix issue with handling read of multiple characteristic values. * Fix issue with handling Just-Works auto-accept pairing. * Fix issue with handling authentication of bonded devices. * Fix issue with handling L2CAP streaming mode for AVDTP. * Fix issue with handling SysEx parser for MIDI support. * Fix issue with handling configured scan parameter values. * Fix issue with handling temporary devices removal. * Fix issue with handling advertising flags. - remove input-hog-Attempt-to-set-security-level-if-not-bonde.patch, input-Add-LEAutoSecurity-setting-to-input.conf.patch: upstream - use autopatch, spec-cleaner OBS-URL: https://build.opensuse.org/package/show/Base:System/bluez?expand=0&rev=296
32 lines
1011 B
Diff
32 lines
1011 B
Diff
# Upstream suggests to use btmon instead of hcidump and does not want those patches
|
|
# => PATCH-FIX-OPENSUSE for those two :-)
|
|
# fix some memory leak with malformed packet (reported upstream but not yet fixed)
|
|
|
|
From 00f50518f232c758855ac9884a841f707f41a301 Mon Sep 17 00:00:00 2001
|
|
From: "Cho, Yu-Chen" <acho@suse.com>
|
|
Date: Thu, 3 May 2018 18:52:19 +0800
|
|
Subject: [PATCH BlueZ] tool/hcidump: Fix memory leak with malformed packet
|
|
|
|
The Supported Commands is a 64 octet bit field.
|
|
Do not allow to read more then the size.
|
|
---
|
|
tools/parser/csr.c | 5 +++++
|
|
1 file changed, 5 insertions(+)
|
|
|
|
Index: bluez-5.55/tools/parser/csr.c
|
|
===================================================================
|
|
--- bluez-5.55.orig/tools/parser/csr.c
|
|
+++ bluez-5.55/tools/parser/csr.c
|
|
@@ -146,6 +146,11 @@ static inline void commands_dump(int lev
|
|
unsigned char commands[64];
|
|
unsigned int i;
|
|
|
|
+ if (frm->len > 64) {
|
|
+ perror("Read failed");
|
|
+ exit(1);
|
|
+ }
|
|
+
|
|
memcpy(commands, frm->ptr, frm->len);
|
|
|
|
p_indent(level, frm);
|