Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
SUSE:SLE-15-SP1:GA
bluez.11053
0004-btmon-Fix-crash-caused-by-integer-underflo...
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File 0004-btmon-Fix-crash-caused-by-integer-underflow.patch of Package bluez.11053
From f01e006a26e42581c092efc10b68c2f51f3bb6f3 Mon Sep 17 00:00:00 2001 From: Matias Karhumaa <matias.karhumaa@gmail.com> Date: Tue, 16 Oct 2018 23:21:17 +0300 Subject: [PATCH 04/13] btmon: Fix crash caused by integer underflow Check in packet_ctrl_open that parsed length is not more than buffer size. Bug was found by fuzzing btmon with AFL. --- monitor/packet.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) Index: bluez-5.48/monitor/packet.c =================================================================== --- bluez-5.48.orig/monitor/packet.c +++ bluez-5.48/monitor/packet.c @@ -10359,7 +10359,7 @@ void packet_ctrl_open(struct timeval *tv flags = get_le32(data + 3); ident_len = get_u8(data + 7); - if (ident_len > size) { + if ((8 + ident_len) > size) { print_packet(tv, cred, '*', index, NULL, COLOR_ERROR, "Malformed Control Open packet", NULL, NULL); return;
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor