Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
openSUSE:Leap:15.4:ARM
bluez.27444
avrcp-Fix-not-checking-if-params_len-match-numb...
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File avrcp-Fix-not-checking-if-params_len-match-number-of.patch of Package bluez.27444
From e2b0f0d8d63e1223bb714a9efb37e2257818268b Mon Sep 17 00:00:00 2001 From: Luiz Augusto von Dentz <luiz.von.dentz@intel.com> Date: Thu, 29 Apr 2021 18:18:57 -0700 Subject: [PATCH] avrcp: Fix not checking if params_len match number of received bytes This makes sure the number of bytes in the params_len matches the remaining bytes received so the code don't end up accessing invalid memory. --- profiles/audio/avrcp.c | 8 ++++++++ 1 file changed, 8 insertions(+) Index: bluez-5.48/profiles/audio/avrcp.c =================================================================== --- bluez-5.48.orig/profiles/audio/avrcp.c +++ bluez-5.48/profiles/audio/avrcp.c @@ -1844,6 +1844,14 @@ static size_t handle_vendordep_pdu(struc goto err_metadata; } + operands += sizeof(*pdu); + operand_count -= sizeof(*pdu); + + if (pdu->params_len != operand_count) { + DBG("AVRCP PDU parameters length don't match"); + pdu->params_len = operand_count; + } + for (handler = session->control_handlers; handler->pdu_id; handler++) { if (handler->pdu_id == pdu->pdu_id) break;
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor