Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
Please login to access the resource
openSUSE:Leap:15.5:Update
bluez
CVE-2016-9800-tool-hcidump-Fix-memory-leak-with...
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File CVE-2016-9800-tool-hcidump-Fix-memory-leak-with-malformed-packet.patch of Package bluez
# Upstream suggests to use btmon instead of hcidump and does not want those patches # => PATCH-FIX-OPENSUSE for those two :-) # fix some memory leak with malformed packet (reported upstream but not yet fixed) From 5ca9510314d15d562e9ef5515a5483be5f28258d Mon Sep 17 00:00:00 2001 From: "Cho, Yu-Chen" <acho@suse.com> Date: Wed, 21 Mar 2018 17:32:45 +0800 Subject: [PATCH BlueZ] tool/hcidump: Fix memory leak with malformed packet Do not allow to read more then buffer size. --- tools/parser/hci.c | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) Index: bluez-5.65/tools/parser/hci.c =================================================================== --- bluez-5.65.orig/tools/parser/hci.c +++ bluez-5.65/tools/parser/hci.c @@ -976,8 +976,14 @@ static inline void pin_code_reply_dump(i memset(pin, 0, sizeof(pin)); if (parser.flags & DUMP_NOVENDOR) memset(pin, '*', cp->pin_len); - else + else { + if (cp->pin_len > sizeof(pin)){ + perror("Read failed"); + exit(1); + } + memcpy(pin, cp->pin_code, cp->pin_len); + } printf("bdaddr %s len %d pin \'%s\'\n", addr, cp->pin_len, pin); }
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor