packages/bluez
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
bluez/backport-0001-CVE-2021-0129.patch

72 lines
3.2 KiB
Diff
Raw Normal View History

CVE-2022-0204 and add prefix CVE-2021-0129
2022-03-18 17:23:42 +08:00
From d676c4ddcb569234c6ce499732bb5fbe76ba14ac Mon Sep 17 00:00:00 2001
From: Szymon Janc <szymon.janc@codecoup.pl>
Date: Tue, 31 Mar 2020 12:45:32 +0200
Subject: [PATCH] shared/gatt: Fix NULL pointer dereference
bluetoothd[363094]: src/device.c:device_connect_le() Connection attempt to: 00:AA:01:00:00:23
Program received signal SIGSEGV, Segmentation fault.
write_complete_cb (attr=0x55555580aa30, err=-110, user_data=0x55555585f7c0) at src/shared/gatt-server.c:793
793 util_debug(server->debug_callback, server->debug_data,
(gdb) bt
#0 write_complete_cb (attr=0x55555580aa30, err=-110, user_data=0x55555585f7c0) at src/shared/gatt-server.c:793
#1 0x00005555556a5852 in pending_write_result (p=0x555555866030, err=<optimized out>) at src/shared/gatt-db.c:162
#2 0x00005555556a5ac7 in write_timeout (user_data=0x555555866030) at src/shared/gatt-db.c:1879
#3 0x00005555556a9b15 in timeout_callback (user_data=user_data@entry=0x555555864b20) at src/shared/timeout-glib.c:34
#4 0x00007ffff7e1f081 in g_timeout_dispatch (source=source@entry=0x555555864f00, callback=0x5555556a9b00 <timeout_callback>, user_data=0x555555864b20) at ../glib/gmain.c:4705
#5 0x00007ffff7e1e570 in g_main_dispatch (context=0x5555557d9630) at ../glib/gmain.c:3216
#6 g_main_context_dispatch (context=context@entry=0x5555557d9630) at ../glib/gmain.c:3881
#7 0x00007ffff7e1e900 in g_main_context_iterate (context=0x5555557d9630, block=block@entry=1, dispatch=dispatch@entry=1, self=<optimized out>) at ../glib/gmain.c:3954
#8 0x00007ffff7e1ebf3 in g_main_loop_run (loop=0x5555557d75d0) at ../glib/gmain.c:4148
#9 0x00005555556a9dbd in mainloop_run () at src/shared/mainloop-glib.c:79
#10 0x00005555556aa36a in mainloop_run_with_signal (func=<optimized out>, user_data=0x0) at src/shared/mainloop-notify.c:201
#11 0x00005555555bb9e3 in main (argc=<optimized out>, argv=<optimized out>) at src/main.c:770
Conflict:NA
Reference:https://github.com/bluez/bluez/commit/d676c4ddcb569234c6ce499732bb5fbe76ba14ac
---
src/shared/gatt-server.c | 12 ++++++------
1 file changed, 6 insertions(+), 6 deletions(-)
diff --git a/src/shared/gatt-server.c b/src/shared/gatt-server.c
index 7e5d652e42..4e07398d21 100644
--- a/src/shared/gatt-server.c
+++ b/src/shared/gatt-server.c
@@ -790,14 +790,14 @@ static void write_complete_cb(struct gatt_db_attribute *attr, int err,
struct bt_gatt_server *server = op->server;
uint16_t handle;
- util_debug(server->debug_callback, server->debug_data,
- "Write Complete: err %d", err);
-
if (!server || op->opcode == BT_ATT_OP_WRITE_CMD) {
async_write_op_destroy(op);
return;
}
+ util_debug(server->debug_callback, server->debug_data,
+ "Write Complete: err %d", err);
+
handle = gatt_db_attribute_get_handle(attr);
if (err)
@@ -914,14 +914,14 @@ static void read_complete_cb(struct gatt_db_attribute *attr, int err,
uint16_t mtu;
uint16_t handle;
- util_debug(server->debug_callback, server->debug_data,
- "Read Complete: err %d", err);
-
if (!server) {
async_read_op_destroy(op);
return;
}
+ util_debug(server->debug_callback, server->debug_data,
+ "Read Complete: err %d", err);
+
mtu = bt_att_get_mtu(server->att);
handle = gatt_db_attribute_get_handle(attr);
Reference in New Issue Copy Permalink