packages/bluez
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

fix CVE-2021-0129

Browse Source
This commit is contained in:
xinyingchao 2022-03-01 18:16:01 +08:00
parent c83194b38a
commit 2705bfaef9
2 changed files with 88 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

80
backport-CVE-2021-0129.patch Normal file
View File

@ -0,0 +1,80 @@
From e15a27eee8d48871089d621ab43a21f2c855df1e Mon Sep 17 00:00:00 2001
From: xingxing <xingxing9@h-partners.com>
Date: Tue, 1 Mar 2022 16:08:57 +0800
Subject: [PATCH] CVE-2021-0129.patch
---
src/shared/att-types.h | 8 ++++++++
src/shared/gatt-server.c | 16 ++++------------
2 files changed, 12 insertions(+), 12 deletions(-)
diff --git a/src/shared/att-types.h b/src/shared/att-types.h
index 99b1089..f468a98 100644
--- a/src/shared/att-types.h
+++ b/src/shared/att-types.h
@@ -142,6 +142,14 @@ struct bt_att_pdu_error_rsp {
#define BT_ATT_PERM_WRITE_SECURE 0x0200
#define BT_ATT_PERM_SECURE (BT_ATT_PERM_READ_SECURE | \
BT_ATT_PERM_WRITE_SECURE)
+#define BT_ATT_PERM_READ_MASK (BT_ATT_PERM_READ | \
+ BT_ATT_PERM_READ_AUTHEN | \
+ BT_ATT_PERM_READ_ENCRYPT | \
+ BT_ATT_PERM_READ_SECURE)
+#define BT_ATT_PERM_WRITE_MASK (BT_ATT_PERM_WRITE | \
+ BT_ATT_PERM_WRITE_AUTHEN | \
+ BT_ATT_PERM_WRITE_ENCRYPT | \
+ BT_ATT_PERM_WRITE_SECURE)
/* GATT Characteristic Properties Bitfield values */
#define BT_GATT_CHRC_PROP_BROADCAST 0x01
diff --git a/src/shared/gatt-server.c b/src/shared/gatt-server.c
index 7e5d652..a79a786 100644
--- a/src/shared/gatt-server.c
+++ b/src/shared/gatt-server.c
@@ -473,9 +473,7 @@ static void process_read_by_type(struct async_read_op *op)
return;
}
- ecode = check_permissions(server, attr, BT_ATT_PERM_READ |
- BT_ATT_PERM_READ_AUTHEN |
- BT_ATT_PERM_READ_ENCRYPT);
+ ecode = check_permissions(server, attr, BT_ATT_PERM_READ_MASK);
if (ecode)
goto error;
@@ -848,9 +846,7 @@ static void write_cb(struct bt_att_chan *chan, uint8_t opcode, const void *pdu,
(opcode == BT_ATT_OP_WRITE_REQ) ? "Req" : "Cmd",
handle);
- ecode = check_permissions(server, attr, BT_ATT_PERM_WRITE |
- BT_ATT_PERM_WRITE_AUTHEN |
- BT_ATT_PERM_WRITE_ENCRYPT);
+ ecode = check_permissions(server, attr, BT_ATT_PERM_WRITE_MASK);
if (ecode)
goto error;
@@ -961,9 +957,7 @@ static void handle_read_req(struct bt_att_chan *chan,
opcode == BT_ATT_OP_READ_BLOB_REQ ? "Blob " : "",
handle);
- ecode = check_permissions(server, attr, BT_ATT_PERM_READ |
- BT_ATT_PERM_READ_AUTHEN |
- BT_ATT_PERM_READ_ENCRYPT);
+ ecode = check_permissions(server, attr, BT_ATT_PERM_READ_MASK);
if (ecode)
goto error;
@@ -1360,9 +1354,7 @@ static void prep_write_cb(struct bt_att_chan *chan, uint8_t opcode,
util_debug(server->debug_callback, server->debug_data,
"Prep Write Req - handle: 0x%04x", handle);
- ecode = check_permissions(server, attr, BT_ATT_PERM_WRITE |
- BT_ATT_PERM_WRITE_AUTHEN |
- BT_ATT_PERM_WRITE_ENCRYPT);
+ ecode = check_permissions(server, attr, BT_ATT_PERM_WRITE_MASK);
if (ecode)
goto error;
--
2.27.0

9
bluez.spec
View File

@ -1,7 +1,7 @@
Name: bluez
Summary: Bluetooth utilities
Version: 5.54
Release: 11
Release: 12
License: GPLv2+
URL: http://www.bluez.org/
Source0: http://www.kernel.org/pub/linux/bluetooth/bluez-%{version}.tar.xz
@ -25,6 +25,7 @@ Patch6000: backport-CVE-2020-27153.patch
Patch6001: backport-0001-CVE-2021-3658.patch
Patch6002: backport-0002-CVE-2021-3658.patch
Patch6003: backport-CVE-2021-43400.patch
Patch6004: backport-CVE-2021-0129.patch
BuildRequires: dbus-devel >= 1.6 libell-devel >= 0.28 autoconf
BuildRequires: glib2-devel libical-devel readline-devel
@ -181,6 +182,12 @@ make check
%{_mandir}/man8/*
%changelog
* Tue Mar 1 2022 xingxing <xingxing9@h-partners.com> - 5.54-12
- Type:CVE
- CVE:CVE-2021-0129
- SUG:NA
- DESC:fix CVE-2021-0129
* Fri Feb 11 2022 xingxing <xingxing9@h-partners.com> - 5.54-11
- Type:CVE
- CVE:CVE-2021-43400