!20 fix CVE-2021-3588
From: @zzm_567 Reviewed-by: @yanan-rock Signed-off-by: @yanan-rock
This commit is contained in:
openeuler-ci-bot
Gitee
commit
411f2ecca9
33
backport-CVE-2021-3588.patch
Normal file
33
backport-CVE-2021-3588.patch
Normal file
@ -0,0 +1,33 @@
|
|||||||
|
From 9e6889d3b9d8f4dcc1ba57e6345d1efb2fbe1e77 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
|
||||||
|
Date: Mon, 4 Jan 2021 10:41:53 -0800
|
||||||
|
Subject: [PATCH] gatt: Fix potential buffer out-of-bound
|
||||||
|
|
||||||
|
When client features is read check if the offset is within the cli_feat
|
||||||
|
bounds.
|
||||||
|
|
||||||
|
Fixes: https://github.com/bluez/bluez/issues/70
|
||||||
|
|
||||||
|
---
|
||||||
|
src/gatt-database.c | 5 +++++
|
||||||
|
1 file changed, 5 insertions(+)
|
||||||
|
|
||||||
|
diff --git a/src/gatt-database.c b/src/gatt-database.c
|
||||||
|
index c11d14b..a6530ba 100644
|
||||||
|
--- a/src/gatt-database.c
|
||||||
|
+++ b/src/gatt-database.c
|
||||||
|
@@ -1082,6 +1082,11 @@ static void cli_feat_read_cb(struct gatt_db_attribute *attrib,
|
||||||
|
goto done;
|
||||||
|
}
|
||||||
|
|
||||||
|
+ if (offset >= sizeof(state->cli_feat)) {
|
||||||
|
+ ecode = BT_ATT_ERROR_INVALID_OFFSET;
|
||||||
|
+ goto done;
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
len = sizeof(state->cli_feat) - offset;
|
||||||
|
value = len ? &state->cli_feat[offset] : NULL;
|
||||||
|
|
||||||
|
--
|
||||||
|
2.23.0
|
||||||
|
|
||||||
@ -1,7 +1,7 @@
|
|||||||
Name: bluez
|
Name: bluez
|
||||||
Summary: Bluetooth utilities
|
Summary: Bluetooth utilities
|
||||||
Version: 5.54
|
Version: 5.54
|
||||||
Release: 3
|
Release: 4
|
||||||
License: GPLv2+
|
License: GPLv2+
|
||||||
URL: http://www.bluez.org/
|
URL: http://www.bluez.org/
|
||||||
Source0: http://www.kernel.org/pub/linux/bluetooth/bluez-%{version}.tar.xz
|
Source0: http://www.kernel.org/pub/linux/bluetooth/bluez-%{version}.tar.xz
|
||||||
@ -17,6 +17,7 @@ Patch0003: 0002-systemd-Add-PrivateTmp-and-NoNewPrivileges-options.patch
|
|||||||
Patch0004: 0003-systemd-Add-more-filesystem-lockdown.patch
|
Patch0004: 0003-systemd-Add-more-filesystem-lockdown.patch
|
||||||
Patch0005: 0004-systemd-More-lockdown.patch
|
Patch0005: 0004-systemd-More-lockdown.patch
|
||||||
Patch0006: 0005-Exit-test-mesh-crypto-on-any-detected-fail.patch
|
Patch0006: 0005-Exit-test-mesh-crypto-on-any-detected-fail.patch
|
||||||
|
Patch0007: backport-CVE-2021-3588.patch
|
||||||
|
|
||||||
BuildRequires: dbus-devel >= 1.6 libell-devel >= 0.28 autoconf
|
BuildRequires: dbus-devel >= 1.6 libell-devel >= 0.28 autoconf
|
||||||
BuildRequires: git-core glib2-devel libical-devel readline-devel
|
BuildRequires: git-core glib2-devel libical-devel readline-devel
|
||||||
@ -173,6 +174,12 @@ make check
|
|||||||
%{_mandir}/man8/*
|
%{_mandir}/man8/*
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Sat Jun 26 2021 zhanzhimin <zhanzhimin@huawei.com> - 5.54-4
|
||||||
|
- Type:CVE
|
||||||
|
- ID:CVE-2021-3588
|
||||||
|
- SUG:NA
|
||||||
|
- DESC:fix CVE-2021-3588
|
||||||
|
|
||||||
* Wed Sep 16 2020 orange-snn <songnannan2@huawei.com> - 5.54-3
|
* Wed Sep 16 2020 orange-snn <songnannan2@huawei.com> - 5.54-3
|
||||||
- bugfix test-mesh-crypto faild
|
- bugfix test-mesh-crypto faild
|
||||||
|
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user