!20 fix CVE-2021-3588
From: @zzm_567 Reviewed-by: @yanan-rock Signed-off-by: @yanan-rock
This commit is contained in:
openeuler-ci-bot
Gitee
commit
411f2ecca9
33
backport-CVE-2021-3588.patch
Normal file
33
backport-CVE-2021-3588.patch
Normal file
@ -0,0 +1,33 @@
|
||||
From 9e6889d3b9d8f4dcc1ba57e6345d1efb2fbe1e77 Mon Sep 17 00:00:00 2001
|
||||
From: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
|
||||
Date: Mon, 4 Jan 2021 10:41:53 -0800
|
||||
Subject: [PATCH] gatt: Fix potential buffer out-of-bound
|
||||
|
||||
When client features is read check if the offset is within the cli_feat
|
||||
bounds.
|
||||
|
||||
Fixes: https://github.com/bluez/bluez/issues/70
|
||||
|
||||
---
|
||||
src/gatt-database.c | 5 +++++
|
||||
1 file changed, 5 insertions(+)
|
||||
|
||||
diff --git a/src/gatt-database.c b/src/gatt-database.c
|
||||
index c11d14b..a6530ba 100644
|
||||
--- a/src/gatt-database.c
|
||||
+++ b/src/gatt-database.c
|
||||
@@ -1082,6 +1082,11 @@ static void cli_feat_read_cb(struct gatt_db_attribute *attrib,
|
||||
goto done;
|
||||
}
|
||||
|
||||
+ if (offset >= sizeof(state->cli_feat)) {
|
||||
+ ecode = BT_ATT_ERROR_INVALID_OFFSET;
|
||||
+ goto done;
|
||||
+ }
|
||||
+
|
||||
len = sizeof(state->cli_feat) - offset;
|
||||
value = len ? &state->cli_feat[offset] : NULL;
|
||||
|
||||
--
|
||||
2.23.0
|
||||
|
||||
@ -1,7 +1,7 @@
|
||||
Name: bluez
|
||||
Summary: Bluetooth utilities
|
||||
Version: 5.54
|
||||
Release: 3
|
||||
Release: 4
|
||||
License: GPLv2+
|
||||
URL: http://www.bluez.org/
|
||||
Source0: http://www.kernel.org/pub/linux/bluetooth/bluez-%{version}.tar.xz
|
||||
@ -17,6 +17,7 @@ Patch0003: 0002-systemd-Add-PrivateTmp-and-NoNewPrivileges-options.patch
|
||||
Patch0004: 0003-systemd-Add-more-filesystem-lockdown.patch
|
||||
Patch0005: 0004-systemd-More-lockdown.patch
|
||||
Patch0006: 0005-Exit-test-mesh-crypto-on-any-detected-fail.patch
|
||||
Patch0007: backport-CVE-2021-3588.patch
|
||||
|
||||
BuildRequires: dbus-devel >= 1.6 libell-devel >= 0.28 autoconf
|
||||
BuildRequires: git-core glib2-devel libical-devel readline-devel
|
||||
@ -173,6 +174,12 @@ make check
|
||||
%{_mandir}/man8/*
|
||||
|
||||
%changelog
|
||||
* Sat Jun 26 2021 zhanzhimin <zhanzhimin@huawei.com> - 5.54-4
|
||||
- Type:CVE
|
||||
- ID:CVE-2021-3588
|
||||
- SUG:NA
|
||||
- DESC:fix CVE-2021-3588
|
||||
|
||||
* Wed Sep 16 2020 orange-snn <songnannan2@huawei.com> - 5.54-3
|
||||
- bugfix test-mesh-crypto faild
|
||||
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user