packages/bluez
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

!85 fix CVE-2023-27349

Browse Source 
From: @zhouwenpei 
Reviewed-by: @yanan-rock 
Signed-off-by: @yanan-rock
This commit is contained in:
openeuler-ci-bot 2023-04-18 11:28:08 +00:00 committed by Gitee
commit ad18bd27b8
No known key found for this signature in database
GPG Key ID: 173E9B9CA92EEF8F
2 changed files with 51 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

46
backport-CVE-2023-27349.patch Normal file
View File

@ -0,0 +1,46 @@
From f54299a850676d92c3dafd83e9174fcfe420ccc9 Mon Sep 17 00:00:00 2001
From: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
Date: Wed, 22 Mar 2023 11:34:24 -0700
Subject: avrcp: Fix crash while handling unsupported events
The following crash can be observed if the remote peer send and
unsupported event:
ERROR: AddressSanitizer: heap-use-after-free on address 0x60b000148f11
at pc 0x559644552088 bp 0x7ffe28b3c7b0 sp 0x7ffe28b3c7a0
WRITE of size 1 at 0x60b000148f11 thread T0
#0 0x559644552087 in avrcp_handle_event profiles/audio/avrcp.c:3907
#1 0x559644536c22 in control_response profiles/audio/avctp.c:939
#2 0x5596445379ab in session_cb profiles/audio/avctp.c:1108
#3 0x7fbcb3e51c43 in g_main_context_dispatch (/lib/x86_64-linux-gnu/libglib-2.0.so.0+0x55c43)
#4 0x7fbcb3ea66c7 (/lib/x86_64-linux-gnu/libglib-2.0.so.0+0xaa6c7)
#5 0x7fbcb3e512b2 in g_main_loop_run (/lib/x86_64-linux-gnu/libglib-2.0.so.0+0x552b2)
#6 0x559644754ab6 in mainloop_run src/shared/mainloop-glib.c:66
#7 0x559644755606 in mainloop_run_with_signal src/shared/mainloop-notify.c:188
#8 0x5596445bb963 in main src/main.c:1289
#9 0x7fbcb3bafd8f in __libc_start_call_main ../sysdeps/nptl/libc_start_call_main.h:58
#10 0x7fbcb3bafe3f in __libc_start_main_impl ../csu/libc-start.c:392
#11 0x5596444e8224 in _start (/usr/local/libexec/bluetooth/bluetoothd+0xf0224)
---
profiles/audio/avrcp.c | 6 ++++++
1 file changed, 6 insertions(+)
diff --git a/profiles/audio/avrcp.c b/profiles/audio/avrcp.c
index 80f34c7a7..dda9a303f 100644
--- a/profiles/audio/avrcp.c
+++ b/profiles/audio/avrcp.c
@@ -3901,6 +3901,12 @@ static gboolean avrcp_handle_event(struct avctp *conn, uint8_t code,
case AVRCP_EVENT_UIDS_CHANGED:
avrcp_uids_changed(session, pdu);
break;
+ default:
+ if (event > AVRCP_EVENT_LAST) {
+ warn("Unsupported event: %u", event);
+ return FALSE;
+ }
+ break;
}
session->registered_events |= (1 << event);
--
cgit

6
bluez.spec
View File

@ -1,7 +1,7 @@
Name: bluez Name: bluez
Summary: Bluetooth utilities Summary: Bluetooth utilities
Version: 5.54 Version: 5.54
Release: 16 Release: 17
License: GPLv2+ License: GPLv2+
URL: http://www.bluez.org/ URL: http://www.bluez.org/
Source0: http://www.kernel.org/pub/linux/bluetooth/bluez-%{version}.tar.xz Source0: http://www.kernel.org/pub/linux/bluetooth/bluez-%{version}.tar.xz
@ -37,6 +37,7 @@ Patch6012: backport-0002-CVE-2022-39177.patch
%ifarch sw_64 %ifarch sw_64
Patch6013: bluez-5.54-sw.patch Patch6013: bluez-5.54-sw.patch
%endif %endif
Patch6014: backport-CVE-2023-27349.patch
BuildRequires: dbus-devel >= 1.6 libell-devel >= 0.28 autoconf BuildRequires: dbus-devel >= 1.6 libell-devel >= 0.28 autoconf
BuildRequires: glib2-devel libical-devel readline-devel BuildRequires: glib2-devel libical-devel readline-devel
@ -193,6 +194,9 @@ make check
%{_mandir}/man8/* %{_mandir}/man8/*
%changelog %changelog
* Tue Apr 18 2023 zhouwenpei <zhouwenpei1@h-partners.com> - 5.54-17
- DESC:fix CVE-2023-27349
* Thu Dec 08 2022 zhangzhixin <zhixin.zhang@i-soft.com.cn> - 5.54-16 * Thu Dec 08 2022 zhangzhixin <zhixin.zhang@i-soft.com.cn> - 5.54-16
- add sw64 patch - add sw64 patch