File CVE-2016-9800-tool-hcidump-Fix-memory-leak-with-malformed-packet.patch of Package bluez.7912

From 5ca9510314d15d562e9ef5515a5483be5f28258d Mon Sep 17 00:00:00 2001
From: "Cho, Yu-Chen" <acho@suse.com>
Date: Wed, 21 Mar 2018 17:32:45 +0800
Subject: [PATCH BlueZ] tool/hcidump: Fix memory leak with malformed packet

Do not allow to read more then buffer size.
---
 tools/parser/hci.c | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/tools/parser/hci.c b/tools/parser/hci.c
index 8c7bd2581..adfd9ab1d 100644
--- a/tools/parser/hci.c
+++ b/tools/parser/hci.c
@@ -988,8 +988,14 @@ static inline void pin_code_reply_dump(int level, struct frame *frm)
 	memset(pin, 0, sizeof(pin));
 	if (parser.flags & DUMP_NOVENDOR)
 		memset(pin, '*', cp->pin_len);
-	else
+	else {
+                 if (cp->pin_len > sizeof(pin)){
+                        perror("Read failed");
+                        exit(1);
+                }
+
 		memcpy(pin, cp->pin_code, cp->pin_len);
+	}
 	printf("bdaddr %s len %d pin \'%s\'\n", addr, cp->pin_len, pin);
 }
 
-- 
2.16.2

openSUSE Build Service is sponsored by