Overview

File CVE-2016-9804-tool-hcidump-Fix-memory-leak-with-malformed-packet.patch of Package bluez.32104

# Upstream suggests to use btmon instead of hcidump and does not want those patches
# => PATCH-FIX-OPENSUSE for those two :-)
# fix some memory leak with malformed packet (reported upstream but not yet fixed)

From 00f50518f232c758855ac9884a841f707f41a301 Mon Sep 17 00:00:00 2001
From: "Cho, Yu-Chen" <acho@suse.com>
Date: Thu, 3 May 2018 18:52:19 +0800
Subject: [PATCH BlueZ] tool/hcidump: Fix memory leak with malformed packet

The Supported Commands is a 64 octet bit field.
Do not allow to read more then the size.
---
 tools/parser/csr.c | 5 +++++
 1 file changed, 5 insertions(+)

Index: bluez-5.54/tools/parser/csr.c
===================================================================
--- bluez-5.54.orig/tools/parser/csr.c
+++ bluez-5.54/tools/parser/csr.c
@@ -146,6 +146,11 @@ static inline void commands_dump(int lev
 	unsigned char commands[64];
 	unsigned int i;
 
+	if (frm->len > 64) {
+		perror("Read failed");
+		exit(1);
+	}
+
 	memcpy(commands, frm->ptr, frm->len);
 
 	p_indent(level, frm);
openSUSE Build Service is sponsored by
Places