diff options
| author | John Klug <john.klug@multitech.com> | 2017-10-06 18:21:56 -0500 |
|---|---|---|
| committer | John Klug <john.klug@multitech.com> | 2017-10-06 18:21:56 -0500 |
| commit | fc71cf7f90b1a1074f41840c48108d6db0963696 (patch) | |
| tree | e5b20fb1589c2805162b541d29e41642cff71134 | |
| parent | 0fa3c4ac3dbc78b67ba65817ea9d8c8bb19387c6 (diff) | |
| download | meta-mlinux-fc71cf7f90b1a1074f41840c48108d6db0963696.tar.gz meta-mlinux-fc71cf7f90b1a1074f41840c48108d6db0963696.tar.bz2 meta-mlinux-fc71cf7f90b1a1074f41840c48108d6db0963696.zip | |
Blueborne patch Bluez4 CVE-2017-1000250
| -rw-r--r-- | recipes-connectivity/bluez/bluez4/CVE-2017-1000250.patch | 22 | ||||
| -rw-r--r-- | recipes-connectivity/bluez/bluez4_4.101.bbappend | 8 |
2 files changed, 26 insertions, 4 deletions
diff --git a/recipes-connectivity/bluez/bluez4/CVE-2017-1000250.patch b/recipes-connectivity/bluez/bluez4/CVE-2017-1000250.patch new file mode 100644 index 0000000..f87c822 --- /dev/null +++ b/recipes-connectivity/bluez/bluez4/CVE-2017-1000250.patch @@ -0,0 +1,22 @@ +This fix was pulled from Bluez5 and modified for Bluez4. +From 9e009647b14e810e06626dde7f1bb9ea3c375d09 Mon Sep 17 00:00:00 2001 +From: Luiz Augusto von Dentz <luiz.von.dentz@intel.com> +Date: Wed, 13 Sep 2017 10:01:40 +0300 +Subject: sdp: Fix Out-of-bounds heap read in service_search_attr_req function + +Check if there is enough data to continue otherwise return an error. +--- + src/sdpd-request.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) +diff -Naru a/src/sdpd-request.c b/src/sdpd-request.c +--- a/src/sdpd-request.c 2017-10-06 16:59:32.079819026 -0500 ++++ b/src/sdpd-request.c 2017-10-06 16:59:37.847818855 -0500 +@@ -907,7 +907,7 @@ static int service_search_attr_req(sdp_req_t *req, sdp_buf_t *buf) + } else { + /* continuation State exists -> get from cache */ + sdp_buf_t *pCache = sdp_get_cached_rsp(cstate); +- if (pCache) { ++ if (pCache && cstate->cStateValue.maxBytesSent < pCache->data_size) { + uint16_t sent = MIN(max, pCache->data_size - cstate->cStateValue.maxBytesSent); + pResponse = pCache->data; + memcpy(buf->data, pResponse + cstate->cStateValue.maxBytesSent, sent); diff --git a/recipes-connectivity/bluez/bluez4_4.101.bbappend b/recipes-connectivity/bluez/bluez4_4.101.bbappend index b478630..b09ce86 100644 --- a/recipes-connectivity/bluez/bluez4_4.101.bbappend +++ b/recipes-connectivity/bluez/bluez4_4.101.bbappend @@ -1,16 +1,16 @@ EXTRA_OECONF += " --enable-pand" +FILESEXTRAPATHS_prepend := "${THISDIR}/${PN}:" +SRC_URI += "file://CVE-2017-1000250.patch" + SUMMARY_${PN}-plugins = "Sample Bluez4 plugins" S = "${WORKDIR}/bluez-${PV}" PACKAGES =+ "${PN}-plugins" RPROVIDES_${PN}-plugins = "bluetooth-plugins" FILES_${PN}-plugins = "${libdir}/bluetooth/plugins/*.o" do_install_append () { - echo "JAK from is ${S} and to is ${D} and PN is ${PN}" - echo "libdir is ${libdir}" - echo "JAK FILES_ is ${FILES_bluez4-plugins}" install -m0755 -d ${D}/usr/lib/bluetooth/plugins install -m0755 ${S}/plugins/*.o ${D}/usr/lib/bluetooth/plugins } - +PR_append = ".m1" |