diff mbox series

[kirkstone] bluez: CVE-2022-3563 Fix null pointer derefference

Message ID 20221107053138.7177-1-hprajapati@mvista.com
State New, archived
Headers show
Series [kirkstone] bluez: CVE-2022-3563 Fix null pointer derefference | expand

Commit Message

Hitendra Prajapati Nov. 7, 2022, 5:31 a.m. UTC 
Upstream-Status: Backport from https://git.kernel.org/pub/scm/bluetooth/bluez.git/commit/?id=e3c92f1f786f0b55440bd908b55894d0c792cf0e

Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
---
 meta/recipes-connectivity/bluez5/bluez5.inc   |  1 +
 .../bluez5/bluez5/CVE-2022-3563.patch         | 44 +++++++++++++++++++
 2 files changed, 45 insertions(+)
 create mode 100644 meta/recipes-connectivity/bluez5/bluez5/CVE-2022-3563.patch
diff mbox series

Patch

diff --git a/meta/recipes-connectivity/bluez5/bluez5.inc b/meta/recipes-connectivity/bluez5/bluez5.inc
index 07d36ab74b..a9989585f5 100644
--- a/meta/recipes-connectivity/bluez5/bluez5.inc
+++ b/meta/recipes-connectivity/bluez5/bluez5.inc
@@ -54,6 +54,7 @@  SRC_URI = "${KERNELORG_MIRROR}/linux/bluetooth/bluez-${PV}.tar.xz \
            file://0001-tests-add-a-target-for-building-tests-without-runnin.patch \
            file://0001-test-gatt-Fix-hung-issue.patch \
            file://CVE-2022-3637.patch \
+           file://CVE-2022-3563.patch \
            "
 S = "${WORKDIR}/bluez-${PV}"
 
diff --git a/meta/recipes-connectivity/bluez5/bluez5/CVE-2022-3563.patch b/meta/recipes-connectivity/bluez5/bluez5/CVE-2022-3563.patch
new file mode 100644
index 0000000000..e67e7093ec
--- /dev/null
+++ b/meta/recipes-connectivity/bluez5/bluez5/CVE-2022-3563.patch
@@ -0,0 +1,44 @@ 
+From 5e22473411bbd673b588d9f3d9d130199be13b4b Mon Sep 17 00:00:00 2001
+From: Hitendra Prajapati <hprajapati@mvista.com>
+Date: Fri, 4 Nov 2022 17:09:57 +0530
+Subject: [PATCH] CVE-2022-3563
+
+Upstream-Status: Backport [https://git.kernel.org/pub/scm/bluetooth/bluez.git/commit/?id=e3c92f1f786f0b55440bd908b55894d0c792cf0e]
+CVE: CVE-2022-3563
+Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
+
+mgmt-tester: Fix null dereference issue reported by scan-build
+This patch fixes the null dereference reported by the scan-build.
+
+tools/mgmt-tester.c:12025:28: warning: Access to field 'cap_len' results
+in a dereference of a null pointer (loaded from variable 'rp')
+[core.NullDereference]
+
+        if (sizeof(rp->cap_len) + rp->cap_len != length) {
+                                  ^~~~~~~~~~~
+---
+ tools/mgmt-tester.c | 2 ++
+ 1 file changed, 2 insertions(+)
+
+diff --git a/tools/mgmt-tester.c b/tools/mgmt-tester.c
+index e5319d1..b15ed5e 100644
+--- a/tools/mgmt-tester.c
++++ b/tools/mgmt-tester.c
+@@ -11960,12 +11960,14 @@ static void read_50_controller_cap_complete(uint8_t status, uint16_t length,
+ 		tester_warn("Failed to read advertising features: %s (0x%02x)",
+ 						mgmt_errstr(status), status);
+ 		tester_test_failed();
++		return;
+ 	}
+ 
+ 	if (sizeof(rp->cap_len) + rp->cap_len != length) {
+ 		tester_warn("Controller capabilities malformed, size %zu != %u",
+ 				sizeof(rp->cap_len) + rp->cap_len, length);
+ 		tester_test_failed();
++		return;
+ 	}
+ 
+ 	while (offset < rp->cap_len) {
+-- 
+2.25.1
+