aboutsummaryrefslogtreecommitdiff
path: root/gnu/packages/patches/bluez-CVE-2017-1000250.patch
diff options
context:
space:
mode:
authorMarius Bakke <mbakke@fastmail.com>2017-10-10 21:44:32 +0200
committerMarius Bakke <mbakke@fastmail.com>2017-10-10 21:44:32 +0200
commit1c055d72585bd075e20ad0b41942d501d0b38656 (patch)
tree7baf50e22fb5f6c6d4b2fa7197596f68298eb691 /gnu/packages/patches/bluez-CVE-2017-1000250.patch
parent565e24c4e4710a5b81cce5cfb619b3e474e7f65c (diff)
parentffb4da7ad5c0e9cc969e0e47a3b8f4d2eba4d6f3 (diff)
downloadguix-1c055d72585bd075e20ad0b41942d501d0b38656.tar
guix-1c055d72585bd075e20ad0b41942d501d0b38656.tar.gz
Merge branch 'staging'
Diffstat (limited to 'gnu/packages/patches/bluez-CVE-2017-1000250.patch')
-rw-r--r--gnu/packages/patches/bluez-CVE-2017-1000250.patch42
1 files changed, 0 insertions, 42 deletions
diff --git a/gnu/packages/patches/bluez-CVE-2017-1000250.patch b/gnu/packages/patches/bluez-CVE-2017-1000250.patch
deleted file mode 100644
index 81f209d7b2..0000000000
--- a/gnu/packages/patches/bluez-CVE-2017-1000250.patch
+++ /dev/null
@@ -1,42 +0,0 @@
-Description: CVE-2017-1000250: information disclosure vulnerability in service_search_attr_req
-Origin: vendor
-Bug-Debian: https://bugs.debian.org/875633
-Bug-RedHat: https://bugzilla.redhat.com/show_bug.cgi?id=1489446
-Bug-SuSE: https://bugzilla.suse.com/show_bug.cgi?id=1057342
-Forwarded: no
-Author: Armis Security <security@armis.com>
-Reviewed-by: Salvatore Bonaccorso <carnil@debian.org>
-Last-Update: 2017-09-13
-
---- a/src/sdpd-request.c
-+++ b/src/sdpd-request.c
-@@ -918,15 +918,20 @@ static int service_search_attr_req(sdp_r
- /* continuation State exists -> get from cache */
- sdp_buf_t *pCache = sdp_get_cached_rsp(cstate);
- if (pCache) {
-- uint16_t sent = MIN(max, pCache->data_size - cstate->cStateValue.maxBytesSent);
-- pResponse = pCache->data;
-- memcpy(buf->data, pResponse + cstate->cStateValue.maxBytesSent, sent);
-- buf->data_size += sent;
-- cstate->cStateValue.maxBytesSent += sent;
-- if (cstate->cStateValue.maxBytesSent == pCache->data_size)
-- cstate_size = sdp_set_cstate_pdu(buf, NULL);
-- else
-- cstate_size = sdp_set_cstate_pdu(buf, cstate);
-+ if (cstate->cStateValue.maxBytesSent >= pCache->data_size) {
-+ status = SDP_INVALID_CSTATE;
-+ SDPDBG("Got bad cstate with invalid size");
-+ } else {
-+ uint16_t sent = MIN(max, pCache->data_size - cstate->cStateValue.maxBytesSent);
-+ pResponse = pCache->data;
-+ memcpy(buf->data, pResponse + cstate->cStateValue.maxBytesSent, sent);
-+ buf->data_size += sent;
-+ cstate->cStateValue.maxBytesSent += sent;
-+ if (cstate->cStateValue.maxBytesSent == pCache->data_size)
-+ cstate_size = sdp_set_cstate_pdu(buf, NULL);
-+ else
-+ cstate_size = sdp_set_cstate_pdu(buf, cstate);
-+ }
- } else {
- status = SDP_INVALID_CSTATE;
- SDPDBG("Non-null continuation state, but null cache buffer");