snappy-hwe-snaps

Merge ~kzapalowicz/snappy-hwe-snaps/+git/bluez:fix/cve-blueborne into ~snappy-hwe-team/snappy-hwe-snaps/+git/bluez:bluez/5.44

  1. Git
  2. lp:~kzapalowicz/snappy-hwe-snaps/+git/bluez
  3. fix/cve-blueborne
  4. Merge into bluez/5.44
Proposed by Konrad Zapałowicz
Status: Merged
Approved by: Simon Fels
Approved revision: bcf7b1d88537efed65728fcf9a0429b9949b5800
Merged at revision: d0561cbdc3dd0d711c67c05d8383d6fb5147cf91
Proposed branch: ~kzapalowicz/snappy-hwe-snaps/+git/bluez:fix/cve-blueborne
Merge into: ~snappy-hwe-team/snappy-hwe-snaps/+git/bluez:bluez/5.44
Diff against target: 34 lines (+14/-9)
1 file modified
src/sdpd-request.c (+14/-9)
Reviewer Review Type Date Requested Status
System Enablement Bot continuous-integration Approve
Simon Fels Approve
Review via email: mp+330677@code.launchpad.net

Description of the change

Fix CVE-2017-1000250

More details: https://www.armis.com/blueborne/, patch based on https://launchpadlibrarian.net/336654263/bluez_5.37-0ubuntu5_5.37-0ubuntu5.1.diff.gz

To post a comment you must log in.
Revision history for this message
Simon Fels (morphis) wrote :

LGTM

review: Approve
Revision history for this message
System Enablement Bot (system-enablement-ci-bot) wrote :

PASSED: Continuous integration, rev:bcf7b1d88537efed65728fcf9a0429b9949b5800
https://jenkins.canonical.com/system-enablement/job/generic-build-snap/1948/
Executed test runs:
    SUCCESS: https://jenkins.canonical.com/system-enablement/job/generic-build-snap-worker/3431
    None: https://jenkins.canonical.com/system-enablement/job/generic-update-snap-mp/1857/console
    SUCCESS: https://jenkins.canonical.com/system-enablement/job/generic-test-snap/3688

Click here to trigger a rebuild:
https://jenkins.canonical.com/system-enablement/job/generic-build-snap/1948/rebuild

review: Approve (continuous-integration)

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
diff --git a/src/sdpd-request.c b/src/sdpd-request.c
index 1eefdce..ddeea7f 100644
--- a/src/sdpd-request.c
+++ b/src/sdpd-request.c
@@ -918,15 +918,20 @@ static int service_search_attr_req(sdp_req_t *req, sdp_buf_t *buf)
918 /* continuation State exists -> get from cache */918 /* continuation State exists -> get from cache */
919 sdp_buf_t *pCache = sdp_get_cached_rsp(cstate);919 sdp_buf_t *pCache = sdp_get_cached_rsp(cstate);
920 if (pCache) {920 if (pCache) {
921 uint16_t sent = MIN(max, pCache->data_size - cstate->cStateValue.maxBytesSent);921 if (cstate->cStateValue.maxBytesSent >= pCache->data_size) {
922 pResponse = pCache->data;922 status = SDP_INVALID_CSTATE;
923 memcpy(buf->data, pResponse + cstate->cStateValue.maxBytesSent, sent);923 SDPDBG("Got bad cstate with invalid size");
924 buf->data_size += sent;924 } else {
925 cstate->cStateValue.maxBytesSent += sent;925 uint16_t sent = MIN(max, pCache->data_size - cstate->cStateValue.maxBytesSent);
926 if (cstate->cStateValue.maxBytesSent == pCache->data_size)926 pResponse = pCache->data;
927 cstate_size = sdp_set_cstate_pdu(buf, NULL);927 memcpy(buf->data, pResponse + cstate->cStateValue.maxBytesSent, sent);
928 else928 buf->data_size += sent;
929 cstate_size = sdp_set_cstate_pdu(buf, cstate);929 cstate->cStateValue.maxBytesSent += sent;
930 if (cstate->cStateValue.maxBytesSent == pCache->data_size)
931 cstate_size = sdp_set_cstate_pdu(buf, NULL);
932 else
933 cstate_size = sdp_set_cstate_pdu(buf, cstate);
934 }
930 } else {935 } else {
931 status = SDP_INVALID_CSTATE;936 status = SDP_INVALID_CSTATE;
932 SDPDBG("Non-null continuation state, but null cache buffer");937 SDPDBG("Non-null continuation state, but null cache buffer");

Subscribers

People subscribed via source and target branches