snappy-hwe-snaps

Merge ~kzapalowicz/snappy-hwe-snaps/+git/bluez:feature/fix-blueborne-5.34 into ~snappy-hwe-team/snappy-hwe-snaps/+git/bluez:bluez-5.34

  1. Git
  2. lp:~kzapalowicz/snappy-hwe-snaps/+git/bluez
  3. feature/fix-blueborne-5.34
  4. Merge into bluez-5.34
Proposed by Konrad Zapałowicz
Status: Merged
Approved by: Simon Fels
Approved revision: 7e1fb523fc1c845b0a3f0bfc69ec3e7fd04fda56
Merged at revision: 993f838f8ffa6a72567cc595e927390cf747f315
Proposed branch: ~kzapalowicz/snappy-hwe-snaps/+git/bluez:feature/fix-blueborne-5.34
Merge into: ~snappy-hwe-team/snappy-hwe-snaps/+git/bluez:bluez-5.34
Diff against target: 39 lines (+14/-9)
2 files modified
.ci_tests_disabled (+0/-0)
src/sdpd-request.c (+14/-9)
Reviewer Review Type Date Requested Status
System Enablement Bot continuous-integration Approve
Simon Fels Approve
Alfonso Sanchez-Beato Approve
Review via email: mp+330825@code.launchpad.net

Description of the change

Fix Blueborne CVE-2017-1000250

To post a comment you must log in.
Revision history for this message
Alfonso Sanchez-Beato (alfonsosanchezbeato) wrote :

LGTM

review: Approve
Revision history for this message
System Enablement Bot (system-enablement-ci-bot) wrote :

FAILED: Continuous integration, rev:4d8e9daeb31a0299b071e46519790ccad2e2086c
https://jenkins.canonical.com/system-enablement/job/snappy-hwe-snaps-snap-build/490/
Executed test runs:
    SUCCESS: https://jenkins.canonical.com/system-enablement/job/snappy-hwe-snaps-snap-build-worker/540
    SUCCESS: https://jenkins.canonical.com/system-enablement/job/snappy-hwe-snaps-snap-docs/541
    FAILURE: https://jenkins.canonical.com/system-enablement/job/snappy-hwe-snaps-snap-test/539/console
    None: https://jenkins.canonical.com/system-enablement/job/snappy-hwe-snaps-snap-update-mp/507/console

Click here to trigger a rebuild:
https://jenkins.canonical.com/system-enablement/job/snappy-hwe-snaps-snap-build/490/rebuild

review: Needs Fixing (continuous-integration)
Revision history for this message
Simon Fels (morphis) wrote :

LGTM

review: Approve
Revision history for this message
System Enablement Bot (system-enablement-ci-bot) wrote :

PASSED: Continuous integration, rev:7e1fb523fc1c845b0a3f0bfc69ec3e7fd04fda56
https://jenkins.canonical.com/system-enablement/job/snappy-hwe-snaps-snap-build/491/
Executed test runs:
    SUCCESS: https://jenkins.canonical.com/system-enablement/job/snappy-hwe-snaps-snap-build-worker/541
    SUCCESS: https://jenkins.canonical.com/system-enablement/job/snappy-hwe-snaps-snap-docs/542
    SUCCESS: https://jenkins.canonical.com/system-enablement/job/snappy-hwe-snaps-snap-test/540
    None: https://jenkins.canonical.com/system-enablement/job/snappy-hwe-snaps-snap-update-mp/508/console

Click here to trigger a rebuild:
https://jenkins.canonical.com/system-enablement/job/snappy-hwe-snaps-snap-build/491/rebuild

review: Approve (continuous-integration)

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
1diff --git a/.ci_tests_disabled b/.ci_tests_disabled
2new file mode 100644
3index 0000000..e69de29
4--- /dev/null
5+++ b/.ci_tests_disabled
6diff --git a/src/sdpd-request.c b/src/sdpd-request.c
7index 1eefdce..ddeea7f 100644
8--- a/src/sdpd-request.c
9+++ b/src/sdpd-request.c
10@@ -918,15 +918,20 @@ static int service_search_attr_req(sdp_req_t *req, sdp_buf_t *buf)
11 /* continuation State exists -> get from cache */
12 sdp_buf_t *pCache = sdp_get_cached_rsp(cstate);
13 if (pCache) {
14- uint16_t sent = MIN(max, pCache->data_size - cstate->cStateValue.maxBytesSent);
15- pResponse = pCache->data;
16- memcpy(buf->data, pResponse + cstate->cStateValue.maxBytesSent, sent);
17- buf->data_size += sent;
18- cstate->cStateValue.maxBytesSent += sent;
19- if (cstate->cStateValue.maxBytesSent == pCache->data_size)
20- cstate_size = sdp_set_cstate_pdu(buf, NULL);
21- else
22- cstate_size = sdp_set_cstate_pdu(buf, cstate);
23+ if (cstate->cStateValue.maxBytesSent >= pCache->data_size) {
24+ status = SDP_INVALID_CSTATE;
25+ SDPDBG("Got bad cstate with invalid size");
26+ } else {
27+ uint16_t sent = MIN(max, pCache->data_size - cstate->cStateValue.maxBytesSent);
28+ pResponse = pCache->data;
29+ memcpy(buf->data, pResponse + cstate->cStateValue.maxBytesSent, sent);
30+ buf->data_size += sent;
31+ cstate->cStateValue.maxBytesSent += sent;
32+ if (cstate->cStateValue.maxBytesSent == pCache->data_size)
33+ cstate_size = sdp_set_cstate_pdu(buf, NULL);
34+ else
35+ cstate_size = sdp_set_cstate_pdu(buf, cstate);
36+ }
37 } else {
38 status = SDP_INVALID_CSTATE;
39 SDPDBG("Non-null continuation state, but null cache buffer");

Subscribers

People subscribed via source and target branches