rpms/bluez
6
0
Fork 0
Code Issues Pull Requests Releases Activity

- Fix a possible crasher

Browse Source
This commit is contained in:
Bastien Nocera 2009-03-24 12:09:57 +00:00
parent 1dfdedd4de
commit effb9d5bf9
2 changed files with 53 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

46
0001-Fix-invalid-memory-access-when-dealing-with-URLs.patch Normal file
View File

@ -0,0 +1,46 @@
From 48ca11b62344c1af17e16ddec0fad727042a4b03 Mon Sep 17 00:00:00 2001
From: Bastien Nocera <hadess@hadess.net>
Date: Tue, 24 Mar 2009 11:46:18 +0000
Subject: [PATCH] Fix invalid memory access when dealing with URLs
Just like strings attributes, URLs might not be NUL-terminated.
Make sure we don't read past the end of the allocated memory when
copying them.
---
common/sdp-xml.c | 9 ++++++++-
1 files changed, 8 insertions(+), 1 deletions(-)
diff --git a/common/sdp-xml.c b/common/sdp-xml.c
index 608de76..0460f35 100644
--- a/common/sdp-xml.c
+++ b/common/sdp-xml.c
@@ -25,6 +25,7 @@
#include <config.h>
#endif
+#define _GNU_SOURCE
#include <stdio.h>
#include <errno.h>
#include <ctype.h>
@@ -323,11 +324,17 @@ static void convert_raw_data_to_xml(sdp_data_t *value, int indent_level,
case SDP_URL_STR8:
case SDP_URL_STR16:
case SDP_URL_STR32:
+ {
+ char *strBuf;
+
appender(data, indent);
appender(data, "<url value=\"");
- appender(data, value->val.str);
+ strBuf = strndup(value->val.str, value->unitSize);
+ appender(data, strBuf);
+ free(strBuf);
appender(data, "\" />\n");
break;
+ }
case SDP_SEQ8:
case SDP_SEQ16:
--
1.6.0.6

8
bluez.spec
View File

@ -1,7 +1,7 @@
Summary: Bluetooth utilities Summary: Bluetooth utilities
Name: bluez Name: bluez
Version: 4.33 Version: 4.33
Release: 10%{?dist} Release: 11%{?dist}
License: GPLv2+ License: GPLv2+
Group: Applications/System Group: Applications/System
Source: http://www.kernel.org/pub/linux/bluetooth/%{name}-%{version}.tar.gz Source: http://www.kernel.org/pub/linux/bluetooth/%{name}-%{version}.tar.gz
@ -14,6 +14,8 @@ Patch1: bluez-utils-oui-usage.patch
Patch2: bluez-try-utf8-harder.patch Patch2: bluez-try-utf8-harder.patch
# http://thread.gmane.org/gmane.linux.bluez.kernel/1754 # http://thread.gmane.org/gmane.linux.bluez.kernel/1754
Patch3: bluez-activate-wacom-mode2.patch Patch3: bluez-activate-wacom-mode2.patch
# http://thread.gmane.org/gmane.linux.bluez.kernel/1783/focus=1784
Patch4: 0001-Fix-invalid-memory-access-when-dealing-with-URLs.patch
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root
URL: http://www.bluez.org/ URL: http://www.bluez.org/
@ -102,6 +104,7 @@ use in Bluetooth applications.
%patch1 -p0 -b .oui %patch1 -p0 -b .oui
%patch2 -p1 -b .non-utf8-name %patch2 -p1 -b .non-utf8-name
%patch3 -p1 -b .wacom %patch3 -p1 -b .wacom
%patch4 -p1 -b .urls
%build %build
%configure --enable-cups --enable-hid2hci --enable-dfutool --enable-tools --enable-bccmd --enable-gstreamer --enable-hidd --enable-pand --enable-dund %configure --enable-cups --enable-hid2hci --enable-dfutool --enable-tools --enable-bccmd --enable-gstreamer --enable-hidd --enable-pand --enable-dund
@ -194,6 +197,9 @@ fi
%{_libdir}/alsa-lib/*.so %{_libdir}/alsa-lib/*.so
%changelog %changelog
* Tue Mar 24 2009 - Bastien Nocera <bnocera@redhat.com> - 4.34-11
- Fix a possible crasher
* Mon Mar 16 2009 - Bastien Nocera <bnocera@redhat.com> - 4.33-1 * Mon Mar 16 2009 - Bastien Nocera <bnocera@redhat.com> - 4.33-1
- Update to 4.33 - Update to 4.33