futurile/guix-play
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

gnu: bluez: Remove leftover patch.

Browse Source 
This is a follow-up to commit 164fccea7e.

* gnu/packages/patches/bluez-CVE-2017-1000250.patch: Delete file.
* gnu/local.mk (dist_patch_DATA): Remove it.
This commit is contained in:
Marius Bakke 2017-09-20 20:50:00 +02:00
parent 3d695e6ae4
commit a9bd50e352
No known key found for this signature in database
GPG Key ID: A2A06DF2A33A54FA
2 changed files with 0 additions and 43 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
gnu/local.mk
View File

@ -538,7 +538,6 @@ dist_patch_DATA = \
%D%/packages/patches/binutils-ld-new-dtags.patch \
%D%/packages/patches/binutils-loongson-workaround.patch \
%D%/packages/patches/blast+-fix-makefile.patch \
%D%/packages/patches/bluez-CVE-2017-1000250.patch \
%D%/packages/patches/byobu-writable-status.patch \
%D%/packages/patches/cairo-CVE-2016-9082.patch \
%D%/packages/patches/calibre-no-updates-dialog.patch \

42
gnu/packages/patches/bluez-CVE-2017-1000250.patch
View File

@ -1,42 +0,0 @@
Description: CVE-2017-1000250: information disclosure vulnerability in service_search_attr_req
Origin: vendor
Bug-Debian: https://bugs.debian.org/875633
Bug-RedHat: https://bugzilla.redhat.com/show_bug.cgi?id=1489446
Bug-SuSE: https://bugzilla.suse.com/show_bug.cgi?id=1057342
Forwarded: no
Author: Armis Security <security@armis.com>
Reviewed-by: Salvatore Bonaccorso <carnil@debian.org>
Last-Update: 2017-09-13
--- a/src/sdpd-request.c
+++ b/src/sdpd-request.c
@@ -918,15 +918,20 @@ static int service_search_attr_req(sdp_r
/* continuation State exists -> get from cache */
sdp_buf_t *pCache = sdp_get_cached_rsp(cstate);
if (pCache) {
- uint16_t sent = MIN(max, pCache->data_size - cstate->cStateValue.maxBytesSent);
- pResponse = pCache->data;
- memcpy(buf->data, pResponse + cstate->cStateValue.maxBytesSent, sent);
- buf->data_size += sent;
- cstate->cStateValue.maxBytesSent += sent;
- if (cstate->cStateValue.maxBytesSent == pCache->data_size)
- cstate_size = sdp_set_cstate_pdu(buf, NULL);
- else
- cstate_size = sdp_set_cstate_pdu(buf, cstate);
+ if (cstate->cStateValue.maxBytesSent >= pCache->data_size) {
+ status = SDP_INVALID_CSTATE;
+ SDPDBG("Got bad cstate with invalid size");
+ } else {
+ uint16_t sent = MIN(max, pCache->data_size - cstate->cStateValue.maxBytesSent);
+ pResponse = pCache->data;
+ memcpy(buf->data, pResponse + cstate->cStateValue.maxBytesSent, sent);
+ buf->data_size += sent;
+ cstate->cStateValue.maxBytesSent += sent;
+ if (cstate->cStateValue.maxBytesSent == pCache->data_size)
+ cstate_size = sdp_set_cstate_pdu(buf, NULL);
+ else
+ cstate_size = sdp_set_cstate_pdu(buf, cstate);
+ }
} else {
status = SDP_INVALID_CSTATE;
SDPDBG("Non-null continuation state, but null cache buffer");