* [kirkstone][PATCH] bluez: CVE-2022-3637 A DoS exists in monitor/jlink.c
@ 2022-11-07 5:30 Hitendra Prajapati
2023-01-18 4:36 ` Hitendra Prajapati
0 siblings, 1 reply; 3+ messages in thread
From: Hitendra Prajapati @ 2022-11-07 5:30 UTC (permalink / raw)
To: openembedded-core; +Cc: Hitendra Prajapati
Upstream-Status: Backport from https://git.kernel.org/pub/scm/bluetooth/bluez.git/commit/monitor/jlink.c?id=1d6cfb8e625a944010956714c1802bc1e1fc6c4f
Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
---
meta/recipes-connectivity/bluez5/bluez5.inc | 1 +
.../bluez5/bluez5/CVE-2022-3637.patch | 39 +++++++++++++++++++
2 files changed, 40 insertions(+)
create mode 100644 meta/recipes-connectivity/bluez5/bluez5/CVE-2022-3637.patch
diff --git a/meta/recipes-connectivity/bluez5/bluez5.inc b/meta/recipes-connectivity/bluez5/bluez5.inc
index 79d4645ca8..07d36ab74b 100644
--- a/meta/recipes-connectivity/bluez5/bluez5.inc
+++ b/meta/recipes-connectivity/bluez5/bluez5.inc
@@ -53,6 +53,7 @@ SRC_URI = "${KERNELORG_MIRROR}/linux/bluetooth/bluez-${PV}.tar.xz \
${@bb.utils.contains('DISTRO_FEATURES', 'systemd', '', 'file://0001-Allow-using-obexd-without-systemd-in-the-user-sessio.patch', d)} \
file://0001-tests-add-a-target-for-building-tests-without-runnin.patch \
file://0001-test-gatt-Fix-hung-issue.patch \
+ file://CVE-2022-3637.patch \
"
S = "${WORKDIR}/bluez-${PV}"
diff --git a/meta/recipes-connectivity/bluez5/bluez5/CVE-2022-3637.patch b/meta/recipes-connectivity/bluez5/bluez5/CVE-2022-3637.patch
new file mode 100644
index 0000000000..5bd00ddca5
--- /dev/null
+++ b/meta/recipes-connectivity/bluez5/bluez5/CVE-2022-3637.patch
@@ -0,0 +1,39 @@
+From 8b8a8f76b64a72ddc78f9052f80c87c0da72bcc6 Mon Sep 17 00:00:00 2001
+From: Hitendra Prajapati <hprajapati@mvista.com>
+Date: Thu, 3 Nov 2022 11:56:44 +0530
+Subject: [PATCH] CVE-2022-3637
+
+Upstream-Status: Backport [https://git.kernel.org/pub/scm/bluetooth/bluez.git/commit/monitor/jlink.c?id=1d6cfb8e625a944010956714c1802bc1e1fc6c4f]
+CVE: CVE-2022-3637
+Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
+
+monitor: Fix crash when using RTT backend
+
+This fix regression introduced by "monitor: Fix memory leaks".
+J-Link shared library is in use if jlink_init() returns 0 and thus
+handle shall not be closed.
+---
+ monitor/jlink.c | 5 ++++-
+ 1 file changed, 4 insertions(+), 1 deletion(-)
+
+diff --git a/monitor/jlink.c b/monitor/jlink.c
+index 9aaa4eb..f9d4037 100644
+--- a/monitor/jlink.c
++++ b/monitor/jlink.c
+@@ -107,9 +107,12 @@ int jlink_init(void)
+ !jlink.tif_select || !jlink.setspeed ||
+ !jlink.connect || !jlink.getsn ||
+ !jlink.emu_getproductname ||
+- !jlink.rtterminal_control || !jlink.rtterminal_read)
++ !jlink.rtterminal_control || !jlink.rtterminal_read) {
++ dlclose(so);
+ return -EIO;
++ }
+
++ /* don't dlclose(so) here cause symbols from it are in use now */
+ return 0;
+ }
+
+--
+2.25.1
+
--
2.25.1
^ permalink raw reply related [flat|nested] 3+ messages in thread
* Re: [kirkstone][PATCH] bluez: CVE-2022-3637 A DoS exists in monitor/jlink.c
2022-11-07 5:30 [kirkstone][PATCH] bluez: CVE-2022-3637 A DoS exists in monitor/jlink.c Hitendra Prajapati
@ 2023-01-18 4:36 ` Hitendra Prajapati
2023-01-18 8:07 ` Hitendra Prajapati
0 siblings, 1 reply; 3+ messages in thread
From: Hitendra Prajapati @ 2023-01-18 4:36 UTC (permalink / raw)
To: openembedded-core
[-- Attachment #1: Type: text/plain, Size: 31 bytes --]
Hi Team,
Gentle Reminder !
[-- Attachment #2: Type: text/html, Size: 40 bytes --]
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: [kirkstone][PATCH] bluez: CVE-2022-3637 A DoS exists in monitor/jlink.c
2023-01-18 4:36 ` Hitendra Prajapati
@ 2023-01-18 8:07 ` Hitendra Prajapati
0 siblings, 0 replies; 3+ messages in thread
From: Hitendra Prajapati @ 2023-01-18 8:07 UTC (permalink / raw)
To: openembedded-core
[-- Attachment #1: Type: text/plain, Size: 62 bytes --]
Hi Team,
Please ignore previous mail.
Regards,
Hitendra
[-- Attachment #2: Type: text/html, Size: 79 bytes --]
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2023-01-18 8:08 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2022-11-07 5:30 [kirkstone][PATCH] bluez: CVE-2022-3637 A DoS exists in monitor/jlink.c Hitendra Prajapati
2023-01-18 4:36 ` Hitendra Prajapati
2023-01-18 8:07 ` Hitendra Prajapati
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.