/[gentoo-x86]/net-wireless/bluez/files/bluez-4.101-network1.patch
Gentoo

Contents of /net-wireless/bluez/files/bluez-4.101-network1.patch

Parent Directory Parent Directory | Revision Log Revision Log


Revision 1.2 - (hide annotations) (download)
Sun Feb 9 09:10:28 2014 UTC (7 months, 3 weeks ago) by pacho
Branch: MAIN
CVS Tags: HEAD
Changes since 1.1: +0 -0 lines
FILE REMOVED
Version bump, drop old

(Portage version: 2.2.8-r1/cvs/Linux x86_64, signed Manifest commit with key A188FBD4)

1 pacho 1.1 X-Git-Url: http://git.kernel.org/?p=bluetooth%2Fbluez.git;a=blobdiff_plain;f=profiles%2Fnetwork%2Fserver.c;h=8ae608cdb6e699ad78cd7476e26c60f8883a214f;hp=480c7e2c5f6ab1cc7c494a3bcc37d1a0026a0ce4;hb=2b44cd2fba6e9a8590f30e68db0f6b92e8fcdb94;hpb=04be4fe0c0126f8816d55a7d3a8ff9e6dd27f73f
2    
3     diff --git a/profiles/network/server.c b/profiles/network/server.c
4     index 480c7e2..8ae608c 100644
5     --- a/profiles/network/server.c
6     +++ b/profiles/network/server.c
7     @@ -301,7 +301,10 @@ static uint16_t bnep_setup_chk(uint16_t dst_role, uint16_t src_role)
8     static uint16_t bnep_setup_decode(struct bnep_setup_conn_req *req,
9     uint16_t *dst_role, uint16_t *src_role)
10     {
11     + const uint8_t bt_base[] = { 0x00, 0x00, 0x10, 0x00, 0x80, 0x00,
12     + 0x00, 0x80, 0x5F, 0x9B, 0x34, 0xFB };
13     uint8_t *dest, *source;
14     + uint32_t val;
15    
16     dest = req->service;
17     source = req->service + req->uuid_size;
18     @@ -311,10 +314,27 @@ static uint16_t bnep_setup_decode(struct bnep_setup_conn_req *req,
19     *dst_role = bt_get_be16(dest);
20     *src_role = bt_get_be16(source);
21     break;
22     - case 4: /* UUID32 */
23     case 16: /* UUID128 */
24     - *dst_role = bt_get_be32(dest);
25     - *src_role = bt_get_be32(source);
26     + /* Check that the bytes in the UUID, except the service ID
27     + * itself, are correct. The service ID is checked in
28     + * bnep_setup_chk(). */
29     + if (memcmp(&dest[4], bt_base, sizeof(bt_base)) != 0)
30     + return BNEP_CONN_INVALID_DST;
31     + if (memcmp(&source[4], bt_base, sizeof(bt_base)) != 0)
32     + return BNEP_CONN_INVALID_SRC;
33     +
34     + /* Intentional no-break */
35     +
36     + case 4: /* UUID32 */
37     + val = bt_get_be32(dest);
38     + if (val > 0xffff)
39     + return BNEP_CONN_INVALID_DST;
40     + *dst_role = val;
41     +
42     + val = bt_get_be32(source);
43     + if (val > 0xffff)
44     + return BNEP_CONN_INVALID_SRC;
45     + *src_role = val;
46     break;
47     default:
48     return BNEP_CONN_INVALID_SVC;

  ViewVC Help
Powered by ViewVC 1.1.20