[BlueZ] gatt-client: Check length of notify multiple op

Commit Message

Sebastian Urban June 11, 2021, 12:30 p.m. UTC

Check that specfied length of value in received data does not exceed
length of PDU. Otherwise data may be read from beyond the end of the
buffer.
---
 src/shared/gatt-client.c | 3 +++
 1 file changed, 3 insertions(+)

Comments

bluez.test.bot@gmail.com June 11, 2021, 12:53 p.m. UTC | #1

This is automated email and please do not reply to this email!

Dear submitter,

Thank you for submitting the patches to the linux bluetooth mailing list.
This is a CI test results with your patch series:
PW Link:https://patchwork.kernel.org/project/bluetooth/list/?series=498859

---Test result---

Test Summary:
CheckPatch                    PASS      0.62 seconds
GitLint                       PASS      0.14 seconds
Prep - Setup ELL              PASS      47.26 seconds
Build - Prep                  PASS      0.14 seconds
Build - Configure             PASS      8.36 seconds
Build - Make                  PASS      207.71 seconds
Make Check                    PASS      9.15 seconds
Make Distcheck                PASS      243.46 seconds
Build w/ext ELL - Configure   PASS      8.38 seconds
Build w/ext ELL - Make        PASS      195.76 seconds

Details
##############################
Test: CheckPatch - PASS
Desc: Run checkpatch.pl script with rule in .checkpatch.conf

##############################
Test: GitLint - PASS
Desc: Run gitlint with rule in .gitlint

##############################
Test: Prep - Setup ELL - PASS
Desc: Clone, build, and install ELL

##############################
Test: Build - Prep - PASS
Desc: Prepare environment for build

##############################
Test: Build - Configure - PASS
Desc: Configure the BlueZ source tree

##############################
Test: Build - Make - PASS
Desc: Build the BlueZ source tree

##############################
Test: Make Check - PASS
Desc: Run 'make check'

##############################
Test: Make Distcheck - PASS
Desc: Run distcheck to check the distribution

##############################
Test: Build w/ext ELL - Configure - PASS
Desc: Configure BlueZ source with '--enable-external-ell' configuration

##############################
Test: Build w/ext ELL - Make - PASS
Desc: Build BlueZ source with '--enable-external-ell' configuration



---
Regards,
Linux Bluetooth

Sebastian Urban June 16, 2021, 11:22 a.m. UTC | #2

Hi Luiz,

thanks for applying my other two patches.

Has this one been missed or are there still changes required?

Sebastian

> -----Original Message-----
> From: bluez.test.bot@gmail.com <bluez.test.bot@gmail.com>
> Sent: Friday, June 11, 2021 2:53 PM
> To: linux-bluetooth@vger.kernel.org; Sebastian Urban <surban@surban.net>
> Subject: RE: [BlueZ] gatt-client: Check length of notify multiple op
> 
> This is automated email and please do not reply to this email!
> 
> Dear submitter,
> 
> Thank you for submitting the patches to the linux bluetooth mailing list.
> This is a CI test results with your patch series:
> PW Link:https://patchwork.kernel.org/project/bluetooth/list/?series=498859
> 
> ---Test result---
> 
> Test Summary:
> CheckPatch                    PASS      0.62 seconds
> GitLint                       PASS      0.14 seconds
> Prep - Setup ELL              PASS      47.26 seconds
> Build - Prep                  PASS      0.14 seconds
> Build - Configure             PASS      8.36 seconds
> Build - Make                  PASS      207.71 seconds
> Make Check                    PASS      9.15 seconds
> Make Distcheck                PASS      243.46 seconds
> Build w/ext ELL - Configure   PASS      8.38 seconds
> Build w/ext ELL - Make        PASS      195.76 seconds
> 
> Details
> ##############################
> Test: CheckPatch - PASS
> Desc: Run checkpatch.pl script with rule in .checkpatch.conf
> 
> ##############################
> Test: GitLint - PASS
> Desc: Run gitlint with rule in .gitlint
> 
> ##############################
> Test: Prep - Setup ELL - PASS
> Desc: Clone, build, and install ELL
> 
> ##############################
> Test: Build - Prep - PASS
> Desc: Prepare environment for build
> 
> ##############################
> Test: Build - Configure - PASS
> Desc: Configure the BlueZ source tree
> 
> ##############################
> Test: Build - Make - PASS
> Desc: Build the BlueZ source tree
> 
> ##############################
> Test: Make Check - PASS
> Desc: Run 'make check'
> 
> ##############################
> Test: Make Distcheck - PASS
> Desc: Run distcheck to check the distribution
> 
> ##############################
> Test: Build w/ext ELL - Configure - PASS
> Desc: Configure BlueZ source with '--enable-external-ell' configuration
> 
> ##############################
> Test: Build w/ext ELL - Make - PASS
> Desc: Build BlueZ source with '--enable-external-ell' configuration
> 
> 
> 
> ---
> Regards,
> Linux Bluetooth

Luiz Augusto von Dentz June 16, 2021, 5 p.m. UTC | #3

Hi Sebastian,

On Wed, Jun 16, 2021 at 4:25 AM Sebastian Urban <surban@surban.net> wrote:
>
> Hi Luiz,
>
> thanks for applying my other two patches.
>
> Has this one been missed or are there still changes required?
>
> Sebastian
>
> > -----Original Message-----
> > From: bluez.test.bot@gmail.com <bluez.test.bot@gmail.com>
> > Sent: Friday, June 11, 2021 2:53 PM
> > To: linux-bluetooth@vger.kernel.org; Sebastian Urban <surban@surban.net>
> > Subject: RE: [BlueZ] gatt-client: Check length of notify multiple op
> >
> > This is automated email and please do not reply to this email!
> >
> > Dear submitter,
> >
> > Thank you for submitting the patches to the linux bluetooth mailing list.
> > This is a CI test results with your patch series:
> > PW Link:https://patchwork.kernel.org/project/bluetooth/list/?series=498859
> >
> > ---Test result---
> >
> > Test Summary:
> > CheckPatch                    PASS      0.62 seconds
> > GitLint                       PASS      0.14 seconds
> > Prep - Setup ELL              PASS      47.26 seconds
> > Build - Prep                  PASS      0.14 seconds
> > Build - Configure             PASS      8.36 seconds
> > Build - Make                  PASS      207.71 seconds
> > Make Check                    PASS      9.15 seconds
> > Make Distcheck                PASS      243.46 seconds
> > Build w/ext ELL - Configure   PASS      8.38 seconds
> > Build w/ext ELL - Make        PASS      195.76 seconds
> >
> > Details
> > ##############################
> > Test: CheckPatch - PASS
> > Desc: Run checkpatch.pl script with rule in .checkpatch.conf
> >
> > ##############################
> > Test: GitLint - PASS
> > Desc: Run gitlint with rule in .gitlint
> >
> > ##############################
> > Test: Prep - Setup ELL - PASS
> > Desc: Clone, build, and install ELL
> >
> > ##############################
> > Test: Build - Prep - PASS
> > Desc: Prepare environment for build
> >
> > ##############################
> > Test: Build - Configure - PASS
> > Desc: Configure the BlueZ source tree
> >
> > ##############################
> > Test: Build - Make - PASS
> > Desc: Build the BlueZ source tree
> >
> > ##############################
> > Test: Make Check - PASS
> > Desc: Run 'make check'
> >
> > ##############################
> > Test: Make Distcheck - PASS
> > Desc: Run distcheck to check the distribution
> >
> > ##############################
> > Test: Build w/ext ELL - Configure - PASS
> > Desc: Configure BlueZ source with '--enable-external-ell' configuration
> >
> > ##############################
> > Test: Build w/ext ELL - Make - PASS
> > Desc: Build BlueZ source with '--enable-external-ell' configuration
> >
> >
> >
> > ---
> > Regards,
> > Linux Bluetooth

Applied, thanks.

Patch

diff --git a/src/shared/gatt-client.c b/src/shared/gatt-client.c
index 9511ea8ca..094922486 100644
--- a/src/shared/gatt-client.c
+++ b/src/shared/gatt-client.c
@@ -2173,6 +2173,9 @@  static void notify_cb(struct bt_att_chan *chan, uint8_t opcode,
 			length -= 2;
 			pdu += 2;
 
+			if (data.len > length)
+				data.len = length;
+
 			data.data = pdu;
 
 			queue_foreach(client->notify_list, notify_handler,