@@ -54,6 +54,7 @@ SRC_URI = "${KERNELORG_MIRROR}/linux/bluetooth/bluez-${PV}.tar.xz \
file://0001-tests-add-a-target-for-building-tests-without-runnin.patch \
file://0001-test-gatt-Fix-hung-issue.patch \
file://CVE-2022-3637.patch \
+ file://CVE-2022-3563.patch \
"
S = "${WORKDIR}/bluez-${PV}"
new file mode 100644
@@ -0,0 +1,44 @@
+From 5e22473411bbd673b588d9f3d9d130199be13b4b Mon Sep 17 00:00:00 2001
+From: Hitendra Prajapati <hprajapati@mvista.com>
+Date: Fri, 4 Nov 2022 17:09:57 +0530
+Subject: [PATCH] CVE-2022-3563
+
+Upstream-Status: Backport [https://git.kernel.org/pub/scm/bluetooth/bluez.git/commit/?id=e3c92f1f786f0b55440bd908b55894d0c792cf0e]
+CVE: CVE-2022-3563
+Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
+
+mgmt-tester: Fix null dereference issue reported by scan-build
+This patch fixes the null dereference reported by the scan-build.
+
+tools/mgmt-tester.c:12025:28: warning: Access to field 'cap_len' results
+in a dereference of a null pointer (loaded from variable 'rp')
+[core.NullDereference]
+
+ if (sizeof(rp->cap_len) + rp->cap_len != length) {
+ ^~~~~~~~~~~
+---
+ tools/mgmt-tester.c | 2 ++
+ 1 file changed, 2 insertions(+)
+
+diff --git a/tools/mgmt-tester.c b/tools/mgmt-tester.c
+index e5319d1..b15ed5e 100644
+--- a/tools/mgmt-tester.c
++++ b/tools/mgmt-tester.c
+@@ -11960,12 +11960,14 @@ static void read_50_controller_cap_complete(uint8_t status, uint16_t length,
+ tester_warn("Failed to read advertising features: %s (0x%02x)",
+ mgmt_errstr(status), status);
+ tester_test_failed();
++ return;
+ }
+
+ if (sizeof(rp->cap_len) + rp->cap_len != length) {
+ tester_warn("Controller capabilities malformed, size %zu != %u",
+ sizeof(rp->cap_len) + rp->cap_len, length);
+ tester_test_failed();
++ return;
+ }
+
+ while (offset < rp->cap_len) {
+--
+2.25.1
+
Upstream-Status: Backport from https://git.kernel.org/pub/scm/bluetooth/bluez.git/commit/?id=e3c92f1f786f0b55440bd908b55894d0c792cf0e Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com> --- meta/recipes-connectivity/bluez5/bluez5.inc | 1 + .../bluez5/bluez5/CVE-2022-3563.patch | 44 +++++++++++++++++++ 2 files changed, 45 insertions(+) create mode 100644 meta/recipes-connectivity/bluez5/bluez5/CVE-2022-3563.patch