diff options
Diffstat (limited to 'meta/recipes-connectivity/bluez5/bluez5/CVE-2020-0556-1.patch')
-rw-r--r-- | meta/recipes-connectivity/bluez5/bluez5/CVE-2020-0556-1.patch | 35 |
1 files changed, 35 insertions, 0 deletions
diff --git a/meta/recipes-connectivity/bluez5/bluez5/CVE-2020-0556-1.patch b/meta/recipes-connectivity/bluez5/bluez5/CVE-2020-0556-1.patch new file mode 100644 index 0000000000..a6bf31e14b --- /dev/null +++ b/meta/recipes-connectivity/bluez5/bluez5/CVE-2020-0556-1.patch | |||
@@ -0,0 +1,35 @@ | |||
1 | From 8cdbd3b09f29da29374e2f83369df24228da0ad1 Mon Sep 17 00:00:00 2001 | ||
2 | From: Alain Michaud <alainm@chromium.org> | ||
3 | Date: Tue, 10 Mar 2020 02:35:16 +0000 | ||
4 | Subject: [PATCH 1/2] HOGP must only accept data from bonded devices. | ||
5 | |||
6 | HOGP 1.0 Section 6.1 establishes that the HOGP must require bonding. | ||
7 | |||
8 | Reference: | ||
9 | https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00352.htm | ||
10 | |||
11 | Upstream-Status: Backport [https://git.kernel.org/pub/scm/bluetooth/bluez.git/commit/?id=8cdbd3b09f29da29374e2f83369df24228da0ad1] | ||
12 | Signed-off-by: Anuj Mittal <anuj.mittal@intel.com> | ||
13 | CVE: CVE-2020-0556 | ||
14 | --- | ||
15 | profiles/input/hog.c | 4 ++++ | ||
16 | 1 file changed, 4 insertions(+) | ||
17 | |||
18 | diff --git a/profiles/input/hog.c b/profiles/input/hog.c | ||
19 | index 83c017dcb..dfac68921 100644 | ||
20 | --- a/profiles/input/hog.c | ||
21 | +++ b/profiles/input/hog.c | ||
22 | @@ -186,6 +186,10 @@ static int hog_accept(struct btd_service *service) | ||
23 | return -EINVAL; | ||
24 | } | ||
25 | |||
26 | + /* HOGP 1.0 Section 6.1 requires bonding */ | ||
27 | + if (!device_is_bonded(device, btd_device_get_bdaddr_type(device))) | ||
28 | + return -ECONNREFUSED; | ||
29 | + | ||
30 | /* TODO: Replace GAttrib with bt_gatt_client */ | ||
31 | bt_hog_attach(dev->hog, attrib); | ||
32 | |||
33 | -- | ||
34 | 2.24.1 | ||
35 | |||