bluez: CVE-2022-3637 A DoS exists in monitor/jlink.c

Upstream-Status: Backport from https://git.kernel.org/pub/scm/bluetooth/bluez.git/commit/monitor/jlink.c?id=1d6cfb8e625a944010956714c1802bc1e1fc6c4f (From OE-Core rev: c008c56e9b03f0ce3eccf4c01799ae8e987e5cd5) Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com> Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
author: Hitendra Prajapati <hprajapati@mvista.com> 2022-11-07 11:24:36 +0530
committer: Richard Purdie <richard.purdie@linuxfoundation.org> 2022-11-20 08:19:10 +0000
commit: 21370990c6e081e2d2ba09424203ae97a5a06523 (patch)
tree: 173c7057dfaf689d240aca005176a26989e417f6 /meta
parent: 4ddc26f4e4c71b6981898687e2c2e9ce587d15b3 (diff)
download: poky-21370990c6e081e2d2ba09424203ae97a5a06523.tar.gz
2 files changed, 40 insertions, 0 deletions
diff --git a/meta/recipes-connectivity/bluez5/bluez5.inc b/meta/recipes-connectivity/bluez5/bluez5.inc
index 7ad054b3a7..a71d339928 100644
--- a/meta/recipes-connectivity/bluez5/bluez5.inc
+++ b/meta/recipes-connectivity/bluez5/bluez5.inc
@@ -58,6 +58,7 @@ SRC_URI = "${KERNELORG_MIRROR}/linux/bluetooth/bluez-${PV}.tar.xz \
          file://CVE-2021-3658.patch \
           file://CVE-2022-0204.patch \
           file://CVE-2022-39176.patch \
+           file://CVE-2022-3637.patch \
           "
 S = "${WORKDIR}/bluez-${PV}"
diff --git a/meta/recipes-connectivity/bluez5/bluez5/CVE-2022-3637.patch b/meta/recipes-connectivity/bluez5/bluez5/CVE-2022-3637.patch
new file mode 100644
index 0000000000..4ca60f99d5
--- /dev/null
+++ b/meta/recipes-connectivity/bluez5/bluez5/CVE-2022-3637.patch
@@ -0,0 +1,39 @@
+From b808b2852a0b48c6f9dbb038f932613cea3126c2 Mon Sep 17 00:00:00 2001
+From: Hitendra Prajapati <hprajapati@mvista.com>
+Date: Thu, 27 Oct 2022 09:51:27 +0530
+Subject: [PATCH] CVE-2022-3637
+Upstream-Status: Backport [https://git.kernel.org/pub/scm/bluetooth/bluez.git/commit/monitor/jlink.c?id=1d6cfb8e625a944010956714c1802bc1e1fc6c4f]
+CVE: CVE-2022-3637
+Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
+monitor: Fix crash when using RTT backend
+This fix regression introduced by "monitor: Fix memory leaks".
+J-Link shared library is in use if jlink_init() returns 0 and thus
+handle shall not be closed.
+---
+ monitor/jlink.c | 5 ++++-
+ 1 file changed, 4 insertions(+), 1 deletion(-)
+diff --git a/monitor/jlink.c b/monitor/jlink.c
+index afa9d93..5bd4aed 100644
+--- a/monitor/jlink.c
+++ b/monitor/jlink.c
+@@ -120,9 +120,12 @@ int jlink_init(void)
+                        !jlink.tif_select || !jlink.setspeed ||
+                        !jlink.connect || !jlink.getsn ||
+                        !jlink.emu_getproductname ||
+-                       !jlink.rtterminal_control || !jlink.rtterminal_read)
+                       !jlink.rtterminal_control || !jlink.rtterminal_read) {
+               dlclose(so);
+                return -EIO;
+       }
+ 
+       /* don't dlclose(so) here cause symbols from it are in use now */
+        return 0;
+ }
+ 
+-- 
+2.25.1
author	Hitendra Prajapati <hprajapati@mvista.com>	2022-11-07 11:24:36 +0530
committer	Richard Purdie <richard.purdie@linuxfoundation.org>	2022-11-20 08:19:10 +0000
commit	21370990c6e081e2d2ba09424203ae97a5a06523 (patch)
tree	173c7057dfaf689d240aca005176a26989e417f6 /meta
parent	4ddc26f4e4c71b6981898687e2c2e9ce587d15b3 (diff)
download	poky-21370990c6e081e2d2ba09424203ae97a5a06523.tar.gz

diff --git a/meta/recipes-connectivity/bluez5/bluez5.inc b/meta/recipes-connectivity/bluez5/bluez5.inc index 7ad054b3a7..a71d339928 100644 --- a/meta/recipes-connectivity/bluez5/bluez5.inc +++ b/meta/recipes-connectivity/bluez5/bluez5.inc
@@ -58,6 +58,7 @@ SRC_URI = "${KERNELORG_MIRROR}/linux/bluetooth/bluez-${PV}.tar.xz \
58	file://CVE-2021-3658.patch \	58	file://CVE-2021-3658.patch \
59	file://CVE-2022-0204.patch \	59	file://CVE-2022-0204.patch \
60	file://CVE-2022-39176.patch \	60	file://CVE-2022-39176.patch \
		61	file://CVE-2022-3637.patch \
61	"	62	"
62	S = "${WORKDIR}/bluez-${PV}"	63	S = "${WORKDIR}/bluez-${PV}"
63		64


diff --git a/meta/recipes-connectivity/bluez5/bluez5/CVE-2022-3637.patch b/meta/recipes-connectivity/bluez5/bluez5/CVE-2022-3637.patch new file mode 100644 index 0000000000..4ca60f99d5 --- /dev/null +++ b/meta/recipes-connectivity/bluez5/bluez5/CVE-2022-3637.patch
@@ -0,0 +1,39 @@
		1	From b808b2852a0b48c6f9dbb038f932613cea3126c2 Mon Sep 17 00:00:00 2001
		2	From: Hitendra Prajapati <hprajapati@mvista.com>
		3	Date: Thu, 27 Oct 2022 09:51:27 +0530
		4	Subject: [PATCH] CVE-2022-3637
		5
		6	Upstream-Status: Backport [https://git.kernel.org/pub/scm/bluetooth/bluez.git/commit/monitor/jlink.c?id=1d6cfb8e625a944010956714c1802bc1e1fc6c4f]
		7	CVE: CVE-2022-3637
		8	Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
		9
		10	monitor: Fix crash when using RTT backend
		11
		12	This fix regression introduced by "monitor: Fix memory leaks".
		13	J-Link shared library is in use if jlink_init() returns 0 and thus
		14	handle shall not be closed.
		15	---
		16	monitor/jlink.c \| 5 ++++-
		17	1 file changed, 4 insertions(+), 1 deletion(-)
		18
		19	diff --git a/monitor/jlink.c b/monitor/jlink.c
		20	index afa9d93..5bd4aed 100644
		21	--- a/monitor/jlink.c
		22	+++ b/monitor/jlink.c
		23	@@ -120,9 +120,12 @@ int jlink_init(void)
		24	!jlink.tif_select \|\| !jlink.setspeed \|\|
		25	!jlink.connect \|\| !jlink.getsn \|\|
		26	!jlink.emu_getproductname \|\|
		27	- !jlink.rtterminal_control \|\| !jlink.rtterminal_read)
		28	+ !jlink.rtterminal_control \|\| !jlink.rtterminal_read) {
		29	+ dlclose(so);
		30	return -EIO;
		31	+ }
		32
		33	+ /* don't dlclose(so) here cause symbols from it are in use now */
		34	return 0;
		35	}
		36
		37	--
		38	2.25.1
		39