The aforementioned fixes should be in Ubuntu now, for at least the past
year.
Please confirm and if so we can mark it Fix Released.
** Changed in: bluez (Ubuntu)
Status: New => Incomplete
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to bluez in Ubuntu.
https://bugs.launchpad.net/bugs/1102700
Title:
bluetoothd crash when parsing invalid HIDP SDP record
Status in bluez package in Ubuntu:
Incomplete
Bug description:
If a remote Bluetooth device contains HIDP SDP records in a specific
invalid format, it is possible to crash BlueZ with SIGSEGV due to
invalid memory reads, either by buffer overflow due to improper
strncpy() usage or usage of arbitrary input as pointer.
The several patches that address this problem are already upstream and
are present on the 5.1 release. These are the commits (some are
cosmetic but required to avoid conflicts of next patches):
http://git.kernel.org/?p=bluetooth/bluez.git;a=commit;h=21acf2283cacf0c029f2cea82380f4744a1dbcb5
http://git.kernel.org/?p=bluetooth/bluez.git;a=commit;h=df29632772171d5fd0e71c518fc3753adb11d0c0
http://git.kernel.org/?p=bluetooth/bluez.git;a=commit;h=fce691bd0bd08710ffd379025e894bcffaa5acb6
http://git.kernel.org/?p=bluetooth/bluez.git;a=commit;h=90228fc151bac5f19b2d21c18d51ef90f3b0d1b5
http://git.kernel.org/?p=bluetooth/bluez.git;a=commit;h=0f8aca093099d4fc693adc6270b9b0bd02287017
http://git.kernel.org/?p=bluetooth/bluez.git;a=commit;h=ce376961fb3a667ef35360c222bc3928d4657f4b
http://git.kernel.org/?p=bluetooth/bluez.git;a=commit;h=b41a46ef4c2bd9dc30998c6726ab6232a299c8e8
http://git.kernel.org/?p=bluetooth/bluez.git;a=commit;h=0305cfa11a06dea356f699a46da96f7146210466
http://git.kernel.org/?p=bluetooth/bluez.git;a=commit;h=5ba183dc82b4e8a1b3caa58648d6ac02b9325cb6
http://git.kernel.org/?p=bluetooth/bluez.git;a=commit;h=a35f83e113c1c58dd1c6cf8bda2b1bf99d07a695
A patch backported from the above commits to the current BlueZ version
on 12.04.1 LTS is attached. It was tested only on precise, but should
apply just fine on more recent releases. Let me know you need specific
versions of this patch.
I will also attach a script that reproduces the crash using an
emulated BT dongle. Usage instructions are at
https://github.com/lizardo/bluez-tests/blob/master/README.rst
NOTE: I tried to send a report which includes the crash information
using apport-bug, but it did not seem to create a bug report here
after 2 days.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/bluez/+bug/1102700/+subscriptions
--
Mailing list: https://launchpad.net/~kernel-packages
Post to : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help : https://help.launchpad.net/ListHelp
