Blame SOURCES/0012-mesh-gatt-Fix-use_after_free.patch
|
|
67d7dc |
From 5cdaeaefc350ea3c42719284b88406579d032fb6 Mon Sep 17 00:00:00 2001
|
|
|
67d7dc |
From: Gopal Tiwari <gtiwari@redhat.com>
|
|
|
67d7dc |
Date: Tue, 31 May 2022 13:11:17 +0530
|
|
|
67d7dc |
Subject: [PATCH BlueZ 12/12] mesh-gatt: Fix use_after_free
|
|
|
67d7dc |
|
|
|
67d7dc |
Following scenario happens when prov is false and we have double free as
|
|
|
67d7dc |
mentioned in the below
|
|
|
67d7dc |
|
|
|
67d7dc |
bluez-5.64/tools/mesh-gatt/prov-db.c:847: freed_arg: "g_free" frees
|
|
|
67d7dc |
"in_str".
|
|
|
67d7dc |
|
|
|
67d7dc |
bluez-5.64/tools/mesh-gatt/prov-db.c:867: double_free: Calling "g_free"
|
|
|
67d7dc |
frees pointer "in_str" which has already been freed.
|
|
|
67d7dc |
---
|
|
|
67d7dc |
tools/mesh-gatt/prov-db.c | 3 ++-
|
|
|
67d7dc |
1 file changed, 2 insertions(+), 1 deletion(-)
|
|
|
67d7dc |
|
|
|
67d7dc |
diff --git a/tools/mesh-gatt/prov-db.c b/tools/mesh-gatt/prov-db.c
|
|
|
67d7dc |
index 2fb08f799..a5b6997e0 100644
|
|
|
67d7dc |
--- a/tools/mesh-gatt/prov-db.c
|
|
|
67d7dc |
+++ b/tools/mesh-gatt/prov-db.c
|
|
|
67d7dc |
@@ -859,7 +859,8 @@ bool prov_db_local_set_iv_index(uint32_t iv_index, bool update, bool prov)
|
|
|
67d7dc |
|
|
|
67d7dc |
set_local_iv_index(jmain, iv_index, update);
|
|
|
67d7dc |
prov_file_write(jmain, false);
|
|
|
67d7dc |
- }
|
|
|
67d7dc |
+ } else
|
|
|
67d7dc |
+ return true;
|
|
|
67d7dc |
|
|
|
67d7dc |
res = true;
|
|
|
67d7dc |
done:
|
|
|
67d7dc |
--
|
|
|
67d7dc |
2.26.2
|
|
|
67d7dc |
|