[BlueZ,0/7] v2 Fix bugs found by SVACE static analisys tool

Message ID	20220401102757.3960551-1-i.kamaletdinov@omp.ru (mailing list archive)
Headers	show Return-Path: <linux-bluetooth-owner@kernel.org> From: Ildar Kamaletdinov <i.kamaletdinov@omp.ru> To: <linux-bluetooth@vger.kernel.org> CC: Ildar Kamaletdinov <i.kamaletdinov@omp.ru> Subject: [PATCH BlueZ 0/7] v2 Fix bugs found by SVACE static analisys tool Date: Fri, 1 Apr 2022 13:27:50 +0300 Message-ID: <20220401102757.3960551-1-i.kamaletdinov@omp.ru> MIME-Version: 1.0 Content-Transfer-Encoding: 7BIT Content-Type: text/plain; charset=US-ASCII Precedence: bulk
Series	v2 Fix bugs found by SVACE static analisys tool \| expand [BlueZ,0/7] v2 Fix bugs found by SVACE static analisys tool [BlueZ,1/7] monitor: Fix out-of-bound read in print_le_states [BlueZ,2/7] tools: Fix buffer overflow in hciattach_tialt.c [BlueZ,3/7] tools: Fix signed integer overflow in btsnoop.c [BlueZ,4/7] tools: Prevent infinity loops in bluemoon.c [BlueZ,5/7] tools: Limit width of fields in sscanf [BlueZ,6/7] device: Limit width of fields in sscanf [BlueZ,7/7] gatt: Fix double free and freed memory dereference

Message ID

20220401102757.3960551-1-i.kamaletdinov@omp.ru (mailing list archive)

Headers

From: Ildar Kamaletdinov <i.kamaletdinov@omp.ru>
To: <linux-bluetooth@vger.kernel.org>
CC: Ildar Kamaletdinov <i.kamaletdinov@omp.ru>
Subject: [PATCH BlueZ 0/7] v2 Fix bugs found by SVACE static analisys tool
Date: Fri, 1 Apr 2022 13:27:50 +0300
Message-ID: <20220401102757.3960551-1-i.kamaletdinov@omp.ru>
MIME-Version: 1.0
Content-Transfer-Encoding: 7BIT
Content-Type: text/plain; charset=US-ASCII
Precedence: bulk

Series

v2 Fix bugs found by SVACE static analisys tool | expand

Message

Ildar Kamaletdinov April 1, 2022, 10:27 a.m. UTC

This patch set includes few fixes that was found by Linux Verification Center
(linuxtesting.org) with the SVACE static analysis tool.

I have manually filtered out non-relevant and false positive problems and only
procedeed with bugs that currently lead to some errors/vulnerabilities or may
lead to them in some specific conditions.

Changelog:
v2 some minor style fixes after CI check.
v1 initial version.

Ildar Kamaletdinov (7):
  monitor: Fix out-of-bound read in print_le_states
  tools: Fix buffer overflow in hciattach_tialt.c
  tools: Fix signed integer overflow in btsnoop.c
  tools: Prevent infinity loops in bluemoon.c
  tools: Limit width of fields in sscanf
  device: Limit width of fields in sscanf
  gatt: Fix double free and freed memory dereference

 monitor/packet.c        |  5 +++--
 src/device.c            | 14 +++++++-------
 src/gatt-database.c     |  4 ++++
 tools/bluemoon.c        | 13 +++++++++++++
 tools/btmgmt.c          |  2 +-
 tools/btsnoop.c         |  2 +-
 tools/hciattach_tialt.c |  3 ++-
 tools/hex2hcd.c         |  2 +-
 8 files changed, 32 insertions(+), 13 deletions(-)

Comments

patchwork-bot+bluetooth@kernel.org April 4, 2022, 5:14 p.m. UTC | #1

Hello:

This series was applied to bluetooth/bluez.git (master)
by Luiz Augusto von Dentz <luiz.von.dentz@intel.com>:

On Fri, 1 Apr 2022 13:27:50 +0300 you wrote:
> This patch set includes few fixes that was found by Linux Verification Center
> (linuxtesting.org) with the SVACE static analysis tool.
> 
> I have manually filtered out non-relevant and false positive problems and only
> procedeed with bugs that currently lead to some errors/vulnerabilities or may
> lead to them in some specific conditions.
> 
> [...]

Here is the summary with links:
  - [BlueZ,1/7] monitor: Fix out-of-bound read in print_le_states
    (no matching commit)
  - [BlueZ,2/7] tools: Fix buffer overflow in hciattach_tialt.c
    https://git.kernel.org/pub/scm/bluetooth/bluez.git/?id=d328abaa1715
  - [BlueZ,3/7] tools: Fix signed integer overflow in btsnoop.c
    https://git.kernel.org/pub/scm/bluetooth/bluez.git/?id=497a0b220dbd
  - [BlueZ,4/7] tools: Prevent infinity loops in bluemoon.c
    (no matching commit)
  - [BlueZ,5/7] tools: Limit width of fields in sscanf
    https://git.kernel.org/pub/scm/bluetooth/bluez.git/?id=1e664b9838cd
  - [BlueZ,6/7] device: Limit width of fields in sscanf
    https://git.kernel.org/pub/scm/bluetooth/bluez.git/?id=4afbef7790ce
  - [BlueZ,7/7] gatt: Fix double free and freed memory dereference
    https://git.kernel.org/pub/scm/bluetooth/bluez.git/?id=3627eddea130

You are awesome, thank you!