Skip to content

Bluetooth: ipsp: Fix not checking return of build_reply #15004

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Mar 29, 2019
Merged

Bluetooth: ipsp: Fix not checking return of build_reply #15004

merged 1 commit into from
Mar 29, 2019

Conversation

Vudentz
Copy link
Collaborator

@Vudentz Vudentz commented Mar 29, 2019
edited by jhedberg
Loading

net_pkt_sendto uses size_t as parameter for len so the value would be
treat as unsigned which may cause and invalid memory to be read.

Fixes #14950
Fixes #14955

Signed-off-by: Luiz Augusto von Dentz [email protected]

@Vudentz Vudentz requested review from jhedberg and sjanc as code owners March 29, 2019 08:31
@jhedberg
Copy link
Member

@Vudentz is there not a matching GitHub issue for this? AFAIK one was created for all Coverity issues. Please reference it so that it gets automatically closed once this PR is merged.

@jhedberg jhedberg added bug The issue is a bug, or the PR is fixing a bug area: Bluetooth Coverity A Coverity detected issue or its fix labels Mar 29, 2019
@jhedberg jhedberg added this to the v1.14.0 milestone Mar 29, 2019
@Vudentz
Copy link
Collaborator Author

Vudentz commented Mar 29, 2019

@Vudentz is there not a matching GitHub issue for this? AFAIK one was created for all Coverity issues. Please reference it so that it gets automatically closed once this PR is merged.

I probably miss that then, will take a look.

@Vudentz
Copy link
Collaborator Author

Vudentz commented Mar 29, 2019

@jhedberg updated with issue number.

@jhedberg
Copy link
Member

@jhedberg updated with issue number.

@Vudentz thanks. There also seems to be a similar issue with tcp_received (issue #14955). Are you planning to submit a separate PR for that? I guess it could be fixed in the context of this PR as well.

@Vudentz
Copy link
Collaborator Author

Vudentz commented Mar 29, 2019

@jhedberg updated with issue number.

@Vudentz thanks. There also seems to be a similar issue with tcp_received (issue #14955). Are you planning to submit a separate PR for that? I guess it could be fixed in the context of this PR as well.

Right, I will fix that as well.

@Vudentz
Bluetooth: ipsp: Fix not checking return of build_reply
9012799 
net_pkt_sendto uses size_t as parameter for len so the value would be
treat as unsigned which may cause and invalid memory to be read.

Fixes zephyrproject-rtos#14950 zephyrproject-rtos#14955

Signed-off-by: Luiz Augusto von Dentz <[email protected]>
@jhedberg jhedberg requested a review from tbursztyka March 29, 2019 09:06
@codecov-io
Copy link

Codecov Report

Merging #15004 into master will not change coverage.
The diff coverage is n/a.

Impacted file tree graph

@@           Coverage Diff           @@
##           master   #15004   +/-   ##
=======================================
  Coverage   52.92%   52.92%           
=======================================
  Files         309      309           
  Lines       45268    45268           
  Branches    10451    10451           
=======================================
  Hits        23956    23956           
  Misses      16544    16544           
  Partials     4768     4768

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 9e81cbe...9012799. Read the comment docs.

@jhedberg jhedberg merged commit 58baad7 into zephyrproject-rtos:master Mar 29, 2019
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jhedberg jhedberg jhedberg approved these changes

@tbursztyka tbursztyka tbursztyka approved these changes

@sjanc sjanc Awaiting requested review from sjanc

Assignees
No one assigned
Labels
area: Bluetooth bug The issue is a bug, or the PR is fixing a bug Coverity A Coverity detected issue or its fix
Projects
None yet
Milestone
v1.14.0
Development

Successfully merging this pull request may close these issues.
4 participants
@Vudentz @jhedberg @codecov-io @tbursztyka