Branch: refs/heads/master Home: https://github.com/bluez/bluez Commit: 2433842ea33bcb80a9c157cbac472efedae8c8d4 https://github.com/bluez/bluez/commit/2433842ea33bcb80a9c157cbac472efedae8c8d4 Author: Bastien Nocera <hadess@xxxxxxxxxx> Date: 2024-07-08 (Mon, 08 Jul 2024) Changed paths: M src/shared/shell.c Log Message: ----------- shared/shell: Fix fd leak if -s is passed multiple times Error: RESOURCE_LEAK (CWE-772): [#def37] [important] src/shared/shell.c:1305:5: open_fn: Returning handle opened by "open". [Note: The source code implementation of the function has been overridden by a user model.] src/shared/shell.c:1305:5: var_assign: Assigning: "data.init_fd" = handle returned from "open(optarg, 0)". src/shared/shell.c:1305:5: overwrite_var: Overwriting handle "data.init_fd" in "data.init_fd = open(optarg, 0)" leaks the handle. 1303| case 's': 1304| if (optarg) 1305|-> data.init_fd = open(optarg, O_RDONLY); 1306| if (data.init_fd < 0) 1307| printf("Unable to open %s: %s (%d)\n", optarg, Commit: 8de21f74c5f309bdb3872293db23b5a0f20ae163 https://github.com/bluez/bluez/commit/8de21f74c5f309bdb3872293db23b5a0f20ae163 Author: Bastien Nocera <hadess@xxxxxxxxxx> Date: 2024-07-08 (Mon, 08 Jul 2024) Changed paths: M tools/btsnoop.c Log Message: ----------- btsnoop: Fix possible negative memcpy length Error: INTEGER_OVERFLOW (CWE-190): [#def41] [important] tools/btsnoop.c:438:2: tainted_data_return: Called function "read(fd, buf, toread)", and a possible return value may be less than zero. tools/btsnoop.c:438:2: assign: Assigning: "len" = "read(fd, buf, toread)". tools/btsnoop.c:473:4: overflow: The cast of "len - 9L", which is potentially negative, to an unsigned type could result in an overflow. 471| /* next 4 bytes are data len and cid */ 472| current_cid = buf[8] << 8 | buf[7]; 473|-> memcpy(pdu_buf, buf + 9, len - 9); 474| pdu_len = len - 9; 475| } else if (acl_flags & 0x01) { Error: INTEGER_OVERFLOW (CWE-190): [#def42] [important] tools/btsnoop.c:438:2: tainted_data_return: Called function "read(fd, buf, toread)", and a possible return value may be less than zero. tools/btsnoop.c:438:2: assign: Assigning: "len" = "read(fd, buf, toread)". tools/btsnoop.c:476:4: overflow: The cast of "len - 5L", which is potentially negative, to an unsigned type could result in an overflow. 474| pdu_len = len - 9; 475| } else if (acl_flags & 0x01) { 476|-> memcpy(pdu_buf + pdu_len, buf + 5, len - 5); 477| pdu_len += len - 5; 478| } Commit: 0de4b9f71eb9e01ee972755cf3444592706356c7 https://github.com/bluez/bluez/commit/0de4b9f71eb9e01ee972755cf3444592706356c7 Author: Bastien Nocera <hadess@xxxxxxxxxx> Date: 2024-07-08 (Mon, 08 Jul 2024) Changed paths: M lib/sdp.c Log Message: ----------- sdp: Fix possible null dereference
