lib: Fix invalid memory access in sdp_service_search_attr_req Browsing services using sdptool can lead to writing to invalid heap locations. valgrind's output of exemplary call: sdptool browse local ==2203== HEAP SUMMARY: ==2203== in use at exit: 0 bytes in 0 blocks ==2203== total heap usage: 251 allocs, 251 frees, 140,156 bytes allocated ==2203== ==2203== All heap blocks were freed -- no leaks are possible ==2203== ==2203== ERROR SUMMARY: 6 errors from 2 contexts (suppressed: 0 from 0) ==2203== ==2203== 1 errors in context 1 of 2: ==2203== Invalid write of size 2 ==2203== at 0x805B882: bt_put_be16 (in /home/xpu/gits/bluez.bin/bin/sdptool) ==2203== by 0x8062BD0: sdp_service_search_attr_req (in /home/xpu/gits/bluez.bin/bin/sdptool) ==2203== by 0x8052457: do_search (in /home/xpu/gits/bluez.bin/bin/sdptool) ==2203== by 0x80525AE: do_search (in /home/xpu/gits/bluez.bin/bin/sdptool) ==2203== by 0x805277F: cmd_browse (in /home/xpu/gits/bluez.bin/bin/sdptool) ==2203== by 0x8053199: main (in /home/xpu/gits/bluez.bin/bin/sdptool) ==2203== Address 0x4391359 is 7 bytes before a block of size 2,048 alloc'd ==2203== at 0x402B6A8: malloc (in /usr/lib/valgrind/vgpreload_memcheck-x86-linux.so) ==2203== by 0x8062B4B: sdp_service_search_attr_req (in /home/xpu/gits/bluez.bin/bin/sdptool) ==2203== by 0x8052457: do_search (in /home/xpu/gits/bluez.bin/bin/sdptool) ==2203== by 0x80525AE: do_search (in /home/xpu/gits/bluez.bin/bin/sdptool) ==2203== by 0x805277F: cmd_browse (in /home/xpu/gits/bluez.bin/bin/sdptool) ==2203== by 0x8053199: main (in /home/xpu/gits/bluez.bin/bin/sdptool) ==2203== ==2203== ==2203== 5 errors in context 2 of 2: ==2203== Invalid write of size 1 ==2203== at 0x402D363: memcpy (in /usr/lib/valgrind/vgpreload_memcheck-x86-linux.so) ==2203== by 0x80613E7: gen_dataseq_pdu (in /home/xpu/gits/bluez.bin/bin/sdptool) ==2203== by 0x8061472: gen_attridseq_pdu (in /home/xpu/gits/bluez.bin/bin/sdptool) ==2203== by 0x8062C00: sdp_service_search_attr_req (in /home/xpu/gits/bluez.bin/bin/sdptool) ==2203== by 0x8052457: do_search (in /home/xpu/gits/bluez.bin/bin/sdptool) ==2203== by 0x80525AE: do_search (in /home/xpu/gits/bluez.bin/bin/sdptool) ==2203== by 0x805277F: cmd_browse (in /home/xpu/gits/bluez.bin/bin/sdptool) ==2203== by 0x8053199: main (in /home/xpu/gits/bluez.bin/bin/sdptool) ==2203== Address 0x439135b is 5 bytes before a block of size 2,048 alloc'd ==2203== at 0x402B6A8: malloc (in /usr/lib/valgrind/vgpreload_memcheck-x86-linux.so) ==2203== by 0x8062B4B: sdp_service_search_attr_req (in /home/xpu/gits/bluez.bin/bin/sdptool) ==2203== by 0x8052457: do_search (in /home/xpu/gits/bluez.bin/bin/sdptool) ==2203== by 0x80525AE: do_search (in /home/xpu/gits/bluez.bin/bin/sdptool) ==2203== by 0x805277F: cmd_browse (in /home/xpu/gits/bluez.bin/bin/sdptool) ==2203== by 0x8053199: main (in /home/xpu/gits/bluez.bin/bin/sdptool) ==2203== ==2203== ERROR SUMMARY: 6 errors from 2 contexts (suppressed: 0 from 0)

Diffstat

1 files changed, 5 insertions(+), 0 deletions(-)