File _service:tar_scm:backport-0002-CVE-2022-39177.p... of Package bluez

File _service:tar_scm:backport-0002-CVE-2022-39177.patch of Package bluez

From 0388794dc5fdb73a4ea88bcf148de0a12b4364d4 Mon Sep 17 00:00:00 2001
From: Archie Pusaka <apusaka@chromium.org>
Date: Thu, 17 Jun 2021 08:53:34 +0800
Subject: avdtp: Fix parsing capabilities

This patch fixes size comparison and variable misassignment.

Reviewed-by: Alain Michaud <alainm@chromium.org>
Reviewed-by: Michael Sun <michaelfsun@google.com>
---
 profiles/audio/avdtp.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/profiles/audio/avdtp.c b/profiles/audio/avdtp.c
index c7bf99f42..5d13104c1 100644
--- a/profiles/audio/avdtp.c
+++ b/profiles/audio/avdtp.c
@@ -1323,7 +1323,7 @@ static GSList *caps_to_list(uint8_t *data, size_t size,
 
 		cap = (struct avdtp_service_capability *)data;
 
-		if (sizeof(*cap) + cap->length >= size) {
+		if (sizeof(*cap) + cap->length > size) {
 			error("Invalid capability data in getcap resp");
 			break;
 		}
@@ -1345,7 +1345,7 @@ static GSList *caps_to_list(uint8_t *data, size_t size,
 		switch (cap->category) {
 		case AVDTP_MEDIA_CODEC:
 			if (codec)
-				*codec = cap;
+				*codec = cpy;
 			break;
 		case AVDTP_DELAY_REPORTING:
 			if (delay_reporting)
-- 
cgit