Skip to content

[Backport v2.7-branch] Bluetooth: Mesh: add check for rx buffer overflow in pb adv #45134

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Jun 20, 2022
Merged

[Backport v2.7-branch] Bluetooth: Mesh: add check for rx buffer overflow in pb adv #45134

merged 1 commit into from
Jun 20, 2022

Conversation

zephyrbot
Copy link

@zephyrbot zephyrbot commented Apr 26, 2022
edited by cfriedt
Loading

Backport 6896075 from #45066

Fixes #46705

@alxelax @github-actions
Bluetooth: Mesh: add check for rx buffer overflow in pb adv
0f32899 
There is potential buffer overflow in pb adv.
If Transaction Continuation PDU comes before
Transaction Start PDU the last segment number is set to 0xff.
The current implementation has a strictly limited buffer size.
It is possible to receive malformed frame with wrong segment
number. All segments with number 2 and above will be stored
in the memory behind Rx buffer.

Signed-off-by: Aleksandr Khromykh <[email protected]>
(cherry picked from commit 6896075)
@PavelVPV PavelVPV requested a review from alxelax April 26, 2022 10:29
@joerchan joerchan requested a review from alwa-nordic April 26, 2022 11:30
@cfriedt
Copy link
Member

cfriedt commented May 24, 2022

@alxelax - can you please create an issue for the backport?

@cfriedt cfriedt merged commit 8c2965e into v2.7-branch Jun 20, 2022
@nashif nashif deleted the backport-45066-to-v2.7-branch branch April 6, 2023 00:52
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@PavelVPV PavelVPV PavelVPV approved these changes

@alxelax alxelax alxelax approved these changes

@jhedberg jhedberg Awaiting requested review from jhedberg jhedberg is a code owner

@trond-snekvik trond-snekvik Awaiting requested review from trond-snekvik

@joerchan joerchan Awaiting requested review from joerchan

@Vudentz Vudentz Awaiting requested review from Vudentz

@alwa-nordic alwa-nordic Awaiting requested review from alwa-nordic

Assignees
No one assigned
Labels
area: Bluetooth Mesh area: Bluetooth
Projects
Backports
Status: Done
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@zephyrbot @cfriedt @PavelVPV @alxelax