From d75967c7144f802dda929b4024e3109d806bb780 Mon Sep 17 00:00:00 2001
From: Minghe Ren <mingheren@microsoft.com>
Date: Tue, 3 Oct 2023 20:28:15 -0700
Subject: [PATCH] Add patch for Bluez CVE-2022-3563 (#6335)

* add patch for CVE-2022-3563

* add patch

* update typo

---------

Co-authored-by: minghe <rmhsawyer>
---
 SPECS/bluez/CVE-2022-3563.patch | 38 +++++++++++++++++++++++++++++++++
 SPECS/bluez/bluez.spec          |  6 +++++-
 2 files changed, 43 insertions(+), 1 deletion(-)
 create mode 100644 SPECS/bluez/CVE-2022-3563.patch

diff --git a/SPECS/bluez/CVE-2022-3563.patch b/SPECS/bluez/CVE-2022-3563.patch
new file mode 100644
index 00000000000..1fb0a05c553
--- /dev/null
+++ b/SPECS/bluez/CVE-2022-3563.patch
@@ -0,0 +1,38 @@
+From e3c92f1f786f0b55440bd908b55894d0c792cf0e Mon Sep 17 00:00:00 2001
+From: Tedd Ho-Jeong An <tedd.an@intel.com>
+Date: Wed, 22 Jun 2022 21:45:20 -0700
+Subject: mgmt-tester: Fix null dereference issue reported by scan-build
+
+This patch fixes the null dereference reported by the scan-build.
+
+tools/mgmt-tester.c:12025:28: warning: Access to field 'cap_len' results
+in a dereference of a null pointer (loaded from variable 'rp')
+[core.NullDereference]
+
+        if (sizeof(rp->cap_len) + rp->cap_len != length) {
+                                  ^~~~~~~~~~~
+---
+ tools/mgmt-tester.c | 2 ++
+ 1 file changed, 2 insertions(+)
+
+diff --git a/tools/mgmt-tester.c b/tools/mgmt-tester.c
+index f45a6c015e..6018327f10 100644
+--- a/tools/mgmt-tester.c
++++ b/tools/mgmt-tester.c
+@@ -12020,12 +12020,14 @@ static void read_50_controller_cap_complete(uint8_t status, uint16_t length,
+ 		tester_warn("Failed to read advertising features: %s (0x%02x)",
+ 						mgmt_errstr(status), status);
+ 		tester_test_failed();
++		return;
+ 	}
+ 
+ 	if (sizeof(rp->cap_len) + rp->cap_len != length) {
+ 		tester_warn("Controller capabilities malformed, size %zu != %u",
+ 				sizeof(rp->cap_len) + rp->cap_len, length);
+ 		tester_test_failed();
++		return;
+ 	}
+ 
+ 	while (offset < rp->cap_len) {
+-- 
+cgit 
diff --git a/SPECS/bluez/bluez.spec b/SPECS/bluez/bluez.spec
index edf7111c869..3b6f7a47d1a 100644
--- a/SPECS/bluez/bluez.spec
+++ b/SPECS/bluez/bluez.spec
@@ -1,7 +1,7 @@
 Summary:        Bluetooth utilities
 Name:           bluez
 Version:        5.63
-Release:        3%{?dist}
+Release:        4%{?dist}
 License:        GPLv2+ AND LGPLv2+
 Vendor:         Microsoft Corporation
 Distribution:   Mariner
@@ -23,6 +23,7 @@ Patch6:         0002-Use-g_memdup2-everywhere.patch
 # Both patches have one rediff necessary to apply to 5.63
 Patch7:         0001-hog-Fix-read-order-of-attributes-rediffed.patch
 Patch8:         0002-hog-Add-input-queue-while-uhid-device-has-not-been-c-rediffed.patch
+Patch9:         CVE-2022-3563.patch
 BuildRequires:  autoconf
 BuildRequires:  automake
 # For printing
@@ -271,6 +272,9 @@ install emulator/btvirt %{buildroot}/%{_libexecdir}/bluetooth/
 %{_userunitdir}/obex.service
 
 %changelog
+* Mon Oct 02 2023 Minghe Ren <mingheren@microsoft.com> - 5.63-4
+- Add patch for CVE-2022-3563
+
 * Wed Sep 20 2023 Jon Slobodzian <joslobo@microsoft.com> - 5.63-3
 - Recompile with stack-protection fixed gcc version (CVE-2023-4039)