All of lore.kernel.org
 help / color / mirror / Atom feed
From: Bastien Nocera <hadess@hadess.net>
To: linux-bluetooth@vger.kernel.org
Subject: obexd broken for absolute paths
Date: Fri, 08 Nov 2013 20:21:40 +0100	[thread overview]
Message-ID: <1383938500.3880.23.camel@nuvo> (raw)

Heya,

I was trying to test gnome-user-share's Bluetooth support for BlueZ 5,
and was quite surprised it didn't work one bit, with transfers failing
as soon as they were created.

I made this simple change to test/simple-obex-agent so you could
replicate the failure. Obviously, change the download path to exist on
your system:
-               return properties['Name']
+               return ("%s/%s" % ("/home/hadess/Downloads/", properties['Name']))

This will see OBEX Push transfers fail as soon as accepted.

I must also mention the dreadful code in agent_reply() in obexd/src/manager.c:
                const char *slash = strrchr(name, '/');
                DBG("Agent replied with %s", name);
                if (!slash) {
                        agent->new_name = g_strdup(name);
                        agent->new_folder = NULL;
                } else {
                        agent->new_name = g_strdup(slash + 1); 
                        agent->new_folder = g_strndup(name, slash - name);
                }

Please use g_path_get_basename() and g_path_get_dirname(). This is even
a security issue because I could pass relative paths and expect some
system file to get overwritten.

Cheers


             reply	other threads:[~2013-11-08 19:21 UTC|newest]

Thread overview: 6+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2013-11-08 19:21 Bastien Nocera [this message]
2013-11-09 17:17 ` obexd broken for absolute paths Bastien Nocera
2013-11-09 18:35   ` Luiz Augusto von Dentz
2013-11-09 21:00     ` Bastien Nocera
2013-11-10  0:49       ` Luiz Augusto von Dentz
2013-11-10  0:59         ` Bastien Nocera

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=1383938500.3880.23.camel@nuvo \
    --to=hadess@hadess.net \
    --cc=linux-bluetooth@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.