[PATCH BlueZ v2 0/1] mgmt: Fix crash after pair command

[PATCH BlueZ v2 0/1] mgmt: Fix crash after pair command

[Vinit Mehta]

Hello Maintainers

This patch fixes assertion in bluetoothctl client process

After pair command, if the user doesn't provide any input on bluetoothctl
CLI interface after receiving the prompt(yes/no), than subsequent CLI 
command will trigger a call to DBUS library function 
(dbus_message_get_no_reply) with a NULL message pointer which triggers
assertion in DBUS library causing the bluetoothctl process to crash. 
The change is done in confirm_response callback to trigger a DBUS
API error call only if the pending_message pointer is not NULL so 
as to avoid the assertion.

Thank you in advance for your review.

Warm Regards
Vinit Mehta

Vinit Mehta (1):
  mgmt: Fix crash after pair command

 client/agent.c | 15 +++++++++------
 client/mgmt.c  | 12 +++++++++---
 2 files changed, 18 insertions(+), 9 deletions(-)

-- 
2.42.0.windows.2

[PATCH BlueZ v2 1/1] mgmt: Fix crash after pair command

[Vinit Mehta]

After pair command, if the user doesn't provide any input on bluetoothctl
CLI interface after receiving the prompt(yes/no) below crash is observed:

dbus[782]: arguments to dbus_message_get_no_reply() were incorrect,
assertion "message != NULL" failed in file
/usr/src/debug/dbus/1.14.10-r0/dbus/dbus-message.c line 3250.
This is normally a bug in some application using the D-Bus library.
/usr/lib/libc.so.6(+0x27534) [0xffffa1b67534]
/usr/lib/libc.so.6(__libc_start_main+0x9c) [0xffffa1b6760c]
bluetoothctl(+0x188f0) [0xaaaac9c088f0]
Aborted (core dumped)
---
 client/agent.c | 15 +++++++++------
 client/mgmt.c  | 12 +++++++++---
 2 files changed, 18 insertions(+), 9 deletions(-)

diff --git a/client/agent.c b/client/agent.c
index 35b404114..ff5e57ff2 100644
--- a/client/agent.c
+++ b/client/agent.c
@@ -77,14 +77,17 @@ static void confirm_response(const char *input, void *user_data)
 {
 	DBusConnection *conn = user_data;
 
-	if (!strcmp(input, "yes"))
-		g_dbus_send_reply(conn, pending_message, DBUS_TYPE_INVALID);
-	else if (!strcmp(input, "no"))
-		g_dbus_send_error(conn, pending_message,
+	if (pending_message != NULL) {
+		if (!strcmp(input, "yes"))
+			g_dbus_send_reply(conn, pending_message,
+					DBUS_TYPE_INVALID);
+		else if (!strcmp(input, "no"))
+			g_dbus_send_error(conn, pending_message,
 					"org.bluez.Error.Rejected", NULL);
-	else
-		g_dbus_send_error(conn, pending_message,
+		else
+			g_dbus_send_error(conn, pending_message,
 					"org.bluez.Error.Canceled", NULL);
+	}
 }
 
 static void agent_release(DBusConnection *conn)
diff --git a/client/mgmt.c b/client/mgmt.c
index c056d018a..2cc40a7e3 100644
--- a/client/mgmt.c
+++ b/client/mgmt.c
@@ -849,10 +849,16 @@ static void prompt_input(const char *input, void *user_data)
 								&prompt.addr);
 		break;
 	case MGMT_EV_USER_CONFIRM_REQUEST:
-		if (input[0] == 'y' || input[0] == 'Y')
-			mgmt_confirm_reply(prompt.index, &prompt.addr);
-		else
+		if (len) {
+			if (input[0] == 'y' || input[0] == 'Y')
+				mgmt_confirm_reply(prompt.index, &prompt.addr);
+			else
+				mgmt_confirm_neg_reply(prompt.index,
+						&prompt.addr);
+		} else {
 			mgmt_confirm_neg_reply(prompt.index, &prompt.addr);
+			bt_shell_set_prompt(PROMPT_ON);
+		}
 		break;
 	}
 }
-- 
2.42.0.windows.2

RE: mgmt: Fix crash after pair command

[bluez.test.bot]

[-- Attachment #1: Type: text/plain, Size: 946 bytes --]

This is automated email and please do not reply to this email!

Dear submitter,

Thank you for submitting the patches to the linux bluetooth mailing list.
This is a CI test results with your patch series:
PW Link:https://patchwork.kernel.org/project/bluetooth/list/?series=811296

---Test result---

Test Summary:
CheckPatch                    PASS      0.30 seconds
GitLint                       PASS      0.21 seconds
BuildEll                      PASS      24.02 seconds
BluezMake                     PASS      751.07 seconds
MakeCheck                     PASS      11.61 seconds
MakeDistcheck                 PASS      162.18 seconds
CheckValgrind                 PASS      225.46 seconds
CheckSmatch                   PASS      326.35 seconds
bluezmakeextell               PASS      106.28 seconds
IncrementalBuild              PASS      699.09 seconds
ScanBuild                     PASS      941.41 seconds



---
Regards,
Linux Bluetooth

Re: [PATCH BlueZ v2 0/1] mgmt: Fix crash after pair command

[patchwork-bot+bluetooth]

Hello:

This patch was applied to bluetooth/bluez.git (master)
by Luiz Augusto von Dentz <luiz.von.dentz@intel.com>:

On Tue, 19 Dec 2023 11:58:00 +0530 you wrote:
> Hello Maintainers
> 
> This patch fixes assertion in bluetoothctl client process
> 
> After pair command, if the user doesn't provide any input on bluetoothctl
> CLI interface after receiving the prompt(yes/no), than subsequent CLI
> command will trigger a call to DBUS library function
> (dbus_message_get_no_reply) with a NULL message pointer which triggers
> assertion in DBUS library causing the bluetoothctl process to crash.
> The change is done in confirm_response callback to trigger a DBUS
> API error call only if the pending_message pointer is not NULL so
> as to avoid the assertion.
> 
> [...]

Here is the summary with links:
  - [BlueZ,v2,1/1] mgmt: Fix crash after pair command
    https://git.kernel.org/pub/scm/bluetooth/bluez.git/?id=60d60166e4bf

You are awesome, thank you!
-- 
Deet-doot-dot, I am a bot.
https://korg.docs.kernel.org/patchwork/pwbot.html