From: Johan Hedberg <johan.hedberg@gmail.com>
To: Anderson Lizardo <anderson.lizardo@openbossa.org>
Cc: linux-bluetooth@vger.kernel.org
Subject: Re: [PATCH v3 BlueZ 00/13] Fix SDP DE Type Descriptor validation issues
Date: Mon, 18 Feb 2013 10:05:02 +0200 [thread overview]
Message-ID: <20130218080502.GA18330@x220> (raw)
In-Reply-To: <1360940876-6314-1-git-send-email-anderson.lizardo@openbossa.org>
Hi Lizardo,
On Fri, Feb 15, 2013, Anderson Lizardo wrote:
> Change since v2:
> * Fix commit author mangled during import from GMANE
>
> Changes since v1:
> * Fix license header to match BlueZ license (GPL v2 or later)
> * Rename test source file and SDP tests to account for future addition of other
> libbluetooth tests
>
> This series adds various missing DTD validations, specially for SEQ* types. The
> lack of these validations allows for a remote device to crash BlueZ due to
> invalid memory access.
>
> I also added unit tests for all affected functions. They are in a separate C
> file (unit/test-lib.c), which will in future contain tests for other
> libbluetooth API functions.
>
> The only pending related fixes from my part are some missing NULL pointer
> checks when accessing empty sequences. These will take some time to fix as they
> affect profile code as well.
>
> Best Regards,
>
> Anderson Lizardo (13):
> unit: Add initial SDP library unit tests
> lib: Add SDP_IS_ALT() macro
> lib: Reuse identical code in sdp_get_{add,}_access_protos()
> lib: Cleanup coding style in sdp_get_proto_descs()
> lib: Fix missing DTD validation while accessing SDP data elements
> unit: Add tests for sdp_get_lang_attr()
> lib: Add missing DTD validation in sdp_record_print()
> lib: Validate DTDs when parsing LanguageBaseAttributeIDList
> lib: Validate DTDs when parsing BluetoothProfileDescriptorList
> lib: Add comment to BluetoothProfileDescriptorList parsing workaround
> lib: Validate DTDs when parsing VersionNumberList
> unit: Add tests for sdp_get_profile_descs()
> unit: Add tests for sdp_get_server_ver()
>
> .gitignore | 1 +
> Makefile.am | 5 +
> lib/sdp.c | 164 +++++++++++++------
> lib/sdp.h | 1 +
> unit/test-lib.c | 471 +++++++++++++++++++++++++++++++++++++++++++++++++++++++
> 5 files changed, 596 insertions(+), 46 deletions(-)
> create mode 100644 unit/test-lib.c
All patches in this set have been applied. Thanks.
Johan
prev parent reply other threads:[~2013-02-18 8:05 UTC|newest]
Thread overview: 44+ messages / expand[flat|nested] mbox.gz Atom feed top
2013-02-10 21:26 [PATCH BlueZ 00/13] Fix SDP DE Type Descriptor validation issues Anderson Lizardo
2013-02-10 21:26 ` [PATCH BlueZ 01/13] unit: Add initial SDP library unit tests Anderson Lizardo
2013-02-10 21:26 ` [PATCH BlueZ 02/13] lib: Add SDP_IS_ALT() macro Anderson Lizardo
2013-02-10 21:26 ` [PATCH BlueZ 03/13] lib: Reuse identical code in sdp_get_{add,}_access_protos() Anderson Lizardo
2013-02-10 21:26 ` [PATCH BlueZ 04/13] lib: Cleanup coding style in sdp_get_proto_descs() Anderson Lizardo
2013-02-10 21:26 ` [PATCH BlueZ 05/13] lib: Fix missing DTD validation while accessing SDP data elements Anderson Lizardo
2013-02-10 21:26 ` [PATCH BlueZ 06/13] unit: Add tests for sdp_get_lang_attr() Anderson Lizardo
2013-02-10 21:26 ` [PATCH BlueZ 07/13] lib: Add missing DTD validation in sdp_record_print() Anderson Lizardo
2013-02-10 21:26 ` [PATCH BlueZ 08/13] lib: Validate DTDs when parsing LanguageBaseAttributeIDList Anderson Lizardo
2013-02-10 21:26 ` [PATCH BlueZ 09/13] lib: Validate DTDs when parsing BluetoothProfileDescriptorList Anderson Lizardo
2013-02-10 21:26 ` [PATCH BlueZ 10/13] lib: Add comment to BluetoothProfileDescriptorList parsing workaround Anderson Lizardo
2013-02-10 21:26 ` [PATCH BlueZ 11/13] lib: Validate DTDs when parsing VersionNumberList Anderson Lizardo
2013-02-10 21:26 ` [PATCH BlueZ 12/13] unit: Add tests for sdp_get_profile_descs() Anderson Lizardo
2013-02-10 21:26 ` [PATCH BlueZ 13/13] unit: Add tests for sdp_get_server_ver() Anderson Lizardo
2013-02-15 14:56 ` [PATCH v2 BlueZ 00/13] Fix SDP DE Type Descriptor validation issues Anderson Lizardo
2013-02-15 14:51 ` Anderson Lizardo
2013-02-15 14:56 ` [PATCH BlueZ 01/13] unit: Add initial SDP library unit tests Anderson Lizardo
2013-02-15 14:56 ` [PATCH BlueZ 02/13] lib: Add SDP_IS_ALT() macro Anderson Lizardo
2013-02-15 14:56 ` [PATCH BlueZ 03/13] lib: Reuse identical code in sdp_get_{add,}_access_protos() Anderson Lizardo
2013-02-15 14:56 ` [PATCH BlueZ 04/13] lib: Cleanup coding style in sdp_get_proto_descs() Anderson Lizardo
2013-02-15 14:56 ` [PATCH BlueZ 05/13] lib: Fix missing DTD validation while accessing SDP data elements Anderson Lizardo
2013-02-15 14:56 ` [PATCH BlueZ 06/13] unit: Add tests for sdp_get_lang_attr() Anderson Lizardo
2013-02-15 14:56 ` [PATCH BlueZ 07/13] lib: Add missing DTD validation in sdp_record_print() Anderson Lizardo
2013-02-15 14:56 ` [PATCH BlueZ 08/13] lib: Validate DTDs when parsing LanguageBaseAttributeIDList Anderson Lizardo
2013-02-15 14:56 ` [PATCH BlueZ 09/13] lib: Validate DTDs when parsing BluetoothProfileDescriptorList Anderson Lizardo
2013-02-15 14:56 ` [PATCH BlueZ 10/13] lib: Add comment to BluetoothProfileDescriptorList parsing workaround Anderson Lizardo
2013-02-15 14:56 ` [PATCH BlueZ 11/13] lib: Validate DTDs when parsing VersionNumberList Anderson Lizardo
2013-02-15 14:56 ` [PATCH BlueZ 12/13] unit: Add tests for sdp_get_profile_descs() Anderson Lizardo
2013-02-15 14:56 ` [PATCH BlueZ 13/13] unit: Add tests for sdp_get_server_ver() Anderson Lizardo
2013-02-15 15:07 ` [PATCH v3 BlueZ 00/13] Fix SDP DE Type Descriptor validation issues Anderson Lizardo
2013-02-15 15:07 ` [PATCH BlueZ 01/13] unit: Add initial SDP library unit tests Anderson Lizardo
2013-02-15 15:07 ` [PATCH BlueZ 02/13] lib: Add SDP_IS_ALT() macro Anderson Lizardo
2013-02-15 15:07 ` [PATCH BlueZ 03/13] lib: Reuse identical code in sdp_get_{add,}_access_protos() Anderson Lizardo
2013-02-15 15:07 ` [PATCH BlueZ 04/13] lib: Cleanup coding style in sdp_get_proto_descs() Anderson Lizardo
2013-02-15 15:07 ` [PATCH BlueZ 05/13] lib: Fix missing DTD validation while accessing SDP data elements Anderson Lizardo
2013-02-15 15:07 ` [PATCH BlueZ 06/13] unit: Add tests for sdp_get_lang_attr() Anderson Lizardo
2013-02-15 15:07 ` [PATCH BlueZ 07/13] lib: Add missing DTD validation in sdp_record_print() Anderson Lizardo
2013-02-15 15:07 ` [PATCH BlueZ 08/13] lib: Validate DTDs when parsing LanguageBaseAttributeIDList Anderson Lizardo
2013-02-15 15:07 ` [PATCH BlueZ 09/13] lib: Validate DTDs when parsing BluetoothProfileDescriptorList Anderson Lizardo
2013-02-15 15:07 ` [PATCH BlueZ 10/13] lib: Add comment to BluetoothProfileDescriptorList parsing workaround Anderson Lizardo
2013-02-15 15:07 ` [PATCH BlueZ 11/13] lib: Validate DTDs when parsing VersionNumberList Anderson Lizardo
2013-02-15 15:07 ` [PATCH BlueZ 12/13] unit: Add tests for sdp_get_profile_descs() Anderson Lizardo
2013-02-15 15:07 ` [PATCH BlueZ 13/13] unit: Add tests for sdp_get_server_ver() Anderson Lizardo
2013-02-18 8:05 ` Johan Hedberg [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20130218080502.GA18330@x220 \
--to=johan.hedberg@gmail.com \
--cc=anderson.lizardo@openbossa.org \
--cc=linux-bluetooth@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.