From: Ravi Kumar Veeramally <ravikumar.veeramally@linux.intel.com>
To: linux-bluetooth@vger.kernel.org, Johan Hedberg <johan.hedberg@gmail.com>
Subject: Re: [PATCH_v3 3/3] android/pan: Handle connection and control state notifications
Date: Wed, 13 Nov 2013 11:46:30 +0200 [thread overview]
Message-ID: <52834A76.4050600@linux.intel.com> (raw)
In-Reply-To: <20131113093301.GB1749@x220.p-661hnu-f1>
Hi Johan,
On 11/13/2013 11:33 AM, Johan Hedberg wrote:
> Hi Ravi,
>
> On Wed, Nov 13, 2013, Ravi kumar Veeramally wrote:
>> ---
>> android/hal-pan.c | 31 +++++++++++++++++++++++++++++++
>> 1 file changed, 31 insertions(+)
> I've applied the first two patches, but for this one I've got a few
> questions:
>
>> diff --git a/android/hal-pan.c b/android/hal-pan.c
>> index 851c5d2..2bc560e 100644
>> --- a/android/hal-pan.c
>> +++ b/android/hal-pan.c
>> @@ -31,10 +31,41 @@ static bool interface_ready(void)
>> return cbs != NULL;
>> }
>>
>> +static void handle_conn_state(void *buf)
>> +{
>> + struct hal_ev_pan_conn_state *ev = buf;
>> +
>> + if (cbs->connection_state_cb)
>> + cbs->connection_state_cb(ev->state, ev->status,
>> + (bt_bdaddr_t *) ev->bdaddr,
>> + ev->local_role, ev->remote_role);
>> +}
>> +
>> +static void handle_ctrl_state(void *buf)
>> +{
>> + struct hal_ev_pan_ctrl_state *ev = buf;
>> +
>> + if (cbs->control_state_cb)
>> + cbs->control_state_cb(ev->state, ev->status,
>> + ev->local_role, (char *)ev->name);
>> +}
>> +
>> void bt_notify_pan(uint8_t opcode, void *buf, uint16_t len)
>> {
>> if (!interface_ready())
>> return;
>> +
>> + switch (opcode) {
>> + case HAL_EV_PAN_CONN_STATE:
>> + handle_conn_state(buf);
>> + break;
>> + case HAL_EV_PAN_CTRL_STATE:
>> + handle_ctrl_state(buf);
>> + break;
>> + default:
>> + DBG("Unhandled callback opcode=0x%x", opcode);
>> + break;
>> + }
>> }
> What I don't like about this is that you're not pushing the data length
> to the handler functions. If you did that the handler functions could:
>
> if (len < sizeof(*ev))
> return;
>
> Instead of return we could also just abort - what's the general policy
> on the HAL side regarding invalid data from the daemon? How does this
> relate to the work Szymon is doing to add proper checks for the IPC
> data? Is that only for the daemon side?
>
> Are we missing similar checks in other HALs too?
Yes, we are not doing similar checks in other HALs
(hal-bluetooth/a2dp/hid/) too.
Very few places in hal-bluetooth length is passing but validation is
not done.
I will fix them all and send you the patch.
Thanks,
Ravi.
next prev parent reply other threads:[~2013-11-13 9:46 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
2013-11-13 9:25 [PATCH_v3 1/3] android: Fix opcode parameter type from uint16_t to uint8_t Ravi kumar Veeramally
2013-11-13 9:25 ` [PATCH_v3 2/3] android/pan: Add notify method to PAN notifications Ravi kumar Veeramally
2013-11-13 9:25 ` [PATCH_v3 3/3] android/pan: Handle connection and control state notifications Ravi kumar Veeramally
2013-11-13 9:33 ` Johan Hedberg
2013-11-13 9:46 ` Ravi Kumar Veeramally [this message]
2013-11-13 9:59 ` Szymon Janc
2013-11-13 10:11 ` Ravi Kumar Veeramally
2013-11-13 11:16 ` Johan Hedberg
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=52834A76.4050600@linux.intel.com \
--to=ravikumar.veeramally@linux.intel.com \
--cc=johan.hedberg@gmail.com \
--cc=linux-bluetooth@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.