RE: [Bluez-devel] textfile.c find_key

RE: [Bluez-devel] textfile.c find_key

[Robert Wlaschin]

[-- Attachment #1: Type: text/plain, Size: 2005 bytes --]

Marcel,

Not sure if you are interested in this but in the file textfile.c, function
find_key.  If map is ever NULL the strstr will segment fault.  An instance
of this happening would be when the key file was empty.  This might happen
if a Linux Op was removing keys that were invalidated by a lost pairing.  I
feel that in general checking for a NULL is better than not.

Here's a patch ...

--- ./bluez-utils-2.21/common/textfile.c        2005-09-10
05:27:26.000000000 -0700
+++ ./bluez-utils-2.21-orig/common/textfile.c   2005-11-08
11:18:09.837262992 -0800
@@ -115,11 +115,16 @@
 
 static inline char *find_key(char *map, char *key, size_t len)
 {
-       char *off = strstr(map, key);
+       char *off = NULL;
+
+       if(map)
+       {
+               off = strstr(map, key);
 
                while (off && ((off > map && *(off - 1) != '\r' &&
                               *(off - 1) != '\n') || *(off + len) != ' '))
                off = strstr(off + len, key);
+       }
 
        return off;
 }

Thanks,
Robert

-----Original Message-----
From: Marcel Holtmann [mailto:marcel@holtmann.org]
Sent: Tuesday, November 08, 2005 10:17 AM
To: bluez-devel@lists.sourceforge.net
Subject: Re: [Bluez-devel] C Program for Getting Link Quality


Hi Arpit,

> I did a yum update bluez*.
> 
> The verion I'm using is:
> 
> [root@174-15 bluetooth]# ls -l
> total 116
> -rw-r--r--  1 root root  3607 Mar  2  2005 bluetooth.h
> 
> On including sys/socket.h..the error is the same:

maybe <sys/ioctl.h> is also missing.

Regards

Marcel




-------------------------------------------------------
SF.Net email is sponsored by:
Tame your development challenges with Apache's Geronimo App Server. Download
it for free - -and be entered to win a 42" plasma tv or your very own
Sony(tm)PSP.  Click here to play: http://sourceforge.net/geronimo.php
_______________________________________________
Bluez-devel mailing list
Bluez-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/bluez-devel

[-- Attachment #2: Type: text/html, Size: 4634 bytes --]

RE: [Bluez-devel] textfile.c find_key

[Marcel Holtmann]

Hi Robert,

> Not sure if you are interested in this but in the file textfile.c,
> function find_key.  If map is ever NULL the strstr will segment fault.
> An instance of this happening would be when the key file was empty.
> This might happen if a Linux Op was removing keys that were
> invalidated by a lost pairing.  I feel that in general checking for a
> NULL is better than not.

how can map be NULL? Check "man mmap" about the return value of mmap().

Regards

Marcel




-------------------------------------------------------
SF.Net email is sponsored by:
Tame your development challenges with Apache's Geronimo App Server. Download
it for free - -and be entered to win a 42" plasma tv or your very own
Sony(tm)PSP.  Click here to play: http://sourceforge.net/geronimo.php
_______________________________________________
Bluez-devel mailing list
Bluez-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/bluez-devel

RE: [Bluez-devel] textfile.c find_key

[Robert Wlaschin]

[-- Attachment #1: Type: text/plain, Size: 1784 bytes --]

Marcel,

Normally I would agree with you but I tried it and there came a NULL -- to
my great surprise.  I could have a bug in the kernel I'm using or something
else.  If you aren't sure you can always try it out yourself and if I'm
wrong there you go.  If you could let me know the results you get I would
appreciate it.

I ran textfile_get on a file that is size 0.  This should replicate the bug
for you.  I used test_textfile to test both the problem and the 'fix' --
sadly, being that the mmap documentation says that 0 cannot be returned, I
would say that the fix is a farce and mmap should be fixed instead.

Thanks,
Robert

-----Original Message-----
From: Marcel Holtmann [mailto:marcel@holtmann.org]
Sent: Tuesday, November 08, 2005 11:55 AM
To: bluez-devel@lists.sourceforge.net
Subject: RE: [Bluez-devel] textfile.c find_key


Hi Robert,

> Not sure if you are interested in this but in the file textfile.c,
> function find_key.  If map is ever NULL the strstr will segment fault.
> An instance of this happening would be when the key file was empty.
> This might happen if a Linux Op was removing keys that were
> invalidated by a lost pairing.  I feel that in general checking for a
> NULL is better than not.

how can map be NULL? Check "man mmap" about the return value of mmap().

Regards

Marcel




-------------------------------------------------------
SF.Net email is sponsored by:
Tame your development challenges with Apache's Geronimo App Server. Download
it for free - -and be entered to win a 42" plasma tv or your very own
Sony(tm)PSP.  Click here to play: http://sourceforge.net/geronimo.php
_______________________________________________
Bluez-devel mailing list
Bluez-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/bluez-devel

[-- Attachment #2: Type: text/html, Size: 3163 bytes --]

RE: [Bluez-devel] textfile.c find_key

[Marcel Holtmann]

Hi Robert,

> Normally I would agree with you but I tried it and there came a NULL
> -- to my great surprise.  I could have a bug in the kernel I'm using
> or something else.  If you aren't sure you can always try it out
> yourself and if I'm wrong there you go.  If you could let me know the
> results you get I would appreciate it.
> 
> I ran textfile_get on a file that is size 0.  This should replicate
> the bug for you.  I used test_textfile to test both the problem and
> the 'fix' -- sadly, being that the mmap documentation says that 0
> cannot be returned, I would say that the fix is a farce and mmap
> should be fixed instead.

I can't reproduce this problem. On a file with size 0 the textfile_get()
returns NULL as it should be. No segmentation fault or any other problem
so far. Maybe the kernel or your glibc is broken. What do you use?

Regards

Marcel




-------------------------------------------------------
SF.Net email is sponsored by:
Tame your development challenges with Apache's Geronimo App Server. Download
it for free - -and be entered to win a 42" plasma tv or your very own
Sony(tm)PSP.  Click here to play: http://sourceforge.net/geronimo.php
_______________________________________________
Bluez-devel mailing list
Bluez-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/bluez-devel

RE: [Bluez-devel] textfile.c find_key

[Robert Wlaschin]

[-- Attachment #1: Type: text/plain, Size: 1807 bytes --]

Marcel,

It might possibly be.  I'm using an Arm processor with the kernel version
2.6.10 for use with Busybox.  It's probably a safe bet that not many people
are using an Arm  processor so it could be something about that.  I'll look
around.

Thanks,
Robert

-----Original Message-----
From: Marcel Holtmann [mailto:marcel@holtmann.org]
Sent: Tuesday, November 08, 2005 2:14 PM
To: bluez-devel@lists.sourceforge.net
Subject: RE: [Bluez-devel] textfile.c find_key


Hi Robert,

> Normally I would agree with you but I tried it and there came a NULL
> -- to my great surprise.  I could have a bug in the kernel I'm using
> or something else.  If you aren't sure you can always try it out
> yourself and if I'm wrong there you go.  If you could let me know the
> results you get I would appreciate it.
> 
> I ran textfile_get on a file that is size 0.  This should replicate
> the bug for you.  I used test_textfile to test both the problem and
> the 'fix' -- sadly, being that the mmap documentation says that 0
> cannot be returned, I would say that the fix is a farce and mmap
> should be fixed instead.

I can't reproduce this problem. On a file with size 0 the textfile_get()
returns NULL as it should be. No segmentation fault or any other problem
so far. Maybe the kernel or your glibc is broken. What do you use?

Regards

Marcel




-------------------------------------------------------
SF.Net email is sponsored by:
Tame your development challenges with Apache's Geronimo App Server. Download
it for free - -and be entered to win a 42" plasma tv or your very own
Sony(tm)PSP.  Click here to play: http://sourceforge.net/geronimo.php
_______________________________________________
Bluez-devel mailing list
Bluez-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/bluez-devel

[-- Attachment #2: Type: text/html, Size: 3347 bytes --]

RE: [Bluez-devel] textfile.c find_key

[Marcel Holtmann]

[-- Attachment #1: Type: text/plain, Size: 354 bytes --]

Hi Robert,

> It might possibly be.  I'm using an Arm processor with the kernel
> version 2.6.10 for use with Busybox.  It's probably a safe bet that
> not many people are using an Arm  processor so it could be something
> about that.  I'll look around.

okay lets check for (map == NULL). The attached patch would do it the
right way.

Regards

Marcel


[-- Attachment #2: patch --]
[-- Type: text/x-patch, Size: 676 bytes --]

Index: textfile.c
===================================================================
RCS file: /cvsroot/bluez/utils/common/textfile.c,v
retrieving revision 1.9
diff -u -r1.9 textfile.c
--- textfile.c	29 Oct 2005 22:36:31 -0000	1.9
+++ textfile.c	9 Nov 2005 00:01:34 -0000
@@ -149,7 +149,7 @@
 	}
 
 	map = mmap(NULL, size, PROT_READ | PROT_WRITE, MAP_SHARED | MAP_LOCKED, fd, 0);
-	if (map == MAP_FAILED) {
+	if (!map || map == MAP_FAILED) {
 		err = errno;
 		goto unlock;
 	}
@@ -243,7 +243,7 @@
 	size = st.st_size;
 
 	map = mmap(NULL, size, PROT_READ, MAP_SHARED, fd, 0);
-	if (map == MAP_FAILED) {
+	if (!map || map == MAP_FAILED) {
 		err = errno;
 		goto unlock;
 	}