From: Marcel Holtmann <marcel@holtmann.org>
To: BlueZ development <bluez-devel@lists.sourceforge.net>
Subject: Re: [Bluez-devel] bug in sdp_gen_pd
Date: Mon, 26 Jun 2006 14:49:44 +0200 [thread overview]
Message-ID: <1151326184.7694.22.camel@localhost> (raw)
In-Reply-To: <564d96fb0606191038m42f48295w784bf0062ae184a3@mail.gmail.com>
Hi Rafael,
> A patch is attached. It creates the following invariant when handling strings:
>
> d->unitSize == strlen(d->val.str) + sizeof(uint8_t)
>
> Different parts of the code had different "opinions".
the patch is in the CVE nos and it makes it better, but I am still not
fully happy. When creating strings in SDP you don't need to include the
terminating NUL character, because every string is prefixed with a
length.
# sdptool add sp
Serial Port service registered
# sdptool browse local
Browsing FF:FF:FF:00:00:00 ...
Service Name: Serial Port
Service Description: COM Port
Service RecHandle: 0x10000
Service Class ID List:
"Serial Port" (0x1101)
Protocol Descriptor List:
"L2CAP" (0x0100)
"RFCOMM" (0x0003)
Channel: 1
Language Base Attr List:
code_ISO639: 0x656e
encoding: 0x6a
base_offset: 0x100
Profile Descriptor List:
"Serial Port" (0x1101)
Version: 0x0100
# sdptool browse --tree local
Browsing FF:FF:FF:00:00:00 ...
Attribute Identifier : 0x0 - ServiceRecordHandle
Integer : 0x10000
Attribute Identifier : 0x1 - ServiceClassIDList
Data Sequence
UUID16 : 0x1101 - SerialPort
Attribute Identifier : 0x4 - ProtocolDescriptorList
Data Sequence
Data Sequence
UUID16 : 0x0100 - L2CAP
Data Sequence
UUID16 : 0x0003 - RFCOMM
Channel/Port (Integer) : 0x1
Attribute Identifier : 0x5 - BrowseGroupList
Data Sequence
UUID16 : 0x1002 - PublicBrowseGroup
Attribute Identifier : 0x6 - LanguageBaseAttributeIDList
Data Sequence
Code ISO639 (Integer) : 0x656e
Encoding (Integer) : 0x6a
Base Offset (Integer) : 0x100
Attribute Identifier : 0x9 - BluetoothProfileDescriptorList
Data Sequence
Data Sequence
UUID16 : 0x1101 - SerialPort
Version (Integer) : 0x100
Attribute Identifier : 0x100
Data : 53 65 72 69 61 6c 20 50 6f 72 74 00
Attribute Identifier : 0x101
Data : 43 4f 4d 20 50 6f 72 74 00
# sdptool browse --raw local
Sequence
Attribute 0x0000 - ServiceRecordHandle
UINT32 0x00010000
Attribute 0x0001 - ServiceClassIDList
Sequence
UUID16 0x1101 - SerialPort
Attribute 0x0004 - ProtocolDescriptorList
Sequence
Sequence
UUID16 0x0100 - L2CAP
Sequence
UUID16 0x0003 - RFCOMM
UINT8 0x01
Attribute 0x0005 - BrowseGroupList
Sequence
UUID16 0x1002 - PublicBrowseGroup
Attribute 0x0006 - LanguageBaseAttributeIDList
Sequence
UINT16 0x656e
UINT16 0x006a
UINT16 0x0100
Attribute 0x0009 - BluetoothProfileDescriptorList
Sequence
Sequence
UUID16 0x1101 - SerialPort
UINT16 0x0100
Attribute 0x0100
String Serial Port
Attribute 0x0101
String COM Port
As you see, the --tree option is too dumb to detect that it is a string.
This has been left there on purpose to find stupid SDP records that
include a NUL character at the end.
Please try to fix this, too.
Regards
Marcel
Using Tomcat but need to do more? Need to support web services, security?
Get stuff done quickly with pre-integrated technology to make your job easier
Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo
http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642
_______________________________________________
Bluez-devel mailing list
Bluez-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/bluez-devel
next prev parent reply other threads:[~2006-06-26 12:49 UTC|newest]
Thread overview: 17+ messages / expand[flat|nested] mbox.gz Atom feed top
2006-06-06 10:25 [Bluez-devel] bug in sdp_gen_pd Rafael Espíndola
2006-06-07 21:10 ` Marcel Holtmann
2006-06-07 21:59 ` Rafael Espíndola
2006-06-07 22:11 ` Marcel Holtmann
2006-06-08 17:07 ` Rafael Espíndola
2006-06-09 20:14 ` Marcel Holtmann
2006-06-12 8:01 ` Marcel Holtmann
2006-06-12 11:52 ` Rafael Espíndola
2006-06-19 11:07 ` Marcel Holtmann
2006-06-19 12:13 ` Rafael Espíndola
2006-06-19 12:17 ` Rafael Espíndola
2006-06-19 17:38 ` Rafael Espíndola
2006-06-19 18:07 ` Marcel Holtmann
2006-06-19 20:21 ` Rafael Espíndola
2006-06-20 7:17 ` Marcel Holtmann
2006-06-26 12:49 ` Marcel Holtmann [this message]
-- strict thread matches above, loose matches on Subject: below --
2006-06-06 14:14 Rafael Espíndola
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1151326184.7694.22.camel@localhost \
--to=marcel@holtmann.org \
--cc=bluez-devel@lists.sourceforge.net \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).