[PATCH 1/3] Fix null dereference in src/main.c

public inbox for linux-bluetooth@vger.kernel.org
 help / color / mirror / Atom feed

* [PATCH 1/3] Fix null dereference in src/main.c
@ 2009-04-01  2:30 Gustavo F. Padovan
  2009-04-01  2:30 ` [PATCH 2/3] Fix null dereference in gdbus/watch.c Gustavo F. Padovan
  2009-04-01  5:52 ` [PATCH 1/3] Fix null dereference in src/main.c Johan Hedberg
  0 siblings, 2 replies; 6+ messages in thread
From: Gustavo F. Padovan @ 2009-04-01  2:30 UTC (permalink / raw)
  To: linux-bluetooth

str could be null when dst isn't null
---
 src/main.c |    2 +-
 1 files changed, 1 insertions(+), 1 deletions(-)

diff --git a/src/main.c b/src/main.c
index 2d24d07..3ad9048 100644
--- a/src/main.c
+++ b/src/main.c
@@ -266,7 +266,7 @@ static char *expand_name(char *dst, int size, char *str, int dev_id)
 	register int sp, np, olen;
 	char *opt, buf[10];
 
-	if (!str && !dst)
+	if (!str || !dst)
 		return NULL;
 
 	sp = np = 0;
-- 
1.6.0.6


^ permalink raw reply related	[flat|nested] 6+ messages in thread

* [PATCH 2/3] Fix null dereference in gdbus/watch.c
  2009-04-01  2:30 [PATCH 1/3] Fix null dereference in src/main.c Gustavo F. Padovan
@ 2009-04-01  2:30 ` Gustavo F. Padovan
  2009-04-01  2:30   ` [PATCH 3/3] Fix memset of sco_opt Gustavo F. Padovan
  2009-04-01  5:54   ` [PATCH 2/3] Fix null dereference in gdbus/watch.c Johan Hedberg
  2009-04-01  5:52 ` [PATCH 1/3] Fix null dereference in src/main.c Johan Hedberg
  1 sibling, 2 replies; 6+ messages in thread
From: Gustavo F. Padovan @ 2009-04-01  2:30 UTC (permalink / raw)
  To: linux-bluetooth

If name or data->name is null we have a null dereference. Not name and
data->name.
---
 gdbus/watch.c |    2 +-
 1 files changed, 1 insertions(+), 1 deletions(-)

diff --git a/gdbus/watch.c b/gdbus/watch.c
index 38bf3d7..607803c 100644
--- a/gdbus/watch.c
+++ b/gdbus/watch.c
@@ -62,7 +62,7 @@ static struct name_data *name_data_find(DBusConnection *connection,
 			current != NULL; current = current->next) {
 		struct name_data *data = current->data;
 
-		if (name == NULL && data->name == NULL) {
+		if (name == NULL || data->name == NULL) {
 			if (connection == data->connection)
 				return data;
 		} else {
-- 
1.6.0.6


^ permalink raw reply related	[flat|nested] 6+ messages in thread

* [PATCH 3/3] Fix memset of sco_opt
  2009-04-01  2:30 ` [PATCH 2/3] Fix null dereference in gdbus/watch.c Gustavo F. Padovan
@ 2009-04-01  2:30   ` Gustavo F. Padovan
  2009-04-01  5:56     ` Johan Hedberg
  2009-04-01  5:54   ` [PATCH 2/3] Fix null dereference in gdbus/watch.c Johan Hedberg
  1 sibling, 1 reply; 6+ messages in thread
From: Gustavo F. Padovan @ 2009-04-01  2:30 UTC (permalink / raw)
  To: linux-bluetooth

Now len has the correct value: sizeof(sco_opt)
---
 common/btio.c |    2 +-
 1 files changed, 1 insertions(+), 1 deletions(-)

diff --git a/common/btio.c b/common/btio.c
index 9ff407f..030feda 100644
--- a/common/btio.c
+++ b/common/btio.c
@@ -573,8 +573,8 @@ static gboolean sco_set(int sock, uint16_t mtu, GError **err)
 	if (!mtu)
 		return TRUE;
 
-	memset(&sco_opt, 0, len);
 	len = sizeof(sco_opt);
+	memset(&sco_opt, 0, len);
 	if (getsockopt(sock, SOL_SCO, SCO_OPTIONS, &sco_opt, &len) < 0) {
 		ERROR_FAILED(err, "getsockopt(SCO_OPTIONS)", errno);
 		return FALSE;
-- 
1.6.0.6


^ permalink raw reply related	[flat|nested] 6+ messages in thread

* Re: [PATCH 1/3] Fix null dereference in src/main.c
  2009-04-01  2:30 [PATCH 1/3] Fix null dereference in src/main.c Gustavo F. Padovan
  2009-04-01  2:30 ` [PATCH 2/3] Fix null dereference in gdbus/watch.c Gustavo F. Padovan
@ 2009-04-01  5:52 ` Johan Hedberg
  1 sibling, 0 replies; 6+ messages in thread
From: Johan Hedberg @ 2009-04-01  5:52 UTC (permalink / raw)
  To: Gustavo F. Padovan; +Cc: linux-bluetooth

Hi Gustavo,

On Tue, Mar 31, 2009, Gustavo F. Padovan wrote:
> str could be null when dst isn't null
> ---
>  src/main.c |    2 +-
>  1 files changed, 1 insertions(+), 1 deletions(-)
> 
> diff --git a/src/main.c b/src/main.c
> index 2d24d07..3ad9048 100644
> --- a/src/main.c
> +++ b/src/main.c
> @@ -266,7 +266,7 @@ static char *expand_name(char *dst, int size, char *str, int dev_id)
>  	register int sp, np, olen;
>  	char *opt, buf[10];
>  
> -	if (!str && !dst)
> +	if (!str || !dst)
>  		return NULL;
>  
>  	sp = np = 0;

The patch has been pushed upstream. Thanks.

Johan

^ permalink raw reply	[flat|nested] 6+ messages in thread

* Re: [PATCH 2/3] Fix null dereference in gdbus/watch.c
  2009-04-01  2:30 ` [PATCH 2/3] Fix null dereference in gdbus/watch.c Gustavo F. Padovan
  2009-04-01  2:30   ` [PATCH 3/3] Fix memset of sco_opt Gustavo F. Padovan
@ 2009-04-01  5:54   ` Johan Hedberg
  1 sibling, 0 replies; 6+ messages in thread
From: Johan Hedberg @ 2009-04-01  5:54 UTC (permalink / raw)
  To: Gustavo F. Padovan; +Cc: linux-bluetooth

Hi,

On Tue, Mar 31, 2009, Gustavo F. Padovan wrote:
> If name or data->name is null we have a null dereference. Not name and
> data->name.
> ---
>  gdbus/watch.c |    2 +-
>  1 files changed, 1 insertions(+), 1 deletions(-)
> 
> diff --git a/gdbus/watch.c b/gdbus/watch.c
> index 38bf3d7..607803c 100644
> --- a/gdbus/watch.c
> +++ b/gdbus/watch.c
> @@ -62,7 +62,7 @@ static struct name_data *name_data_find(DBusConnection *connection,
>  			current != NULL; current = current->next) {
>  		struct name_data *data = current->data;
>  
> -		if (name == NULL && data->name == NULL) {
> +		if (name == NULL || data->name == NULL) {
>  			if (connection == data->connection)
>  				return data;
>  		} else {

Pushed upstream. Marcel, you'll probably want to merge the patch with the other
gdbus-using projects too.

Johan

^ permalink raw reply	[flat|nested] 6+ messages in thread

* Re: [PATCH 3/3] Fix memset of sco_opt
  2009-04-01  2:30   ` [PATCH 3/3] Fix memset of sco_opt Gustavo F. Padovan
@ 2009-04-01  5:56     ` Johan Hedberg
  0 siblings, 0 replies; 6+ messages in thread
From: Johan Hedberg @ 2009-04-01  5:56 UTC (permalink / raw)
  To: Gustavo F. Padovan; +Cc: linux-bluetooth

Hi,

On Tue, Mar 31, 2009, Gustavo F. Padovan wrote:
> Now len has the correct value: sizeof(sco_opt)
> ---
>  common/btio.c |    2 +-
>  1 files changed, 1 insertions(+), 1 deletions(-)
> 
> diff --git a/common/btio.c b/common/btio.c
> index 9ff407f..030feda 100644
> --- a/common/btio.c
> +++ b/common/btio.c
> @@ -573,8 +573,8 @@ static gboolean sco_set(int sock, uint16_t mtu, GError **err)
>  	if (!mtu)
>  		return TRUE;
>  
> -	memset(&sco_opt, 0, len);
>  	len = sizeof(sco_opt);
> +	memset(&sco_opt, 0, len);
>  	if (getsockopt(sock, SOL_SCO, SCO_OPTIONS, &sco_opt, &len) < 0) {
>  		ERROR_FAILED(err, "getsockopt(SCO_OPTIONS)", errno);
>  		return FALSE;

Nice catch! This one has also been pushed upstream. It's strange though that we
haven't noticed any uninitialized variable compiler warnings because of it
earlier.

Johan

^ permalink raw reply	[flat|nested] 6+ messages in thread

end of thread, other threads:[~2009-04-01  5:56 UTC | newest]

Thread overview: 6+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2009-04-01  2:30 [PATCH 1/3] Fix null dereference in src/main.c Gustavo F. Padovan
2009-04-01  2:30 ` [PATCH 2/3] Fix null dereference in gdbus/watch.c Gustavo F. Padovan
2009-04-01  2:30   ` [PATCH 3/3] Fix memset of sco_opt Gustavo F. Padovan
2009-04-01  5:56     ` Johan Hedberg
2009-04-01  5:54   ` [PATCH 2/3] Fix null dereference in gdbus/watch.c Johan Hedberg
2009-04-01  5:52 ` [PATCH 1/3] Fix null dereference in src/main.c Johan Hedberg

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox