From: "Gustavo F. Padovan" <padovan@profusion.mobi>
To: Anderson Lizardo <anderson.lizardo@openbossa.org>
Cc: johan.hedberg@gmail.com, linux-bluetooth@vger.kernel.org,
Johan Hedberg <johan.hedberg@nokia.com>
Subject: Re: [PATCH 2/3] Bluetooth: Add initial Bluetooth Management interface callbacks
Date: Wed, 24 Nov 2010 17:10:25 -0200 [thread overview]
Message-ID: <20101124191025.GA2592@vigoh> (raw)
In-Reply-To: <AANLkTimFz=FRPiGT31xt9wMjWoxC5cuKBubEqYNT0s=5@mail.gmail.com>
Hi Anderson,
* Anderson Lizardo <anderson.lizardo@openbossa.org> [2010-11-24 11:38:22 -0400]:
> Hi Johan,
>
> On Wed, Nov 24, 2010 at 10:39 AM, <johan.hedberg@gmail.com> wrote:
> > static int hci_sock_bind(struct socket *sock, struct sockaddr *addr, int addr_len)
> > {
> > - struct sockaddr_hci *haddr = (struct sockaddr_hci *) addr;
> > + struct sockaddr_hci haddr;
>
> Just out of curiosity: why is this change necessary (i.e. make a stack
> copy of addr data and use it instead of using a cast of addr)?
>
> > struct sock *sk = sock->sk;
> > struct hci_dev *hdev = NULL;
> > - int err = 0;
> > + int len, err = 0;
> >
> > BT_DBG("sock %p sk %p", sock, sk);
> >
> > - if (!haddr || haddr->hci_family != AF_BLUETOOTH)
> > + if (!addr)
> > + return -EINVAL;
> > +
> > + memset(&haddr, 0, sizeof(haddr));
> > + len = min_t(unsigned int, sizeof(haddr), addr_len);
> > + memcpy(&haddr, addr, len);
>
> Looks like you are playing safe here, but looking at least a few
> ->bind() implementations I see most just cast the original struct
> sockaddr, which is has size (sizeof(unsigned short) + 14).
Older userspace versions can use smaller struct sockaddr, so it's a
better idea move to th stack and zero-filling the the struct before the
copy the data, this way if the size of the data copied is smaller than
the struct, the fields in the end of the struct will be filled with
zeros and not something stranger.
--
Gustavo F. Padovan
http://profusion.mobi
next prev parent reply other threads:[~2010-11-24 19:10 UTC|newest]
Thread overview: 17+ messages / expand[flat|nested] mbox.gz Atom feed top
2010-11-24 14:39 Initial set of Management interface patches johan.hedberg
2010-11-24 14:39 ` [PATCH 1/3] Bluetooth: Add Bluetooth Management interface definitions johan.hedberg
2010-11-24 14:47 ` Marcel Holtmann
2010-11-24 14:39 ` [PATCH 2/3] Bluetooth: Add initial Bluetooth Management interface callbacks johan.hedberg
2010-11-24 14:48 ` Marcel Holtmann
2010-11-24 14:55 ` Andrei Emeltchenko
2010-11-24 21:47 ` Johan Hedberg
2010-11-24 21:58 ` Gustavo F. Padovan
2010-11-24 15:38 ` Anderson Lizardo
2010-11-24 19:10 ` Gustavo F. Padovan [this message]
2010-11-24 14:39 ` [PATCH 3/3] Bluetooth: Make hci_send_to_sock usable for management control sockets johan.hedberg
2010-11-24 14:49 ` Marcel Holtmann
-- strict thread matches above, loose matches on Subject: below --
2010-12-05 18:19 Initial Management interface patches (rebased) johan.hedberg
2010-12-05 18:19 ` [PATCH 2/3] Bluetooth: Add initial Bluetooth Management interface callbacks johan.hedberg
2010-12-06 13:11 ` Anderson Lizardo
2010-12-06 14:21 ` Johan Hedberg
2010-12-06 20:37 ` Gustavo F. Padovan
2010-12-07 22:21 Initial Management patches (rebased again) johan.hedberg
2010-12-07 22:21 ` [PATCH 2/3] Bluetooth: Add initial Bluetooth Management interface callbacks johan.hedberg
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20101124191025.GA2592@vigoh \
--to=padovan@profusion.mobi \
--cc=anderson.lizardo@openbossa.org \
--cc=johan.hedberg@gmail.com \
--cc=johan.hedberg@nokia.com \
--cc=linux-bluetooth@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).