linux-bluetooth.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
* [PATCH obexd] PBAP: Fix possible invalid memory access
@ 2012-01-10  7:13 Sunil Kumar Behera
  2012-01-11 14:56 ` Johan Hedberg
  0 siblings, 1 reply; 2+ messages in thread
From: Sunil Kumar Behera @ 2012-01-10  7:13 UTC (permalink / raw)
  To: linux-bluetooth; +Cc: Sunil Kumar Behera

Issue: As reported by static code analyzer (Coverity), if
buffer is NULL and aparams is not NULL, then buffer gets
dereferenced in string_read function.
Fix: Application parameter is allocated only if maxlistcount
is zero during phonebooksize request and buffer is allocated
in case of pull phonebook request, hence modify logic to avoid
application parameter check, as it is tightly coupled with
maxlistcount.
---
 plugins/pbap.c |    9 +++++----
 1 files changed, 5 insertions(+), 4 deletions(-)

diff --git a/plugins/pbap.c b/plugins/pbap.c
index 0f07c46..eb2bc9c 100644
--- a/plugins/pbap.c
+++ b/plugins/pbap.c
@@ -996,11 +996,12 @@ static ssize_t vobject_pull_read(void *object, void *buf, size_t count)
 	DBG("buffer %p maxlistcount %d", obj->buffer,
 						pbap->params->maxlistcount);
 
-	if (!obj->buffer && !obj->aparams)
-		return -EAGAIN;
+	if (!obj->buffer) {
+		if (pbap->params->maxlistcount == 0)
+			return -ENOSTR;
 
-	if (pbap->params->maxlistcount == 0)
-		return -ENOSTR;
+		return -EAGAIN;
+	}
 
 	len = string_read(obj->buffer, buf, count);
 	if (len == 0 && !obj->lastpart) {
-- 
1.7.4.1


^ permalink raw reply related	[flat|nested] 2+ messages in thread
end of thread, other threads:[~2012-01-11 14:56 UTC | newest]

Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2012-01-10  7:13 [PATCH obexd] PBAP: Fix possible invalid memory access Sunil Kumar Behera
2012-01-11 14:56 ` Johan Hedberg

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).