* [PATCH 0/1] transport: Check if transport is bcast before it's cast to bap_transport
@ 2023-12-19 12:49 Vlad Pruteanu
2023-12-19 12:49 ` [PATCH 1/1] " Vlad Pruteanu
0 siblings, 1 reply; 4+ messages in thread
From: Vlad Pruteanu @ 2023-12-19 12:49 UTC (permalink / raw)
To: linux-bluetooth
Cc: claudia.rosu, mihai-octavian.urzica, silviu.barbulescu,
iulia.tanasescu, andrei.istodorescu, luiz.dentz, Vlad Pruteanu
Currently, when a transport is released it is cast to bap_transport without
checking if the transport is actually a broadcast one. Then, based on this
cast it is released. Problems may occur with transports that are not
broadcast, but are still cast to bap_transport. This commit fixes this
problem.
Vlad Pruteanu (1):
transport: Check if transport is bcast before it's cast to
bap_transport
profiles/audio/transport.c | 15 +++++++++++----
1 file changed, 11 insertions(+), 4 deletions(-)
--
2.39.2
^ permalink raw reply [flat|nested] 4+ messages in thread* [PATCH 1/1] transport: Check if transport is bcast before it's cast to bap_transport 2023-12-19 12:49 [PATCH 0/1] transport: Check if transport is bcast before it's cast to bap_transport Vlad Pruteanu @ 2023-12-19 12:49 ` Vlad Pruteanu 2023-12-19 14:10 ` bluez.test.bot 2023-12-20 10:49 ` [PATCH 1/1] " Ronan Pigott 0 siblings, 2 replies; 4+ messages in thread From: Vlad Pruteanu @ 2023-12-19 12:49 UTC (permalink / raw) To: linux-bluetooth Cc: claudia.rosu, mihai-octavian.urzica, silviu.barbulescu, iulia.tanasescu, andrei.istodorescu, luiz.dentz, Vlad Pruteanu Currently, when a transport is released it is cast to bap_transport without checking if the transport is actually a broadcast one. Then, based on this cast it is released. Problems may occur with transports that are not broadcast, but are still cast to bap_transport. This commit fixes this problem. --- profiles/audio/transport.c | 15 +++++++++++---- 1 file changed, 11 insertions(+), 4 deletions(-) diff --git a/profiles/audio/transport.c b/profiles/audio/transport.c index e2073451c..555da99a8 100644 --- a/profiles/audio/transport.c +++ b/profiles/audio/transport.c @@ -643,7 +643,6 @@ static DBusMessage *release(DBusConnection *conn, DBusMessage *msg, { struct media_transport *transport = data; struct media_owner *owner = transport->owner; - struct bap_transport *bap = transport->data; const char *sender; struct media_request *req; guint id; @@ -675,9 +674,17 @@ static DBusMessage *release(DBusConnection *conn, DBusMessage *msg, req = media_request_create(msg, id); media_owner_add(owner, req); - if (bt_bap_stream_get_type(bap->stream) == - BT_BAP_STREAM_TYPE_BCAST) { - bap_disable_complete(bap->stream, 0x00, 0x00, owner); + if (!strcmp(media_endpoint_get_uuid(transport->endpoint), + BAA_SERVICE_UUID) + || !strcmp(media_endpoint_get_uuid(transport->endpoint), + BCAA_SERVICE_UUID)) { + + struct bap_transport *bap = transport->data; + + if (bt_bap_stream_get_type(bap->stream) == + BT_BAP_STREAM_TYPE_BCAST) { + bap_disable_complete(bap->stream, 0x00, 0x00, owner); + } } return NULL; -- 2.39.2 ^ permalink raw reply related [flat|nested] 4+ messages in thread
* RE: transport: Check if transport is bcast before it's cast to bap_transport 2023-12-19 12:49 ` [PATCH 1/1] " Vlad Pruteanu @ 2023-12-19 14:10 ` bluez.test.bot 2023-12-20 10:49 ` [PATCH 1/1] " Ronan Pigott 1 sibling, 0 replies; 4+ messages in thread From: bluez.test.bot @ 2023-12-19 14:10 UTC (permalink / raw) To: linux-bluetooth, vlad.pruteanu [-- Attachment #1: Type: text/plain, Size: 946 bytes --] This is automated email and please do not reply to this email! Dear submitter, Thank you for submitting the patches to the linux bluetooth mailing list. This is a CI test results with your patch series: PW Link:https://patchwork.kernel.org/project/bluetooth/list/?series=811394 ---Test result--- Test Summary: CheckPatch PASS 0.48 seconds GitLint PASS 0.66 seconds BuildEll PASS 24.09 seconds BluezMake PASS 724.68 seconds MakeCheck PASS 12.23 seconds MakeDistcheck PASS 161.22 seconds CheckValgrind PASS 221.22 seconds CheckSmatch PASS 329.59 seconds bluezmakeextell PASS 107.36 seconds IncrementalBuild PASS 691.09 seconds ScanBuild PASS 949.26 seconds --- Regards, Linux Bluetooth ^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [PATCH 1/1] transport: Check if transport is bcast before it's cast to bap_transport 2023-12-19 12:49 ` [PATCH 1/1] " Vlad Pruteanu 2023-12-19 14:10 ` bluez.test.bot @ 2023-12-20 10:49 ` Ronan Pigott 1 sibling, 0 replies; 4+ messages in thread From: Ronan Pigott @ 2023-12-20 10:49 UTC (permalink / raw) To: vlad.pruteanu Cc: andrei.istodorescu, claudia.rosu, iulia.tanasescu, linux-bluetooth, luiz.dentz, mihai-octavian.urzica, silviu.barbulescu, Ronan Pigott Hi Vlad, This appears to fix the use-after-free in bluez 5.71. Thanks. Tested-by: Ronan Pigott <ronan@rjp.ie> Cheers, Ronan ^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2023-12-20 10:55 UTC | newest] Thread overview: 4+ messages (download: mbox.gz follow: Atom feed -- links below jump to the message on this page -- 2023-12-19 12:49 [PATCH 0/1] transport: Check if transport is bcast before it's cast to bap_transport Vlad Pruteanu 2023-12-19 12:49 ` [PATCH 1/1] " Vlad Pruteanu 2023-12-19 14:10 ` bluez.test.bot 2023-12-20 10:49 ` [PATCH 1/1] " Ronan Pigott
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox