[PATCH 0/1] transport: Check if transport is bcast before it's cast to bap

Linux bluetooth development
 help / color / mirror / Atom feed

* [PATCH 0/1] transport: Check if transport is bcast before it's cast to bap_transport
@ 2023-12-19 12:49 Vlad Pruteanu
  2023-12-19 12:49 ` [PATCH 1/1] " Vlad Pruteanu
  0 siblings, 1 reply; 4+ messages in thread
From: Vlad Pruteanu @ 2023-12-19 12:49 UTC (permalink / raw)
  To: linux-bluetooth
  Cc: claudia.rosu, mihai-octavian.urzica, silviu.barbulescu,
	iulia.tanasescu, andrei.istodorescu, luiz.dentz, Vlad Pruteanu

Currently, when a transport is released it is cast to bap_transport without
checking if the transport is actually a broadcast one. Then, based on this
cast it is released. Problems may occur with transports that are not
broadcast, but are still cast to bap_transport. This commit fixes this
problem.

Vlad Pruteanu (1):
  transport: Check if transport is bcast before it's cast to
    bap_transport

 profiles/audio/transport.c | 15 +++++++++++----
 1 file changed, 11 insertions(+), 4 deletions(-)

-- 
2.39.2

^ permalink raw reply	[flat|nested] 4+ messages in thread

* [PATCH 1/1] transport: Check if transport is bcast before it's cast to bap_transport
  2023-12-19 12:49 [PATCH 0/1] transport: Check if transport is bcast before it's cast to bap_transport Vlad Pruteanu
@ 2023-12-19 12:49 ` Vlad Pruteanu
  2023-12-19 14:10   ` bluez.test.bot
  2023-12-20 10:49   ` [PATCH 1/1] " Ronan Pigott
  0 siblings, 2 replies; 4+ messages in thread
From: Vlad Pruteanu @ 2023-12-19 12:49 UTC (permalink / raw)
  To: linux-bluetooth
  Cc: claudia.rosu, mihai-octavian.urzica, silviu.barbulescu,
	iulia.tanasescu, andrei.istodorescu, luiz.dentz, Vlad Pruteanu

Currently, when a transport is released it is cast to bap_transport without
checking if the transport is actually a broadcast one. Then, based on this
cast it is released. Problems may occur with transports that are not
broadcast, but are still cast to bap_transport. This commit fixes this
problem.
---
 profiles/audio/transport.c | 15 +++++++++++----
 1 file changed, 11 insertions(+), 4 deletions(-)

diff --git a/profiles/audio/transport.c b/profiles/audio/transport.c
index e2073451c..555da99a8 100644
--- a/profiles/audio/transport.c
+++ b/profiles/audio/transport.c
@@ -643,7 +643,6 @@ static DBusMessage *release(DBusConnection *conn, DBusMessage *msg,
 {
 	struct media_transport *transport = data;
 	struct media_owner *owner = transport->owner;
-	struct bap_transport *bap = transport->data;
 	const char *sender;
 	struct media_request *req;
 	guint id;
@@ -675,9 +674,17 @@ static DBusMessage *release(DBusConnection *conn, DBusMessage *msg,
 	req = media_request_create(msg, id);
 	media_owner_add(owner, req);
 
-	if (bt_bap_stream_get_type(bap->stream) ==
-			BT_BAP_STREAM_TYPE_BCAST) {
-		bap_disable_complete(bap->stream, 0x00, 0x00, owner);
+	if (!strcmp(media_endpoint_get_uuid(transport->endpoint),
+					BAA_SERVICE_UUID)
+		|| !strcmp(media_endpoint_get_uuid(transport->endpoint),
+						BCAA_SERVICE_UUID)) {
+
+		struct bap_transport *bap = transport->data;
+
+		if (bt_bap_stream_get_type(bap->stream) ==
+				BT_BAP_STREAM_TYPE_BCAST) {
+			bap_disable_complete(bap->stream, 0x00, 0x00, owner);
+		}
 	}
 
 	return NULL;
-- 
2.39.2


^ permalink raw reply related	[flat|nested] 4+ messages in thread

* RE: transport: Check if transport is bcast before it's cast to bap_transport
  2023-12-19 12:49 ` [PATCH 1/1] " Vlad Pruteanu
@ 2023-12-19 14:10   ` bluez.test.bot
  2023-12-20 10:49   ` [PATCH 1/1] " Ronan Pigott
  1 sibling, 0 replies; 4+ messages in thread
From: bluez.test.bot @ 2023-12-19 14:10 UTC (permalink / raw)
  To: linux-bluetooth, vlad.pruteanu

[-- Attachment #1: Type: text/plain, Size: 946 bytes --]

This is automated email and please do not reply to this email!

Dear submitter,

Thank you for submitting the patches to the linux bluetooth mailing list.
This is a CI test results with your patch series:
PW Link:https://patchwork.kernel.org/project/bluetooth/list/?series=811394

---Test result---

Test Summary:
CheckPatch                    PASS      0.48 seconds
GitLint                       PASS      0.66 seconds
BuildEll                      PASS      24.09 seconds
BluezMake                     PASS      724.68 seconds
MakeCheck                     PASS      12.23 seconds
MakeDistcheck                 PASS      161.22 seconds
CheckValgrind                 PASS      221.22 seconds
CheckSmatch                   PASS      329.59 seconds
bluezmakeextell               PASS      107.36 seconds
IncrementalBuild              PASS      691.09 seconds
ScanBuild                     PASS      949.26 seconds



---
Regards,
Linux Bluetooth


^ permalink raw reply	[flat|nested] 4+ messages in thread

* Re: [PATCH 1/1] transport: Check if transport is bcast before it's cast to bap_transport
  2023-12-19 12:49 ` [PATCH 1/1] " Vlad Pruteanu
  2023-12-19 14:10   ` bluez.test.bot
@ 2023-12-20 10:49   ` Ronan Pigott
  1 sibling, 0 replies; 4+ messages in thread
From: Ronan Pigott @ 2023-12-20 10:49 UTC (permalink / raw)
  To: vlad.pruteanu
  Cc: andrei.istodorescu, claudia.rosu, iulia.tanasescu,
	linux-bluetooth, luiz.dentz, mihai-octavian.urzica,
	silviu.barbulescu, Ronan Pigott

Hi Vlad,

This appears to fix the use-after-free in bluez 5.71. Thanks.

Tested-by: Ronan Pigott <ronan@rjp.ie>

Cheers,

Ronan

^ permalink raw reply	[flat|nested] 4+ messages in thread

end of thread, other threads:[~2023-12-20 10:55 UTC | newest]

Thread overview: 4+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2023-12-19 12:49 [PATCH 0/1] transport: Check if transport is bcast before it's cast to bap_transport Vlad Pruteanu
2023-12-19 12:49 ` [PATCH 1/1] " Vlad Pruteanu
2023-12-19 14:10   ` bluez.test.bot
2023-12-20 10:49   ` [PATCH 1/1] " Ronan Pigott

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox