From: Ravi Kumar Veeramally <ravikumar.veeramally@linux.intel.com>
To: linux-bluetooth@vger.kernel.org, Johan Hedberg <johan.hedberg@gmail.com>
Subject: Re: [PATCH_v3 3/3] android/pan: Handle connection and control state notifications
Date: Wed, 13 Nov 2013 11:46:30 +0200 [thread overview]
Message-ID: <52834A76.4050600@linux.intel.com> (raw)
In-Reply-To: <20131113093301.GB1749@x220.p-661hnu-f1>
Hi Johan,
On 11/13/2013 11:33 AM, Johan Hedberg wrote:
> Hi Ravi,
>
> On Wed, Nov 13, 2013, Ravi kumar Veeramally wrote:
>> ---
>> android/hal-pan.c | 31 +++++++++++++++++++++++++++++++
>> 1 file changed, 31 insertions(+)
> I've applied the first two patches, but for this one I've got a few
> questions:
>
>> diff --git a/android/hal-pan.c b/android/hal-pan.c
>> index 851c5d2..2bc560e 100644
>> --- a/android/hal-pan.c
>> +++ b/android/hal-pan.c
>> @@ -31,10 +31,41 @@ static bool interface_ready(void)
>> return cbs != NULL;
>> }
>>
>> +static void handle_conn_state(void *buf)
>> +{
>> + struct hal_ev_pan_conn_state *ev = buf;
>> +
>> + if (cbs->connection_state_cb)
>> + cbs->connection_state_cb(ev->state, ev->status,
>> + (bt_bdaddr_t *) ev->bdaddr,
>> + ev->local_role, ev->remote_role);
>> +}
>> +
>> +static void handle_ctrl_state(void *buf)
>> +{
>> + struct hal_ev_pan_ctrl_state *ev = buf;
>> +
>> + if (cbs->control_state_cb)
>> + cbs->control_state_cb(ev->state, ev->status,
>> + ev->local_role, (char *)ev->name);
>> +}
>> +
>> void bt_notify_pan(uint8_t opcode, void *buf, uint16_t len)
>> {
>> if (!interface_ready())
>> return;
>> +
>> + switch (opcode) {
>> + case HAL_EV_PAN_CONN_STATE:
>> + handle_conn_state(buf);
>> + break;
>> + case HAL_EV_PAN_CTRL_STATE:
>> + handle_ctrl_state(buf);
>> + break;
>> + default:
>> + DBG("Unhandled callback opcode=0x%x", opcode);
>> + break;
>> + }
>> }
> What I don't like about this is that you're not pushing the data length
> to the handler functions. If you did that the handler functions could:
>
> if (len < sizeof(*ev))
> return;
>
> Instead of return we could also just abort - what's the general policy
> on the HAL side regarding invalid data from the daemon? How does this
> relate to the work Szymon is doing to add proper checks for the IPC
> data? Is that only for the daemon side?
>
> Are we missing similar checks in other HALs too?
Yes, we are not doing similar checks in other HALs
(hal-bluetooth/a2dp/hid/) too.
Very few places in hal-bluetooth length is passing but validation is
not done.
I will fix them all and send you the patch.
Thanks,
Ravi.
next prev parent reply other threads:[~2013-11-13 9:46 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
2013-11-13 9:25 [PATCH_v3 1/3] android: Fix opcode parameter type from uint16_t to uint8_t Ravi kumar Veeramally
2013-11-13 9:25 ` [PATCH_v3 2/3] android/pan: Add notify method to PAN notifications Ravi kumar Veeramally
2013-11-13 9:25 ` [PATCH_v3 3/3] android/pan: Handle connection and control state notifications Ravi kumar Veeramally
2013-11-13 9:33 ` Johan Hedberg
2013-11-13 9:46 ` Ravi Kumar Veeramally [this message]
2013-11-13 9:59 ` Szymon Janc
2013-11-13 10:11 ` Ravi Kumar Veeramally
2013-11-13 11:16 ` Johan Hedberg
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=52834A76.4050600@linux.intel.com \
--to=ravikumar.veeramally@linux.intel.com \
--cc=johan.hedberg@gmail.com \
--cc=linux-bluetooth@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox