* [PATCH BlueZ 4/5] lib: Use SDP_IS_TEXT_STR()/SDP_IS_SEQ() where possible
From: Anderson Lizardo @ 2013-01-07 11:56 UTC (permalink / raw)
To: linux-bluetooth; +Cc: Anderson Lizardo
In-Reply-To: <1357559795-22090-1-git-send-email-anderson.lizardo@openbossa.org>
---
lib/sdp.c | 12 +++++-------
1 file changed, 5 insertions(+), 7 deletions(-)
diff --git a/lib/sdp.c b/lib/sdp.c
index 2dac6c7..ca474cd 100644
--- a/lib/sdp.c
+++ b/lib/sdp.c
@@ -570,7 +570,7 @@ static void extract_svclass_uuid(sdp_data_t *data, uuid_t *uuid)
{
sdp_data_t *d;
- if (!data || data->dtd < SDP_SEQ8 || data->dtd > SDP_SEQ32)
+ if (!data || !SDP_IS_SEQ(data->dtd))
return;
d = data->val.dataseq;
@@ -1912,7 +1912,7 @@ int sdp_get_uuidseq_attr(const sdp_record_t *rec, uint16_t attr,
sdp_data_t *sdpdata = sdp_data_get(rec, attr);
*seqp = NULL;
- if (sdpdata && sdpdata->dtd >= SDP_SEQ8 && sdpdata->dtd <= SDP_SEQ32) {
+ if (sdpdata && SDP_IS_SEQ(sdpdata->dtd)) {
sdp_data_t *d;
for (d = sdpdata->val.dataseq; d; d = d->next) {
uuid_t *u;
@@ -2128,9 +2128,7 @@ int sdp_get_string_attr(const sdp_record_t *rec, uint16_t attrid, char *value,
sdp_data_t *sdpdata = sdp_data_get(rec, attrid);
if (sdpdata)
/* Verify that it is what the caller expects */
- if (sdpdata->dtd == SDP_TEXT_STR8 ||
- sdpdata->dtd == SDP_TEXT_STR16 ||
- sdpdata->dtd == SDP_TEXT_STR32)
+ if (SDP_IS_TEXT_STR(sdpdata->dtd))
if ((int) strlen(sdpdata->val.str) < valuelen) {
strcpy(value, sdpdata->val.str);
return 0;
@@ -4744,7 +4742,7 @@ int sdp_get_supp_feat(const sdp_record_t *rec, sdp_list_t **seqp)
sdpdata = sdp_data_get(rec, SDP_ATTR_SUPPORTED_FEATURES_LIST);
- if (!sdpdata || sdpdata->dtd < SDP_SEQ8 || sdpdata->dtd > SDP_SEQ32)
+ if (!sdpdata || !SDP_IS_SEQ(sdpdata->dtd))
return sdp_get_uuidseq_attr(rec,
SDP_ATTR_SUPPORTED_FEATURES_LIST, seqp);
@@ -4752,7 +4750,7 @@ int sdp_get_supp_feat(const sdp_record_t *rec, sdp_list_t **seqp)
sdp_data_t *dd;
sdp_list_t *subseq;
- if (d->dtd < SDP_SEQ8 || d->dtd > SDP_SEQ32)
+ if (!SDP_IS_SEQ(d->dtd))
goto fail;
subseq = NULL;
--
1.7.9.5
^ permalink raw reply related
* [PATCH v2 BlueZ 3/5] input: Validate SDP HIDDescriptorList subattributes
From: Anderson Lizardo @ 2013-01-07 11:56 UTC (permalink / raw)
To: linux-bluetooth; +Cc: Anderson Lizardo
In-Reply-To: <1357559795-22090-1-git-send-email-anderson.lizardo@openbossa.org>
It should not be assumed that remote SDP attributes are in a compliant
format. This fixes a couple of invalid pointer access on invalid data.
---
profiles/input/device.c | 60 ++++++++++++++++++++++++++++++++++++-----------
1 file changed, 46 insertions(+), 14 deletions(-)
diff --git a/profiles/input/device.c b/profiles/input/device.c
index eaf5681..1da9d99 100644
--- a/profiles/input/device.c
+++ b/profiles/input/device.c
@@ -222,6 +222,49 @@ static int create_hid_dev_name(sdp_record_t *rec, struct hidp_connadd_req *req)
return 0;
}
+/* See HID profile specification v1.0, "7.11.6 HIDDescriptorList" for details
+ * on the attribute format. */
+static int extract_hid_desc_data(sdp_record_t *rec,
+ struct hidp_connadd_req *req)
+{
+ sdp_data_t *d;
+
+ d = sdp_data_get(rec, SDP_ATTR_HID_DESCRIPTOR_LIST);
+ if (!d)
+ goto invalid_desc;
+
+ if (!SDP_IS_SEQ(d->dtd))
+ goto invalid_desc;
+
+ /* First HIDDescriptor */
+ d = d->val.dataseq;
+ if (!SDP_IS_SEQ(d->dtd))
+ goto invalid_desc;
+
+ /* ClassDescriptorType */
+ d = d->val.dataseq;
+ if (d->dtd != SDP_UINT8)
+ goto invalid_desc;
+
+ /* ClassDescriptorData */
+ d = d->next;
+ if (!d || !SDP_IS_TEXT_STR(d->dtd))
+ goto invalid_desc;
+
+ req->rd_data = g_try_malloc0(d->unitSize);
+ if (req->rd_data) {
+ memcpy(req->rd_data, d->val.str, d->unitSize);
+ req->rd_size = d->unitSize;
+ epox_endian_quirk(req->rd_data, req->rd_size);
+ }
+
+ return 0;
+
+invalid_desc:
+ error("Missing or invalid HIDDescriptorList SDP attribute");
+ return -EINVAL;
+}
+
static int extract_hid_record(sdp_record_t *rec, struct hidp_connadd_req *req)
{
sdp_data_t *pdlist;
@@ -251,20 +294,9 @@ static int extract_hid_record(sdp_record_t *rec, struct hidp_connadd_req *req)
if (attr_val)
req->flags |= (1 << HIDP_BOOT_PROTOCOL_MODE);
- pdlist = sdp_data_get(rec, SDP_ATTR_HID_DESCRIPTOR_LIST);
- if (pdlist) {
- pdlist = pdlist->val.dataseq;
- pdlist = pdlist->val.dataseq;
- pdlist = pdlist->next;
-
- req->rd_data = g_try_malloc0(pdlist->unitSize);
- if (req->rd_data) {
- memcpy(req->rd_data, (unsigned char *) pdlist->val.str,
- pdlist->unitSize);
- req->rd_size = pdlist->unitSize;
- epox_endian_quirk(req->rd_data, req->rd_size);
- }
- }
+ err = extract_hid_desc_data(rec, req);
+ if (err < 0)
+ return err;
return 0;
}
--
1.7.9.5
^ permalink raw reply related
* [PATCH BlueZ 2/5] lib: Trivial whitespace and line wrapping fix
From: Anderson Lizardo @ 2013-01-07 11:56 UTC (permalink / raw)
To: linux-bluetooth; +Cc: Anderson Lizardo
In-Reply-To: <1357559795-22090-1-git-send-email-anderson.lizardo@openbossa.org>
---
lib/sdp.h | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/lib/sdp.h b/lib/sdp.h
index 42681a2..a81e857 100644
--- a/lib/sdp.h
+++ b/lib/sdp.h
@@ -438,7 +438,8 @@ typedef struct {
} value;
} uuid_t;
-#define SDP_IS_UUID(x) ((x) == SDP_UUID16 || (x) == SDP_UUID32 || (x) ==SDP_UUID128)
+#define SDP_IS_UUID(x) ((x) == SDP_UUID16 || (x) == SDP_UUID32 || \
+ (x) == SDP_UUID128)
#define SDP_IS_SEQ(x) ((x) == SDP_SEQ8 || (x) == SDP_SEQ16 || (x) == SDP_SEQ32)
#define SDP_IS_TEXT_STR(x) ((x) == SDP_TEXT_STR8 || (x) == SDP_TEXT_STR16 || \
(x) == SDP_TEXT_STR32)
--
1.7.9.5
^ permalink raw reply related
* [PATCH BlueZ 1/5] lib: Add SDP_IS_TEXT_STR() macro for SDP_TEXT_STR* checking
From: Anderson Lizardo @ 2013-01-07 11:56 UTC (permalink / raw)
To: linux-bluetooth; +Cc: Anderson Lizardo
This new macro avoids constructs like "if (d->dtd < SDP_TEXT_STR8 ||
d->dtd > SDP_TEXT_STR32)" which are harder to read.
---
lib/sdp.h | 2 ++
1 file changed, 2 insertions(+)
diff --git a/lib/sdp.h b/lib/sdp.h
index 4448805..42681a2 100644
--- a/lib/sdp.h
+++ b/lib/sdp.h
@@ -440,6 +440,8 @@ typedef struct {
#define SDP_IS_UUID(x) ((x) == SDP_UUID16 || (x) == SDP_UUID32 || (x) ==SDP_UUID128)
#define SDP_IS_SEQ(x) ((x) == SDP_SEQ8 || (x) == SDP_SEQ16 || (x) == SDP_SEQ32)
+#define SDP_IS_TEXT_STR(x) ((x) == SDP_TEXT_STR8 || (x) == SDP_TEXT_STR16 || \
+ (x) == SDP_TEXT_STR32)
typedef struct _sdp_list sdp_list_t;
struct _sdp_list {
--
1.7.9.5
^ permalink raw reply related
* [PATCH] adapter: Fix storage to be used by BlueZ 4 or 5
From: Frédéric Danis @ 2013-01-07 10:53 UTC (permalink / raw)
To: linux-bluetooth
Conversion should be performed only one time, but using "converted"
entry in device related files generates a bogus device object with
dev_CONVERTED path when starting BlueZ 4.
If "settings" file has been created we've done the conversion and
we can use it to check if conversion has already been done.
Remove "converted" entries in converted files
---
src/adapter.c | 177 +++++++++++++++++++++++++++++++--------------------------
1 file changed, 95 insertions(+), 82 deletions(-)
diff --git a/src/adapter.c b/src/adapter.c
index d3e5dd4..e6ef678 100644
--- a/src/adapter.c
+++ b/src/adapter.c
@@ -2792,23 +2792,15 @@ static void convert_file(char *file, char *address,
{
char filename[PATH_MAX + 1];
struct device_converter converter;
- char *str;
snprintf(filename, PATH_MAX, STORAGEDIR "/%s/%s", address, file);
filename[PATH_MAX] = '\0';
- str = textfile_get(filename, "converted");
- if (str && strcmp(str, "yes") == 0) {
- DBG("Legacy file %s already converted", filename);
- } else {
- converter.address = address;
- converter.cb = cb;
- converter.force = force;
+ converter.address = address;
+ converter.cb = cb;
+ converter.force = force;
- textfile_foreach(filename, convert_entry, &converter);
- textfile_put(filename, "converted", "yes");
- }
- free(str);
+ textfile_foreach(filename, convert_entry, &converter);
}
static gboolean record_has_uuid(const sdp_record_t *rec,
@@ -3205,22 +3197,13 @@ static void convert_device_storage(struct btd_adapter *adapter)
{
char filename[PATH_MAX + 1];
char address[18];
- char *str;
ba2str(&adapter->bdaddr, address);
/* Convert device's name cache */
snprintf(filename, PATH_MAX, STORAGEDIR "/%s/names", address);
filename[PATH_MAX] = '\0';
-
- str = textfile_get(filename, "converted");
- if (str && strcmp(str, "yes") == 0) {
- DBG("Legacy names file already converted");
- } else {
- textfile_foreach(filename, convert_names_entry, address);
- textfile_put(filename, "converted", "yes");
- }
- free(str);
+ textfile_foreach(filename, convert_names_entry, address);
/* Convert aliases */
convert_file("aliases", address, convert_aliases_entry, TRUE);
@@ -3237,15 +3220,7 @@ static void convert_device_storage(struct btd_adapter *adapter)
/* Convert primaries */
snprintf(filename, PATH_MAX, STORAGEDIR "/%s/primaries", address);
filename[PATH_MAX] = '\0';
-
- str = textfile_get(filename, "converted");
- if (str && strcmp(str, "yes") == 0) {
- DBG("Legacy %s file already converted", filename);
- } else {
- textfile_foreach(filename, convert_primaries_entry, address);
- textfile_put(filename, "converted", "yes");
- }
- free(str);
+ textfile_foreach(filename, convert_primaries_entry, address);
/* Convert linkkeys */
convert_file("linkkeys", address, convert_linkkey_entry, TRUE);
@@ -3262,28 +3237,12 @@ static void convert_device_storage(struct btd_adapter *adapter)
/* Convert sdp */
snprintf(filename, PATH_MAX, STORAGEDIR "/%s/sdp", address);
filename[PATH_MAX] = '\0';
-
- str = textfile_get(filename, "converted");
- if (str && strcmp(str, "yes") == 0) {
- DBG("Legacy %s file already converted", filename);
- } else {
- textfile_foreach(filename, convert_sdp_entry, address);
- textfile_put(filename, "converted", "yes");
- }
- free(str);
+ textfile_foreach(filename, convert_sdp_entry, address);
/* Convert ccc */
snprintf(filename, PATH_MAX, STORAGEDIR "/%s/ccc", address);
filename[PATH_MAX] = '\0';
-
- str = textfile_get(filename, "converted");
- if (str && strcmp(str, "yes") == 0) {
- DBG("Legacy %s file already converted", filename);
- } else {
- textfile_foreach(filename, convert_ccc_entry, address);
- textfile_put(filename, "converted", "yes");
- }
- free(str);
+ textfile_foreach(filename, convert_ccc_entry, address);
/* Convert appearances */
convert_file("appearances", address, convert_appearances_entry, FALSE);
@@ -3291,28 +3250,12 @@ static void convert_device_storage(struct btd_adapter *adapter)
/* Convert gatt */
snprintf(filename, PATH_MAX, STORAGEDIR "/%s/gatt", address);
filename[PATH_MAX] = '\0';
-
- str = textfile_get(filename, "converted");
- if (str && strcmp(str, "yes") == 0) {
- DBG("Legacy %s file already converted", filename);
- } else {
- textfile_foreach(filename, convert_gatt_entry, address);
- textfile_put(filename, "converted", "yes");
- }
- free(str);
+ textfile_foreach(filename, convert_gatt_entry, address);
/* Convert proximity */
snprintf(filename, PATH_MAX, STORAGEDIR "/%s/proximity", address);
filename[PATH_MAX] = '\0';
-
- str = textfile_get(filename, "converted");
- if (str && strcmp(str, "yes") == 0) {
- DBG("Legacy %s file already converted", filename);
- } else {
- textfile_foreach(filename, convert_proximity_entry, address);
- textfile_put(filename, "converted", "yes");
- }
- free(str);
+ textfile_foreach(filename, convert_proximity_entry, address);
}
static void convert_config(struct btd_adapter *adapter, const char *filename,
@@ -3321,7 +3264,6 @@ static void convert_config(struct btd_adapter *adapter, const char *filename,
char address[18];
char str[MAX_NAME_LENGTH + 1];
char config_path[PATH_MAX + 1];
- char *converted;
gboolean flag;
int timeout;
uint8_t mode;
@@ -3332,17 +3274,6 @@ static void convert_config(struct btd_adapter *adapter, const char *filename,
snprintf(config_path, PATH_MAX, STORAGEDIR "/%s/config", address);
config_path[PATH_MAX] = '\0';
- converted = textfile_get(config_path, "converted");
- if (converted) {
- if (strcmp(converted, "yes") == 0) {
- DBG("Legacy config file already converted");
- free(converted);
- return;
- }
-
- free(converted);
- }
-
if (read_device_pairable(&adapter->bdaddr, &flag) == 0)
g_key_file_set_boolean(key_file, "General", "Pairable", flag);
@@ -3368,8 +3299,85 @@ static void convert_config(struct btd_adapter *adapter, const char *filename,
data = g_key_file_to_data(key_file, &length, NULL);
g_file_set_contents(filename, data, length, NULL);
g_free(data);
+}
+
+static void fix_storage(struct btd_adapter *adapter)
+{
+ char filename[PATH_MAX + 1];
+ char address[18];
+ char *converted;
+
+ ba2str(&adapter->bdaddr, address);
+
+ snprintf(filename, PATH_MAX, STORAGEDIR "/%s/config", address);
+ filename[PATH_MAX] = '\0';
+ converted = textfile_get(filename, "converted");
+ if (!converted)
+ return;
+
+ free(converted);
- textfile_put(config_path, "converted", "yes");
+ textfile_del(filename, "converted");
+
+ snprintf(filename, PATH_MAX, STORAGEDIR "/%s/names", address);
+ filename[PATH_MAX] = '\0';
+ textfile_del(filename, "converted");
+
+ snprintf(filename, PATH_MAX, STORAGEDIR "/%s/aliases", address);
+ filename[PATH_MAX] = '\0';
+ textfile_del(filename, "converted");
+
+ snprintf(filename, PATH_MAX, STORAGEDIR "/%s/trusts", address);
+ filename[PATH_MAX] = '\0';
+ textfile_del(filename, "converted");
+
+ snprintf(filename, PATH_MAX, STORAGEDIR "/%s/blocked", address);
+ filename[PATH_MAX] = '\0';
+ textfile_del(filename, "converted");
+
+ snprintf(filename, PATH_MAX, STORAGEDIR "/%s/profiles", address);
+ filename[PATH_MAX] = '\0';
+ textfile_del(filename, "converted");
+
+ snprintf(filename, PATH_MAX, STORAGEDIR "/%s/primaries", address);
+ filename[PATH_MAX] = '\0';
+ textfile_del(filename, "converted");
+
+ snprintf(filename, PATH_MAX, STORAGEDIR "/%s/linkkeys", address);
+ filename[PATH_MAX] = '\0';
+ textfile_del(filename, "converted");
+
+ snprintf(filename, PATH_MAX, STORAGEDIR "/%s/longtermkeys", address);
+ filename[PATH_MAX] = '\0';
+ textfile_del(filename, "converted");
+
+ snprintf(filename, PATH_MAX, STORAGEDIR "/%s/classes", address);
+ filename[PATH_MAX] = '\0';
+ textfile_del(filename, "converted");
+
+ snprintf(filename, PATH_MAX, STORAGEDIR "/%s/did", address);
+ filename[PATH_MAX] = '\0';
+ textfile_del(filename, "converted");
+
+ snprintf(filename, PATH_MAX, STORAGEDIR "/%s/sdp", address);
+ filename[PATH_MAX] = '\0';
+ textfile_del(filename, "converted");
+
+ snprintf(filename, PATH_MAX, STORAGEDIR "/%s/ccc", address);
+ filename[PATH_MAX] = '\0';
+ textfile_del(filename, "converted");
+
+ snprintf(filename, PATH_MAX, STORAGEDIR "/%s/appearances", address);
+ filename[PATH_MAX] = '\0';
+ textfile_del(filename, "converted");
+
+ snprintf(filename, PATH_MAX, STORAGEDIR "/%s/gatt", address);
+ filename[PATH_MAX] = '\0';
+ textfile_del(filename, "converted");
+
+ snprintf(filename, PATH_MAX, STORAGEDIR "/%s/proximity", address);
+ filename[PATH_MAX] = '\0';
+ textfile_del(filename, "converted");
}
static void load_config(struct btd_adapter *adapter)
@@ -3377,6 +3385,7 @@ static void load_config(struct btd_adapter *adapter)
GKeyFile *key_file;
char filename[PATH_MAX + 1];
char address[18];
+ struct stat st;
GError *gerr = NULL;
gboolean stored_discoverable;
@@ -3387,8 +3396,12 @@ static void load_config(struct btd_adapter *adapter)
snprintf(filename, PATH_MAX, STORAGEDIR "/%s/settings", address);
filename[PATH_MAX] = '\0';
- if (!g_key_file_load_from_file(key_file, filename, 0, NULL))
+ if (stat(filename, &st) < 0) {
convert_config(adapter, filename, key_file);
+ convert_device_storage(adapter);
+ }
+
+ g_key_file_load_from_file(key_file, filename, 0, NULL);
/* Get alias */
adapter->stored_alias = g_key_file_get_string(key_file, "General",
@@ -4468,7 +4481,7 @@ static int adapter_register(struct btd_adapter *adapter)
btd_adapter_gatt_server_start(adapter);
load_config(adapter);
- convert_device_storage(adapter);
+ fix_storage(adapter);
load_drivers(adapter);
btd_profile_foreach(probe_profile, adapter);
clear_blocked(adapter);
--
1.7.9.5
^ permalink raw reply related
* Re: [PATCH BlueZ 4/4] input: Validate SDP HIDDescriptorList subattributes
From: Johan Hedberg @ 2013-01-07 8:27 UTC (permalink / raw)
To: Anderson Lizardo; +Cc: linux-bluetooth
In-Reply-To: <1357501558-3457-4-git-send-email-anderson.lizardo@openbossa.org>
Hi Lizardo,
On Sun, Jan 06, 2013, Anderson Lizardo wrote:
> It should not be assumed that remote SDP attributes are in a compliant
> format. This fixes a couple of invalid pointer access on invalid data.
> ---
> profiles/input/device.c | 60 ++++++++++++++++++++++++++++++++++++-----------
> 1 file changed, 46 insertions(+), 14 deletions(-)
I've applied the first three patches, but this one needs a bit of fixing
up:
> + if (d->dtd < SDP_SEQ8 || d->dtd > SDP_SEQ32)
> + goto invalid_desc;
Please always be explicit on what values you're checking for instead of
assuming that the reader of the code knows what's contained within some
range. In this case there's already a convenient SDP_IS_SEQ() macro you
could use.
> + if (d->dtd < SDP_SEQ8 || d->dtd > SDP_SEQ32)
> + goto invalid_desc;
Same here.
> + if (!d || d->dtd < SDP_TEXT_STR8 || d->dtd > SDP_TEXT_STR32)
> + goto invalid_desc;
I suppose the best way to handle this one is to add a SDP_IS_STR() macro
(in a separate patch) to lib/sdp.h and then use it in this patch.
Johan
^ permalink raw reply
* [PATCH v1] Bluetooth: Fix authentication if acl data comes before remote feature evt
From: Jaganath Kanakkassery @ 2013-01-07 7:29 UTC (permalink / raw)
To: linux-bluetooth; +Cc: Jaganath Kanakkassery
If remote device sends l2cap info request before read_remote_ext_feature
completes then mgmt_connected will be sent in hci_acldata_packet() and
remote name request wont be sent and eventually authentication wont happen
Hcidump log of the issue
< HCI Command: Create Connection (0x01|0x0005) plen 13
bdaddr BC:85:1F:74:7F:29 ptype 0xcc18 rswitch 0x01 clkoffset 0x4bf7 (valid)
Packet type: DM1 DM3 DM5 DH1 DH3 DH5
> HCI Event: Command Status (0x0f) plen 4
Create Connection (0x01|0x0005) status 0x00 ncmd 1
> HCI Event: Connect Complete (0x03) plen 11
status 0x00 handle 12 bdaddr BC:85:1F:74:7F:29 type ACL encrypt 0x00
< HCI Command: Read Remote Supported Features (0x01|0x001b) plen 2
handle 12
> HCI Event: Command Status (0x0f) plen 4
Read Remote Supported Features (0x01|0x001b) status 0x00 ncmd 1
> HCI Event: Read Remote Supported Features (0x0b) plen 11
status 0x00 handle 12
Features: 0xbf 0xfe 0xcf 0xfe 0xdb 0xff 0x7b 0x87
> HCI Event: Max Slots Change (0x1b) plen 3
handle 12 slots 5
< HCI Command: Read Remote Extended Features (0x01|0x001c) plen 3
handle 12 page 1
> HCI Event: Command Status (0x0f) plen 4
Read Remote Extended Features (0x01|0x001c) status 0x00 ncmd 1
> ACL data: handle 12 flags 0x02 dlen 10
L2CAP(s): Info req: type 2
< ACL data: handle 12 flags 0x00 dlen 16
L2CAP(s): Info rsp: type 2 result 0
Extended feature mask 0x00b8
Enhanced Retransmission mode
Streaming mode
FCS Option
Fixed Channels
> HCI Event: Read Remote Extended Features (0x23) plen 13
status 0x00 handle 12 page 1 max 1
Features: 0x01 0x00 0x00 0x00 0x00 0x00 0x00 0x00
> ACL data: handle 12 flags 0x02 dlen 10
L2CAP(s): Info req: type 3
< ACL data: handle 12 flags 0x00 dlen 20
L2CAP(s): Info rsp: type 3 result 0
Fixed channel list 0x00000002
L2CAP Signalling Channel
> HCI Event: Number of Completed Packets (0x13) plen 5
handle 12 packets 2
This patch moves sending mgmt_connected from hci_acldata_packet() to
l2cap_connect_req() since this code is to handle the scenario remote
device sends l2cap connect req too fast
---
v1 ---> Incorporated Johan's comments - Instead of fixing in hci_acldata_packet(),
move sending mgmt_connected to l2cap_connect_req since this code is mainly to
handle the scenario if remote device sends l2cap connection too fast
net/bluetooth/hci_core.c | 8 --------
net/bluetooth/l2cap_core.c | 11 +++++++++++
2 files changed, 11 insertions(+), 8 deletions(-)
diff --git a/net/bluetooth/hci_core.c b/net/bluetooth/hci_core.c
index 596660d..0f78e34 100644
--- a/net/bluetooth/hci_core.c
+++ b/net/bluetooth/hci_core.c
@@ -2810,14 +2810,6 @@ static void hci_acldata_packet(struct hci_dev *hdev, struct sk_buff *skb)
if (conn) {
hci_conn_enter_active_mode(conn, BT_POWER_FORCE_ACTIVE_OFF);
- hci_dev_lock(hdev);
- if (test_bit(HCI_MGMT, &hdev->dev_flags) &&
- !test_and_set_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags))
- mgmt_device_connected(hdev, &conn->dst, conn->type,
- conn->dst_type, 0, NULL, 0,
- conn->dev_class);
- hci_dev_unlock(hdev);
-
/* Send to upper protocol */
l2cap_recv_acldata(conn, skb, flags);
return;
diff --git a/net/bluetooth/l2cap_core.c b/net/bluetooth/l2cap_core.c
index 82a3bdc..7c7e932 100644
--- a/net/bluetooth/l2cap_core.c
+++ b/net/bluetooth/l2cap_core.c
@@ -3722,6 +3722,17 @@ sendresp:
static int l2cap_connect_req(struct l2cap_conn *conn,
struct l2cap_cmd_hdr *cmd, u8 *data)
{
+ struct hci_dev *hdev = conn->hcon->hdev;
+ struct hci_conn *hcon = conn->hcon;
+
+ hci_dev_lock(hdev);
+ if (test_bit(HCI_MGMT, &hdev->dev_flags) &&
+ !test_and_set_bit(HCI_CONN_MGMT_CONNECTED, &hcon->flags))
+ mgmt_device_connected(hdev, &hcon->dst, hcon->type,
+ hcon->dst_type, 0, NULL, 0,
+ hcon->dev_class);
+ hci_dev_unlock(hdev);
+
l2cap_connect(conn, cmd, data, L2CAP_CONN_RSP, 0);
return 0;
}
--
1.7.9.5
^ permalink raw reply related
* Re: Question about using bluetooth in Linux
From: Bastien Nocera @ 2013-01-07 7:06 UTC (permalink / raw)
To: William Lee; +Cc: linux-bluetooth
In-Reply-To: <CAH9efyhykOAy=M_4b9gQ89nkRERomiNyp8GJC=-XeDYTbkPwjw@mail.gmail.com>
On Sun, 2013-01-06 at 23:26 -0700, William Lee wrote:
> Is it possible to make a linux machine with bluetooth dongle to
> perform as a HID device visible and workable with other bluetooth
> host? I am new to this field so would like to ask for some information
> here.
This might work:
http://mulliner.org/bluetooth/xkbdbthid.php
Cheers
^ permalink raw reply
* Question about using bluetooth in Linux
From: William Lee @ 2013-01-07 6:26 UTC (permalink / raw)
To: linux-bluetooth
Is it possible to make a linux machine with bluetooth dongle to
perform as a HID device visible and workable with other bluetooth
host? I am new to this field so would like to ask for some information
here.
Thanks,
William Lee
---------- Forwarded message ----------
From: William Lee <william.lee@utah.edu>
Date: 2013/1/6
Subject: FW: Welcome to linux-bluetooth
To: "w90043@gmail.com" <w90043@gmail.com>
________________________________________
寄件者: Majordomo@vger.kernel.org
寄件日期: 2013年1月6日 下午 11:17:12 (UTC-07:00) 區時間 (美國和加拿大)
收件者: William Lee
主旨: Welcome to linux-bluetooth
--
Welcome to the linux-bluetooth mailing list!
Please save this message for future reference. Thank you.
If you ever want to remove yourself from this mailing list,
you can send mail to <Majordomo@vger.kernel.org> with the following
command in the body of your email message:
unsubscribe linux-bluetooth
or from another account, besides william.lee@utah.edu:
unsubscribe linux-bluetooth william.lee@utah.edu
If you ever need to get in contact with the owner of the list,
(if you have trouble unsubscribing, or have questions about the
list itself) send email to <owner-linux-bluetooth@vger.kernel.org> .
This is the general rule for most mailing lists when you need
to contact a human.
Here's the general information for the list you've subscribed to,
in case you don't already have it:
Linux Bluetooth discussion
Archives:
http://dir.gmane.org/gmane.linux.bluez.kernel
http://www.spinics.net/lists/linux-bluetooth/
^ permalink raw reply
* [PATCH] Bluetooth: Fix incorrect strncpy() in hidp_setup_hid()
From: Anderson Lizardo @ 2013-01-06 22:28 UTC (permalink / raw)
To: linux-bluetooth; +Cc: Anderson Lizardo
The length parameter should be sizeof(req->name) - 1 because there is no
guarantee that string provided by userspace will contain the trailing
'\0'.
Can be easily reproduced by manually setting req->name to 128 non-zero
bytes prior to ioctl(HIDPCONNADD) and checking the device name setup on
input subsystem:
$ cat /sys/devices/pnp0/00\:04/tty/ttyS0/hci0/hci0\:1/input8/name
AAAAAA[...]AAAAAAAAf0:af:f0:af:f0:af
("f0:af:f0:af:f0:af" is the device bluetooth address, taken from "phys"
field in struct hid_device due to overflow.)
Signed-off-by: Anderson Lizardo <anderson.lizardo@openbossa.org>
---
net/bluetooth/hidp/core.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/net/bluetooth/hidp/core.c b/net/bluetooth/hidp/core.c
index 0c00284..33600b4 100644
--- a/net/bluetooth/hidp/core.c
+++ b/net/bluetooth/hidp/core.c
@@ -931,7 +931,7 @@ static int hidp_setup_hid(struct hidp_session *session,
hid->version = req->version;
hid->country = req->country;
- strncpy(hid->name, req->name, 128);
+ strncpy(hid->name, req->name, sizeof(req->name) - 1);
snprintf(hid->phys, sizeof(hid->phys), "%pMR",
&bt_sk(session->ctrl_sock->sk)->src);
--
1.7.9.5
^ permalink raw reply related
* [PATCH BlueZ 4/4] input: Validate SDP HIDDescriptorList subattributes
From: Anderson Lizardo @ 2013-01-06 19:45 UTC (permalink / raw)
To: linux-bluetooth; +Cc: Anderson Lizardo
In-Reply-To: <1357501558-3457-1-git-send-email-anderson.lizardo@openbossa.org>
It should not be assumed that remote SDP attributes are in a compliant
format. This fixes a couple of invalid pointer access on invalid data.
---
profiles/input/device.c | 60 ++++++++++++++++++++++++++++++++++++-----------
1 file changed, 46 insertions(+), 14 deletions(-)
diff --git a/profiles/input/device.c b/profiles/input/device.c
index eaf5681..bd32623 100644
--- a/profiles/input/device.c
+++ b/profiles/input/device.c
@@ -222,6 +222,49 @@ static int create_hid_dev_name(sdp_record_t *rec, struct hidp_connadd_req *req)
return 0;
}
+/* See HID profile specification v1.0, "7.11.6 HIDDescriptorList" for details
+ * on the attribute format. */
+static int extract_hid_desc_data(sdp_record_t *rec,
+ struct hidp_connadd_req *req)
+{
+ sdp_data_t *d;
+
+ d = sdp_data_get(rec, SDP_ATTR_HID_DESCRIPTOR_LIST);
+ if (!d)
+ goto invalid_desc;
+
+ if (d->dtd < SDP_SEQ8 || d->dtd > SDP_SEQ32)
+ goto invalid_desc;
+
+ /* First HIDDescriptor */
+ d = d->val.dataseq;
+ if (d->dtd < SDP_SEQ8 || d->dtd > SDP_SEQ32)
+ goto invalid_desc;
+
+ /* ClassDescriptorType */
+ d = d->val.dataseq;
+ if (d->dtd != SDP_UINT8)
+ goto invalid_desc;
+
+ /* ClassDescriptorData */
+ d = d->next;
+ if (!d || d->dtd < SDP_TEXT_STR8 || d->dtd > SDP_TEXT_STR32)
+ goto invalid_desc;
+
+ req->rd_data = g_try_malloc0(d->unitSize);
+ if (req->rd_data) {
+ memcpy(req->rd_data, d->val.str, d->unitSize);
+ req->rd_size = d->unitSize;
+ epox_endian_quirk(req->rd_data, req->rd_size);
+ }
+
+ return 0;
+
+invalid_desc:
+ error("Missing or invalid HIDDescriptorList SDP attribute");
+ return -EINVAL;
+}
+
static int extract_hid_record(sdp_record_t *rec, struct hidp_connadd_req *req)
{
sdp_data_t *pdlist;
@@ -251,20 +294,9 @@ static int extract_hid_record(sdp_record_t *rec, struct hidp_connadd_req *req)
if (attr_val)
req->flags |= (1 << HIDP_BOOT_PROTOCOL_MODE);
- pdlist = sdp_data_get(rec, SDP_ATTR_HID_DESCRIPTOR_LIST);
- if (pdlist) {
- pdlist = pdlist->val.dataseq;
- pdlist = pdlist->val.dataseq;
- pdlist = pdlist->next;
-
- req->rd_data = g_try_malloc0(pdlist->unitSize);
- if (req->rd_data) {
- memcpy(req->rd_data, (unsigned char *) pdlist->val.str,
- pdlist->unitSize);
- req->rd_size = pdlist->unitSize;
- epox_endian_quirk(req->rd_data, req->rd_size);
- }
- }
+ err = extract_hid_desc_data(rec, req);
+ if (err < 0)
+ return err;
return 0;
}
--
1.7.9.5
^ permalink raw reply related
* [PATCH BlueZ 3/4] input: Use SDP library functions for reading attributes
From: Anderson Lizardo @ 2013-01-06 19:45 UTC (permalink / raw)
To: linux-bluetooth; +Cc: Anderson Lizardo
In-Reply-To: <1357501558-3457-1-git-send-email-anderson.lizardo@openbossa.org>
These functions do the necessary validation that is lacking from
previous code.
---
profiles/input/device.c | 26 ++++++++++++--------------
1 file changed, 12 insertions(+), 14 deletions(-)
diff --git a/profiles/input/device.c b/profiles/input/device.c
index 7a7e995..eaf5681 100644
--- a/profiles/input/device.c
+++ b/profiles/input/device.c
@@ -204,21 +204,19 @@ static void epox_endian_quirk(unsigned char *data, int size)
static int create_hid_dev_name(sdp_record_t *rec, struct hidp_connadd_req *req)
{
- sdp_data_t *pdlist, *pdlist2;
-
- pdlist = sdp_data_get(rec, SDP_ATTR_SVCDESC_PRIMARY);
- pdlist2 = sdp_data_get(rec, SDP_ATTR_PROVNAME_PRIMARY);
- if (pdlist && pdlist2 &&
- strncmp(pdlist->val.str, pdlist2->val.str, 5) != 0) {
- snprintf(req->name, sizeof(req->name), "%s %s",
- pdlist2->val.str, pdlist->val.str);
- } else {
- if (!pdlist)
- pdlist = sdp_data_get(rec, SDP_ATTR_SVCNAME_PRIMARY);
+ char sdesc[sizeof(req->name)];
+
+ if (sdp_get_service_desc(rec, sdesc, sizeof(sdesc)) == 0) {
+ char pname[sizeof(req->name)];
- if (pdlist)
- snprintf(req->name, sizeof(req->name), "%s",
- pdlist->val.str);
+ if (sdp_get_provider_name(rec, pname, sizeof(pname)) == 0 &&
+ strncmp(sdesc, pname, 5) != 0)
+ snprintf(req->name, sizeof(req->name), "%s %s", pname,
+ sdesc);
+ else
+ snprintf(req->name, sizeof(req->name), "%s", sdesc);
+ } else {
+ return sdp_get_service_name(rec, req->name, sizeof(req->name));
}
return 0;
--
1.7.9.5
^ permalink raw reply related
* [PATCH BlueZ 2/4] input: Move HID device name creation to separate function
From: Anderson Lizardo @ 2013-01-06 19:45 UTC (permalink / raw)
To: linux-bluetooth; +Cc: Anderson Lizardo
In-Reply-To: <1357501558-3457-1-git-send-email-anderson.lizardo@openbossa.org>
The attributes used for composing the device name are all optional, and
thus need to be properly validated. A separate function will avoid
polluting the caller with variables used only for device name
composition.
---
profiles/input/device.c | 16 ++++++++++++++--
1 file changed, 14 insertions(+), 2 deletions(-)
diff --git a/profiles/input/device.c b/profiles/input/device.c
index 9e485cf..7a7e995 100644
--- a/profiles/input/device.c
+++ b/profiles/input/device.c
@@ -202,10 +202,9 @@ static void epox_endian_quirk(unsigned char *data, int size)
}
}
-static int extract_hid_record(sdp_record_t *rec, struct hidp_connadd_req *req)
+static int create_hid_dev_name(sdp_record_t *rec, struct hidp_connadd_req *req)
{
sdp_data_t *pdlist, *pdlist2;
- uint8_t attr_val;
pdlist = sdp_data_get(rec, SDP_ATTR_SVCDESC_PRIMARY);
pdlist2 = sdp_data_get(rec, SDP_ATTR_PROVNAME_PRIMARY);
@@ -222,6 +221,19 @@ static int extract_hid_record(sdp_record_t *rec, struct hidp_connadd_req *req)
pdlist->val.str);
}
+ return 0;
+}
+
+static int extract_hid_record(sdp_record_t *rec, struct hidp_connadd_req *req)
+{
+ sdp_data_t *pdlist;
+ uint8_t attr_val;
+ int err;
+
+ err = create_hid_dev_name(rec, req);
+ if (err < 0)
+ DBG("No valid Service Name or Service Description found");
+
pdlist = sdp_data_get(rec, SDP_ATTR_HID_PARSER_VERSION);
req->parser = pdlist ? pdlist->val.uint16 : 0x0100;
--
1.7.9.5
^ permalink raw reply related
* [PATCH BlueZ 1/4] input: Change extract_hid_record() return type
From: Anderson Lizardo @ 2013-01-06 19:45 UTC (permalink / raw)
To: linux-bluetooth; +Cc: Anderson Lizardo
This will allow returning error values when necessary.
---
profiles/input/device.c | 11 +++++++++--
1 file changed, 9 insertions(+), 2 deletions(-)
diff --git a/profiles/input/device.c b/profiles/input/device.c
index 759603a..9e485cf 100644
--- a/profiles/input/device.c
+++ b/profiles/input/device.c
@@ -202,7 +202,7 @@ static void epox_endian_quirk(unsigned char *data, int size)
}
}
-static void extract_hid_record(sdp_record_t *rec, struct hidp_connadd_req *req)
+static int extract_hid_record(sdp_record_t *rec, struct hidp_connadd_req *req)
{
sdp_data_t *pdlist, *pdlist2;
uint8_t attr_val;
@@ -255,6 +255,8 @@ static void extract_hid_record(sdp_record_t *rec, struct hidp_connadd_req *req)
epox_endian_quirk(req->rd_data, req->rd_size);
}
}
+
+ return 0;
}
static int ioctl_connadd(struct hidp_connadd_req *req)
@@ -346,8 +348,13 @@ static int hidp_add_connection(struct input_device *idev)
rec = record_from_string(str);
g_free(str);
- extract_hid_record(rec, req);
+ err = extract_hid_record(rec, req);
sdp_record_free(rec);
+ if (err < 0) {
+ error("Could not parse HID SDP record: %s (%d)", strerror(-err),
+ -err);
+ goto cleanup;
+ }
req->vendor = btd_device_get_vendor(idev->device);
req->product = btd_device_get_product(idev->device);
--
1.7.9.5
^ permalink raw reply related
* Re: [PATCH BlueZ 1/3] input: Fix buffer overflow when parsing HID SDP record
From: Johan Hedberg @ 2013-01-06 16:18 UTC (permalink / raw)
To: Anderson Lizardo; +Cc: linux-bluetooth
In-Reply-To: <1357486014-24600-1-git-send-email-anderson.lizardo@openbossa.org>
Hi Lizardo,
On Sun, Jan 06, 2013, Anderson Lizardo wrote:
> If Service Description for HID service is greater than 126 characters,
> req->name will overflow while being concatenated with Provider Name.
> Fix by reserving space for the whitespace used for separator.
> ---
> profiles/input/device.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
All patches in this set have been applied. Thanks.
Johan
^ permalink raw reply
* [PATCH BlueZ 3/3] input: Use defines for SDP attribute names
From: Anderson Lizardo @ 2013-01-06 15:26 UTC (permalink / raw)
To: linux-bluetooth; +Cc: Anderson Lizardo
In-Reply-To: <1357486014-24600-1-git-send-email-anderson.lizardo@openbossa.org>
---
profiles/input/device.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/profiles/input/device.c b/profiles/input/device.c
index 0c71786..6bcc6a5 100644
--- a/profiles/input/device.c
+++ b/profiles/input/device.c
@@ -207,15 +207,15 @@ static void extract_hid_record(sdp_record_t *rec, struct hidp_connadd_req *req)
sdp_data_t *pdlist, *pdlist2;
uint8_t attr_val;
- pdlist = sdp_data_get(rec, 0x0101);
- pdlist2 = sdp_data_get(rec, 0x0102);
+ pdlist = sdp_data_get(rec, SDP_ATTR_SVCDESC_PRIMARY);
+ pdlist2 = sdp_data_get(rec, SDP_ATTR_PROVNAME_PRIMARY);
if (pdlist && pdlist2 &&
strncmp(pdlist->val.str, pdlist2->val.str, 5)) {
snprintf(req->name, sizeof(req->name), "%s %s",
pdlist2->val.str, pdlist->val.str);
} else {
if (!pdlist)
- pdlist = sdp_data_get(rec, 0x0100);
+ pdlist = sdp_data_get(rec, SDP_ATTR_SVCNAME_PRIMARY);
if (pdlist)
snprintf(req->name, sizeof(req->name), "%s",
--
1.7.9.5
^ permalink raw reply related
* [PATCH BlueZ 2/3] input: Refactor req->name composition code
From: Anderson Lizardo @ 2013-01-06 15:26 UTC (permalink / raw)
To: linux-bluetooth; +Cc: Anderson Lizardo
In-Reply-To: <1357486014-24600-1-git-send-email-anderson.lizardo@openbossa.org>
Use snprintf() instead of strncpy()/strcat()/strncat() to avoid
error-prone size calculations.
Note that this commit introduces a slight change: if Service Description
and Provider Name are used to compose req->name, the old code built it
as:
[up to 126 bytes of Provider Name][whitespace][up to 127 bytes of
Service Description, limited to req->name remaining buffer size]
Now it should be:
[up to 127 bytes of Provider Name][whitespace + Service Description,
limited to req->name remaining buffer size]
Hopefully, this change will not affect normal usage.
---
profiles/input/device.c | 22 ++++++++++------------
1 file changed, 10 insertions(+), 12 deletions(-)
diff --git a/profiles/input/device.c b/profiles/input/device.c
index 6c152f3..0c71786 100644
--- a/profiles/input/device.c
+++ b/profiles/input/device.c
@@ -209,19 +209,17 @@ static void extract_hid_record(sdp_record_t *rec, struct hidp_connadd_req *req)
pdlist = sdp_data_get(rec, 0x0101);
pdlist2 = sdp_data_get(rec, 0x0102);
- if (pdlist) {
- if (pdlist2) {
- if (strncmp(pdlist->val.str, pdlist2->val.str, 5)) {
- strncpy(req->name, pdlist2->val.str, 126);
- strcat(req->name, " ");
- }
- strncat(req->name, pdlist->val.str, 127 - strlen(req->name));
- } else
- strncpy(req->name, pdlist->val.str, 127);
+ if (pdlist && pdlist2 &&
+ strncmp(pdlist->val.str, pdlist2->val.str, 5)) {
+ snprintf(req->name, sizeof(req->name), "%s %s",
+ pdlist2->val.str, pdlist->val.str);
} else {
- pdlist2 = sdp_data_get(rec, 0x0100);
- if (pdlist2)
- strncpy(req->name, pdlist2->val.str, 127);
+ if (!pdlist)
+ pdlist = sdp_data_get(rec, 0x0100);
+
+ if (pdlist)
+ snprintf(req->name, sizeof(req->name), "%s",
+ pdlist->val.str);
}
pdlist = sdp_data_get(rec, SDP_ATTR_HID_PARSER_VERSION);
--
1.7.9.5
^ permalink raw reply related
* [PATCH BlueZ 1/3] input: Fix buffer overflow when parsing HID SDP record
From: Anderson Lizardo @ 2013-01-06 15:26 UTC (permalink / raw)
To: linux-bluetooth; +Cc: Anderson Lizardo
If Service Description for HID service is greater than 126 characters,
req->name will overflow while being concatenated with Provider Name. Fix
by reserving space for the whitespace used for separator.
---
profiles/input/device.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/profiles/input/device.c b/profiles/input/device.c
index 9ab7509..6c152f3 100644
--- a/profiles/input/device.c
+++ b/profiles/input/device.c
@@ -212,7 +212,7 @@ static void extract_hid_record(sdp_record_t *rec, struct hidp_connadd_req *req)
if (pdlist) {
if (pdlist2) {
if (strncmp(pdlist->val.str, pdlist2->val.str, 5)) {
- strncpy(req->name, pdlist2->val.str, 127);
+ strncpy(req->name, pdlist2->val.str, 126);
strcat(req->name, " ");
}
strncat(req->name, pdlist->val.str, 127 - strlen(req->name));
--
1.7.9.5
^ permalink raw reply related
* Re: [PATCH BlueZ] gdbus: Fix memory leak on properties_set()
From: Johan Hedberg @ 2013-01-06 13:09 UTC (permalink / raw)
To: Anderson Lizardo; +Cc: linux-bluetooth
In-Reply-To: <1357433266-31642-1-git-send-email-anderson.lizardo@openbossa.org>
Hi Lizardo,
On Sat, Jan 05, 2013, Anderson Lizardo wrote:
> The pointer returned by dbus_message_iter_get_signature() must be freed
> with dbus_free().
>
> Fixes this memory leak:
>
> ==1857== 16 bytes in 1 blocks are definitely lost in loss record 104 of
> 251
> ==1857== at 0x402BF52: realloc (in
> /usr/lib/valgrind/vgpreload_memcheck-x86-linux.so)
> ==1857== by 0x415E286: dbus_realloc (in
> /lib/i386-linux-gnu/libdbus-1.so.3.5.8)
> ==1857== by 0x415E70B: ??? (in
> /lib/i386-linux-gnu/libdbus-1.so.3.5.8)
> ==1857== by 0x415F17B: ??? (in
> /lib/i386-linux-gnu/libdbus-1.so.3.5.8)
> ==1857== by 0x414CB33: dbus_message_iter_get_signature (in
> /lib/i386-linux-gnu/libdbus-1.so.3.5.8)
> ==1857== by 0x8053239: properties_set (object.c:899)
> ==1857== by 0x5FFFFF: ???
> ==1857==
> ---
> gdbus/object.c | 7 ++++++-
> 1 file changed, 6 insertions(+), 1 deletion(-)
Applied. Thanks.
Johan
^ permalink raw reply
* [PATCH BlueZ] gdbus: Fix memory leak on properties_set()
From: Anderson Lizardo @ 2013-01-06 0:47 UTC (permalink / raw)
To: linux-bluetooth; +Cc: Anderson Lizardo
The pointer returned by dbus_message_iter_get_signature() must be freed
with dbus_free().
Fixes this memory leak:
==1857== 16 bytes in 1 blocks are definitely lost in loss record 104 of
251
==1857== at 0x402BF52: realloc (in
/usr/lib/valgrind/vgpreload_memcheck-x86-linux.so)
==1857== by 0x415E286: dbus_realloc (in
/lib/i386-linux-gnu/libdbus-1.so.3.5.8)
==1857== by 0x415E70B: ??? (in
/lib/i386-linux-gnu/libdbus-1.so.3.5.8)
==1857== by 0x415F17B: ??? (in
/lib/i386-linux-gnu/libdbus-1.so.3.5.8)
==1857== by 0x414CB33: dbus_message_iter_get_signature (in
/lib/i386-linux-gnu/libdbus-1.so.3.5.8)
==1857== by 0x8053239: properties_set (object.c:899)
==1857== by 0x5FFFFF: ???
==1857==
---
gdbus/object.c | 7 ++++++-
1 file changed, 6 insertions(+), 1 deletion(-)
diff --git a/gdbus/object.c b/gdbus/object.c
index 688cd05..1a54b3f 100644
--- a/gdbus/object.c
+++ b/gdbus/object.c
@@ -846,6 +846,8 @@ static DBusMessage *properties_set(DBusConnection *connection,
const GDBusPropertyTable *property;
const char *name, *interface;
struct property_data *propdata;
+ gboolean valid_signature;
+ char *signature;
if (!dbus_message_iter_init(message, &iter))
return g_dbus_create_error(message, DBUS_ERROR_INVALID_ARGS,
@@ -896,7 +898,10 @@ static DBusMessage *properties_set(DBusConnection *connection,
DBUS_ERROR_UNKNOWN_PROPERTY,
"No such property '%s'", name);
- if (strcmp(dbus_message_iter_get_signature(&sub), property->type))
+ signature = dbus_message_iter_get_signature(&sub);
+ valid_signature = strcmp(signature, property->type) ? FALSE : TRUE;
+ dbus_free(signature);
+ if (!valid_signature)
return g_dbus_create_error(message,
DBUS_ERROR_INVALID_SIGNATURE,
"Invalid signature for '%s'", name);
--
1.7.9.5
^ permalink raw reply related
* Re: [PATCH BlueZ] core: Remove leftover from pending_uuids removal
From: Johan Hedberg @ 2013-01-05 8:51 UTC (permalink / raw)
To: Anderson Lizardo; +Cc: linux-bluetooth
In-Reply-To: <1357352134-19573-1-git-send-email-anderson.lizardo@openbossa.org>
Hi Lizardo,
On Fri, Jan 04, 2013, Anderson Lizardo wrote:
> The struct controller_info "pending_uuids" field was removed on commit
> 1dd77eda25aae5ed963683dfc125d3ef01187eba.
> ---
> src/mgmt.c | 9 ---------
> 1 file changed, 9 deletions(-)
Applied. Thanks.
Johan
^ permalink raw reply
* [PATCH BlueZ] core: Remove leftover from pending_uuids removal
From: Anderson Lizardo @ 2013-01-05 2:15 UTC (permalink / raw)
To: linux-bluetooth; +Cc: Anderson Lizardo
The struct controller_info "pending_uuids" field was removed on commit
1dd77eda25aae5ed963683dfc125d3ef01187eba.
---
src/mgmt.c | 9 ---------
1 file changed, 9 deletions(-)
diff --git a/src/mgmt.c b/src/mgmt.c
index c280fe3..b5ce955 100644
--- a/src/mgmt.c
+++ b/src/mgmt.c
@@ -1633,15 +1633,6 @@ fail:
void mgmt_cleanup(void)
{
- int index;
-
- for (index = 0; index <= max_index; index++) {
- struct controller_info *info = &controllers[index];
-
- if (!info->valid)
- continue;
- }
-
g_free(controllers);
controllers = NULL;
max_index = -1;
--
1.7.9.5
^ permalink raw reply related
* Re: [PATCH BlueZ] unit: Fix compilation issue with ignored return value
From: Johan Hedberg @ 2013-01-04 14:18 UTC (permalink / raw)
To: Anderson Lizardo; +Cc: linux-bluetooth
In-Reply-To: <1357307222-4563-1-git-send-email-anderson.lizardo@openbossa.org>
Hi Lizardo,
On Fri, Jan 04, 2013, Anderson Lizardo wrote:
> Fix this compilation warning:
>
> unit/test-sdp.c: In function ‘send_pdu’:
> unit/test-sdp.c:600:7: error: ignoring return value of ‘write’, declared
> with attribute warn_unused_result [-Werror=unused-result]
> ---
> unit/test-sdp.c | 4 +++-
> 1 file changed, 3 insertions(+), 1 deletion(-)
Applied. Thanks.
Johan
^ permalink raw reply
* Re: [PATCH 1/2] storage: Fix memory leak
From: Johan Hedberg @ 2013-01-04 14:17 UTC (permalink / raw)
To: Jaganath Kanakkassery; +Cc: linux-bluetooth
In-Reply-To: <1357278148-27872-1-git-send-email-jaganath.k@samsung.com>
Hi Jaganath,
On Fri, Jan 04, 2013, Jaganath Kanakkassery wrote:
> If bt_uuid2string() returns NULL then svcclass has to be freed
> ---
> src/storage.c | 4 +++-
> 1 file changed, 3 insertions(+), 1 deletion(-)
Both patches have been applied. Thanks.
Johan
^ permalink raw reply
* [PATCH BlueZ] unit: Fix compilation issue with ignored return value
From: Anderson Lizardo @ 2013-01-04 13:47 UTC (permalink / raw)
To: linux-bluetooth; +Cc: Anderson Lizardo
Fix this compilation warning:
unit/test-sdp.c: In function ‘send_pdu’:
unit/test-sdp.c:600:7: error: ignoring return value of ‘write’, declared
with attribute warn_unused_result [-Werror=unused-result]
---
unit/test-sdp.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/unit/test-sdp.c b/unit/test-sdp.c
index baa93d0..1a852de 100644
--- a/unit/test-sdp.c
+++ b/unit/test-sdp.c
@@ -596,8 +596,10 @@ struct test_data {
static gboolean send_pdu(gpointer user_data)
{
struct context *context = user_data;
+ ssize_t len;
- write(context->fd, context->req_data, context->req_size);
+ len = write(context->fd, context->req_data, context->req_size);
+ g_assert(len > 0 && (size_t) len == context->req_size);
return FALSE;
}
--
1.7.9.5
^ permalink raw reply related
page: next (older) | prev (newer) | latest
- recent:[subjects (threaded)|topics (new)|topics (active)]
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox