[BlueZ] client: Fix uninitialized read in attribute handle

Message ID	20220807192013.74195-1-ntrrgc@gmail.com
State	Superseded
Headers	show Return-Path: <linux-bluetooth-owner@kernel.org> From: Alicia Boya Garcia <ntrrgc@gmail.com> To: linux-bluetooth@vger.kernel.org Cc: Alicia Boya Garcia <ntrrgc@gmail.com> Subject: [PATCH BlueZ] client: Fix uninitialized read in attribute handle Date: Sun, 7 Aug 2022 21:20:14 +0200 Message-Id: <20220807192013.74195-1-ntrrgc@gmail.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Precedence: bulk
Series	[BlueZ] client: Fix uninitialized read in attribute handle \| expand [BlueZ] client: Fix uninitialized read in attribute handle

Message ID

20220807192013.74195-1-ntrrgc@gmail.com

State

Superseded

Headers

From: Alicia Boya Garcia <ntrrgc@gmail.com>
To: linux-bluetooth@vger.kernel.org
Cc: Alicia Boya Garcia <ntrrgc@gmail.com>
Subject: [PATCH BlueZ] client: Fix uninitialized read in attribute handle
Date: Sun,  7 Aug 2022 21:20:14 +0200
Message-Id: <20220807192013.74195-1-ntrrgc@gmail.com>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
Precedence: bulk

Series

[BlueZ] client: Fix uninitialized read in attribute handle | expand

Commit Message

Alicia Boya Garcia Aug. 7, 2022, 7:20 p.m. UTC

When services, characteristics and descriptors were parsed from DBus
proxies the client code was calling the print code without initializing
the `handle` field, which the print functions use.

This resulted in semi-random or zero handles in all attributes when
using gatt.list-attributes in bluetoothctl, depending on compilation
flags.

This patch fixes the problem by parsing the handle from the DBus proxy
path.
---
 client/gatt.c | 12 ++++++++++++
 1 file changed, 12 insertions(+)

Comments

bluez.test.bot@gmail.com Aug. 7, 2022, 7:43 p.m. UTC | #1

This is an automated email and please do not reply to this email.

Dear Submitter,

Thank you for submitting the patches to the linux bluetooth mailing list.
While preparing the CI tests, the patches you submitted couldn't be applied to the current HEAD of the repository.

----- Output -----
error: patch failed: client/gatt.c:259
error: client/gatt.c: patch does not apply
hint: Use 'git am --show-current-patch' to see the failed patch


Please resolve the issue and submit the patches again.


---
Regards,
Linux Bluetooth

diff --git a/client/gatt.c b/client/gatt.c
index 21fd38ecf..4c074706c 100644
--- a/client/gatt.c
+++ b/client/gatt.c
@@ -158,6 +158,15 @@  static void print_inc_service(struct service *service, const char *description)
 					service->uuid, text);
 }
 
+static uint16_t handle_from_path(const char *path)
+{
+	const char *number = path + strlen(path) - 4;
+	if (number < path)
+		return 0;
+
+	return (uint16_t) strtol(number, NULL, 16);
+}
+
 static void print_service_proxy(GDBusProxy *proxy, const char *description)
 {
 	struct service service;
@@ -178,6 +187,7 @@  static void print_service_proxy(GDBusProxy *proxy, const char *description)
 	service.path = (char *) g_dbus_proxy_get_path(proxy);
 	service.uuid = (char *) uuid;
 	service.primary = primary;
+	service.handle = handle_from_path(service.path);
 
 	print_service(&service, description);
 }
@@ -259,6 +269,7 @@  static void print_characteristic(GDBusProxy *proxy, const char *description)
 
 	chrc.path = (char *) g_dbus_proxy_get_path(proxy);
 	chrc.uuid = (char *) uuid;
+	chrc.handle = handle_from_path(chrc.path);
 
 	print_chrc(&chrc, description);
 }
@@ -352,6 +363,7 @@  static void print_descriptor(GDBusProxy *proxy, const char *description)
 
 	desc.path = (char *) g_dbus_proxy_get_path(proxy);
 	desc.uuid = (char *) uuid;
+	desc.handle = handle_from_path(desc.path);
 
 	print_desc(&desc, description);
 }

[BlueZ] client: Fix uninitialized read in attribute handle

Commit Message

Comments

Patch