From patchwork Sat May 7 17:35:02 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ildar Kamaletdinov X-Patchwork-Id: 570515 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id A2AB0C433F5 for ; Sat, 7 May 2022 17:35:22 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1386690AbiEGRjH (ORCPT ); Sat, 7 May 2022 13:39:07 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:56838 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S243971AbiEGRjE (ORCPT ); Sat, 7 May 2022 13:39:04 -0400 Received: from mxout01.lancloud.ru (mxout01.lancloud.ru [45.84.86.81]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id DEB3322B30 for ; Sat, 7 May 2022 10:35:16 -0700 (PDT) Received: from LanCloud DKIM-Filter: OpenDKIM Filter v2.11.0 mxout01.lancloud.ru 7E31A20D7258 Received: from LanCloud Received: from LanCloud Received: from LanCloud From: Ildar Kamaletdinov To: CC: Ildar Kamaletdinov Subject: [PATCH BlueZ 1/4] tools: Fix memory leak in hciconfig Date: Sat, 7 May 2022 20:35:02 +0300 Message-ID: <20220507173505.31249-2-i.kamaletdinov@omp.ru> X-Mailer: git-send-email 2.35.3 In-Reply-To: <20220507173505.31249-1-i.kamaletdinov@omp.ru> References: <20220507173505.31249-1-i.kamaletdinov@omp.ru> MIME-Version: 1.0 X-Originating-IP: [192.168.11.198] X-ClientProxiedBy: LFEXT01.lancloud.ru (fd00:f066::141) To LFEX1910.lancloud.ru (fd00:f066::80) Precedence: bulk List-ID: X-Mailing-List: linux-bluetooth@vger.kernel.org printf() was using function that return dynamic allocated memory as a parameter. Found by Linux Verification Center (linuxtesting.org) with the SVACE static analysis tool. --- tools/hciconfig.c | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/tools/hciconfig.c b/tools/hciconfig.c index e4d521583..a1c615bfa 100644 --- a/tools/hciconfig.c +++ b/tools/hciconfig.c @@ -80,7 +80,11 @@ static void print_pkt_type(struct hci_dev_info *di) static void print_link_policy(struct hci_dev_info *di) { - printf("\tLink policy: %s\n", hci_lptostr(di->link_policy)); + char *str; + + str = hci_lptostr(di->link_policy); + printf("\tLink policy: %s\n", str); + bt_free(str); } static void print_link_mode(struct hci_dev_info *di) From patchwork Sat May 7 17:35:03 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ildar Kamaletdinov X-Patchwork-Id: 571309 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id ED34BC433F5 for ; Sat, 7 May 2022 17:35:24 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1386681AbiEGRjK (ORCPT ); Sat, 7 May 2022 13:39:10 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:56854 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S242983AbiEGRjF (ORCPT ); Sat, 7 May 2022 13:39:05 -0400 Received: from mxout03.lancloud.ru (mxout03.lancloud.ru [45.84.86.113]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id D0D6E22BD3 for ; Sat, 7 May 2022 10:35:17 -0700 (PDT) Received: from LanCloud DKIM-Filter: OpenDKIM Filter v2.11.0 mxout03.lancloud.ru AA2AD20EBC8F Received: from LanCloud Received: from LanCloud Received: from LanCloud From: Ildar Kamaletdinov To: CC: Ildar Kamaletdinov Subject: [PATCH BlueZ 2/4] tools: Fix memory leaks in btgatt-server/client Date: Sat, 7 May 2022 20:35:03 +0300 Message-ID: <20220507173505.31249-3-i.kamaletdinov@omp.ru> X-Mailer: git-send-email 2.35.3 In-Reply-To: <20220507173505.31249-1-i.kamaletdinov@omp.ru> References: <20220507173505.31249-1-i.kamaletdinov@omp.ru> MIME-Version: 1.0 X-Originating-IP: [192.168.11.198] X-ClientProxiedBy: LFEXT01.lancloud.ru (fd00:f066::141) To LFEX1910.lancloud.ru (fd00:f066::80) Precedence: bulk List-ID: X-Mailing-List: linux-bluetooth@vger.kernel.org According to man buffer allocated by getline() should be freed by the user program even if getline() failed. Found by Linux Verification Center (linuxtesting.org) with the SVACE static analysis tool. --- tools/btgatt-client.c | 6 +++++- tools/btgatt-server.c | 5 ++++- 2 files changed, 9 insertions(+), 2 deletions(-) diff --git a/tools/btgatt-client.c b/tools/btgatt-client.c index 8c9365aa2..58a03bd48 100644 --- a/tools/btgatt-client.c +++ b/tools/btgatt-client.c @@ -1355,12 +1355,16 @@ static void prompt_read_cb(int fd, uint32_t events, void *user_data) return; } - if ((read = getline(&line, &len, stdin)) == -1) + read = getline(&line, &len, stdin); + if (read < 0) { + free(line); return; + } if (read <= 1) { cmd_help(cli, NULL); print_prompt(); + free(line); return; } diff --git a/tools/btgatt-server.c b/tools/btgatt-server.c index 4a5d2b720..90a6c9b0a 100644 --- a/tools/btgatt-server.c +++ b/tools/btgatt-server.c @@ -1080,12 +1080,15 @@ static void prompt_read_cb(int fd, uint32_t events, void *user_data) } read = getline(&line, &len, stdin); - if (read < 0) + if (read < 0) { + free(line); return; + } if (read <= 1) { cmd_help(server, NULL); print_prompt(); + free(line); return; } From patchwork Sat May 7 17:35:04 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ildar Kamaletdinov X-Patchwork-Id: 571311 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 1AC99C433EF for ; Sat, 7 May 2022 17:35:22 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1386665AbiEGRjG (ORCPT ); Sat, 7 May 2022 13:39:06 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:56842 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1347443AbiEGRjE (ORCPT ); Sat, 7 May 2022 13:39:04 -0400 Received: from mxout04.lancloud.ru (mxout04.lancloud.ru [45.84.86.114]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 39FF722B32 for ; Sat, 7 May 2022 10:35:17 -0700 (PDT) Received: from LanCloud DKIM-Filter: OpenDKIM Filter v2.11.0 mxout04.lancloud.ru C5FB120A4941 Received: from LanCloud Received: from LanCloud Received: from LanCloud From: Ildar Kamaletdinov To: CC: Ildar Kamaletdinov Subject: [PATCH BlueZ 3/4] tools: Fix handle leak in rfcomm Date: Sat, 7 May 2022 20:35:04 +0300 Message-ID: <20220507173505.31249-4-i.kamaletdinov@omp.ru> X-Mailer: git-send-email 2.35.3 In-Reply-To: <20220507173505.31249-1-i.kamaletdinov@omp.ru> References: <20220507173505.31249-1-i.kamaletdinov@omp.ru> MIME-Version: 1.0 X-Originating-IP: [192.168.11.198] X-ClientProxiedBy: LFEXT01.lancloud.ru (fd00:f066::141) To LFEX1910.lancloud.ru (fd00:f066::80) Precedence: bulk List-ID: X-Mailing-List: linux-bluetooth@vger.kernel.org Some branches of execution can make handle (socket) leakage. Found by Linux Verification Center (linuxtesting.org) with the SVACE static analysis tool. --- tools/rfcomm.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/tools/rfcomm.c b/tools/rfcomm.c index cd520aa44..e013ff588 100644 --- a/tools/rfcomm.c +++ b/tools/rfcomm.c @@ -298,6 +298,7 @@ static void cmd_connect(int ctl, int dev, bdaddr_t *bdaddr, int argc, char **arg if (setsockopt(sk, SOL_SOCKET, SO_LINGER, &l, sizeof(l)) < 0) { perror("Can't set linger option"); + close(sk); return; } } @@ -466,6 +467,7 @@ static void cmd_listen(int ctl, int dev, bdaddr_t *bdaddr, int argc, char **argv if (getsockname(nsk, (struct sockaddr *)&laddr, &alen) < 0) { perror("Can't get RFCOMM socket name"); close(nsk); + close(sk); return; } @@ -475,6 +477,7 @@ static void cmd_listen(int ctl, int dev, bdaddr_t *bdaddr, int argc, char **argv if (setsockopt(nsk, SOL_SOCKET, SO_LINGER, &l, sizeof(l)) < 0) { perror("Can't set linger option"); close(nsk); + close(sk); return; } } @@ -490,6 +493,7 @@ static void cmd_listen(int ctl, int dev, bdaddr_t *bdaddr, int argc, char **argv dev = ioctl(nsk, RFCOMMCREATEDEV, &req); if (dev < 0) { perror("Can't create RFCOMM TTY"); + close(nsk); close(sk); return; } From patchwork Sat May 7 17:35:05 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ildar Kamaletdinov X-Patchwork-Id: 571310 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 2E5C5C433FE for ; Sat, 7 May 2022 17:35:23 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S243971AbiEGRjI (ORCPT ); Sat, 7 May 2022 13:39:08 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:56844 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S243926AbiEGRjE (ORCPT ); Sat, 7 May 2022 13:39:04 -0400 Received: from mxout01.lancloud.ru (mxout01.lancloud.ru [45.84.86.81]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id A808022B3E for ; Sat, 7 May 2022 10:35:17 -0700 (PDT) Received: from LanCloud DKIM-Filter: OpenDKIM Filter v2.11.0 mxout01.lancloud.ru EAC0E20D725C Received: from LanCloud Received: from LanCloud Received: from LanCloud From: Ildar Kamaletdinov To: CC: Ildar Kamaletdinov Subject: [PATCH BlueZ 4/4] device: Fix uninitialized value usage Date: Sat, 7 May 2022 20:35:05 +0300 Message-ID: <20220507173505.31249-5-i.kamaletdinov@omp.ru> X-Mailer: git-send-email 2.35.3 In-Reply-To: <20220507173505.31249-1-i.kamaletdinov@omp.ru> References: <20220507173505.31249-1-i.kamaletdinov@omp.ru> MIME-Version: 1.0 X-Originating-IP: [192.168.11.198] X-ClientProxiedBy: LFEXT01.lancloud.ru (fd00:f066::141) To LFEX1910.lancloud.ru (fd00:f066::80) Precedence: bulk List-ID: X-Mailing-List: linux-bluetooth@vger.kernel.org Definitely `dbus_bool_t b;` must be initialized before comparing it with current value. Found by Linux Verification Center (linuxtesting.org) with the SVACE static analysis tool. --- src/device.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/src/device.c b/src/device.c index 6da5c380b..7114e1b3e 100644 --- a/src/device.c +++ b/src/device.c @@ -1568,6 +1568,8 @@ static void dev_property_set_wake_allowed(const GDBusPropertyTable *property, return; } + dbus_message_iter_get_basic(value, &b); + /* Emit busy or success depending on current value. */ if (b == device->pending_wake_allowed) { if (device->wake_allowed == device->pending_wake_allowed) @@ -1580,7 +1582,6 @@ static void dev_property_set_wake_allowed(const GDBusPropertyTable *property, return; } - dbus_message_iter_get_basic(value, &b); device_set_wake_override(device, b); device_set_wake_allowed(device, b, id); }