From patchwork Mon May 30 08:11:57 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Gopal Tiwari X-Patchwork-Id: 577324 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id D15AAC433FE for ; Mon, 30 May 2022 08:12:28 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S233126AbiE3IM1 (ORCPT ); Mon, 30 May 2022 04:12:27 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:41454 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S233179AbiE3IMZ (ORCPT ); Mon, 30 May 2022 04:12:25 -0400 Received: from us-smtp-delivery-44.mimecast.com (us-smtp-delivery-44.mimecast.com [207.211.30.44]) by lindbergh.monkeyblade.net (Postfix) with ESMTP id D6BA41582F for ; Mon, 30 May 2022 01:12:24 -0700 (PDT) Received: from mimecast-mx02.redhat.com (mx3-rdu2.redhat.com [66.187.233.73]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id us-mta-635-vZzEjdVUOzqZgoRagGOx1A-1; Mon, 30 May 2022 04:12:19 -0400 X-MC-Unique: vZzEjdVUOzqZgoRagGOx1A-1 Received: from smtp.corp.redhat.com (int-mx07.intmail.prod.int.rdu2.redhat.com [10.11.54.7]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx02.redhat.com (Postfix) with ESMTPS id 6D11429ABA2A; Mon, 30 May 2022 08:12:19 +0000 (UTC) Received: from localhost.localdomain.com (unknown [10.64.242.130]) by smtp.corp.redhat.com (Postfix) with ESMTP id D5CB31410F36; Mon, 30 May 2022 08:12:16 +0000 (UTC) From: Gopal Tiwari To: linux-bluetooth@vger.kernel.org Cc: luiz.dentz@gmail.com, gtiwari@redhat.com Subject: [Bluez 01/13] Fixing memory leak issue in gatt.c Date: Mon, 30 May 2022 13:41:57 +0530 Message-Id: <20220530081209.560465-2-gopalkrishna.tiwari@gmail.com> In-Reply-To: <20220530081209.560465-1-gopalkrishna.tiwari@gmail.com> References: <20220530081209.560465-1-gopalkrishna.tiwari@gmail.com> MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.85 on 10.11.54.7 Precedence: bulk List-ID: X-Mailing-List: linux-bluetooth@vger.kernel.org From: Gopal Tiwari While performing the static tool analysis using coverity tool found following reports Error: RESOURCE_LEAK (CWE-772): bluez-5.64/client/gatt.c:1531: leaked_storage: Variable "service" going out of scope leaks the storage it points to. Error: RESOURCE_LEAK (CWE-772): bluez-5.64/client/gatt.c:2626: leaked_storage: Variable "chrc" going out of scope leaks the storage it points to. Error: RESOURCE_LEAK (CWE-772): bluez-5.64/client/gatt.c:2906: leaked_storage: Variable "desc" going out of scope leaks the storage it points to. Fixing them. Signed-off-by: Gopal Tiwari --- client/gatt.c | 11 ++++++++--- 1 file changed, 8 insertions(+), 3 deletions(-) diff --git a/client/gatt.c b/client/gatt.c index 13872c794..100a4eb90 100644 --- a/client/gatt.c +++ b/client/gatt.c @@ -1527,7 +1527,8 @@ void gatt_register_service(DBusConnection *conn, GDBusProxy *proxy, if (argc > 2) { service->handle = parse_handle(argv[2]); - if (!service->handle) + if (!service->handle) { + service_free(service); return bt_shell_noninteractive_quit(EXIT_FAILURE); } @@ -2622,8 +2623,10 @@ void gatt_register_chrc(DBusConnection *conn, GDBusProxy *proxy, if (argc > 3) { chrc->handle = parse_handle(argv[3]); - if (!chrc->handle) + if (!chrc->handle) { + chrc_free(chrc); return bt_shell_noninteractive_quit(EXIT_FAILURE); + } } if (g_dbus_register_interface(conn, chrc->path, CHRC_INTERFACE, @@ -2902,8 +2905,10 @@ void gatt_register_desc(DBusConnection *conn, GDBusProxy *proxy, if (argc > 3) { desc->handle = parse_handle(argv[3]); - if (!desc->handle) + if (!desc->handle) { + desc_free(desc); return bt_shell_noninteractive_quit(EXIT_FAILURE); + } } if (g_dbus_register_interface(conn, desc->path, DESC_INTERFACE, From patchwork Mon May 30 08:11:58 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Gopal Tiwari X-Patchwork-Id: 577323 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id AECCAC433EF for ; Mon, 30 May 2022 08:12:34 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S233193AbiE3IMe (ORCPT ); Mon, 30 May 2022 04:12:34 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:41782 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S233180AbiE3IMa (ORCPT ); Mon, 30 May 2022 04:12:30 -0400 Received: from us-smtp-delivery-44.mimecast.com (us-smtp-delivery-44.mimecast.com [205.139.111.44]) by lindbergh.monkeyblade.net (Postfix) with ESMTP id 9A34536E3E for ; Mon, 30 May 2022 01:12:29 -0700 (PDT) Received: from mimecast-mx02.redhat.com (mx3-rdu2.redhat.com [66.187.233.73]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id us-mta-500-CWPOlZH8MOauUSWExRM0Zw-1; Mon, 30 May 2022 04:12:23 -0400 X-MC-Unique: CWPOlZH8MOauUSWExRM0Zw-1 Received: from smtp.corp.redhat.com (int-mx07.intmail.prod.int.rdu2.redhat.com [10.11.54.7]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx02.redhat.com (Postfix) with ESMTPS id E8A2B29ABA2A; Mon, 30 May 2022 08:12:22 +0000 (UTC) Received: from localhost.localdomain.com (unknown [10.64.242.130]) by smtp.corp.redhat.com (Postfix) with ESMTP id 5752B1415100; Mon, 30 May 2022 08:12:19 +0000 (UTC) From: Gopal Tiwari To: linux-bluetooth@vger.kernel.org Cc: luiz.dentz@gmail.com, gtiwari@redhat.com Subject: [Bluez 02/13] Fixing memory leakage in appkey.c Date: Mon, 30 May 2022 13:41:58 +0530 Message-Id: <20220530081209.560465-3-gopalkrishna.tiwari@gmail.com> In-Reply-To: <20220530081209.560465-1-gopalkrishna.tiwari@gmail.com> References: <20220530081209.560465-1-gopalkrishna.tiwari@gmail.com> MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.85 on 10.11.54.7 Precedence: bulk List-ID: X-Mailing-List: linux-bluetooth@vger.kernel.org From: Gopal Tiwari While performing the static analysis using the coverity tool found following memroy leak reports bluez-5.64/mesh/appkey.c:143: leaked_storage: Variable "key" going out of scope leaks the storage it points to. Error: RESOURCE_LEAK (CWE-772): bluez-5.64/mesh/appkey.c:146: leaked_storage: Variable "key" going out of scope leaks the storage it points to. Fixing them. Signed-off-by: Gopal Tiwari --- mesh/appkey.c | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/mesh/appkey.c b/mesh/appkey.c index 5088a1812..52fed8c31 100644 --- a/mesh/appkey.c +++ b/mesh/appkey.c @@ -139,11 +139,15 @@ bool appkey_key_init(struct mesh_net *net, uint16_t net_idx, uint16_t app_idx, key->net_idx = net_idx; key->app_idx = app_idx; - if (key_value && !set_key(key, app_idx, key_value, false)) + if (key_value && !set_key(key, app_idx, key_value, false)) { + appkey_key_free(key); return false; + } - if (new_key_value && !set_key(key, app_idx, new_key_value, true)) + if (new_key_value && !set_key(key, app_idx, new_key_value, true)) { + appkey_key_free(key); return false; + } l_queue_push_tail(app_keys, key); From patchwork Mon May 30 08:11:59 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Gopal Tiwari X-Patchwork-Id: 578252 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 740ACC433EF for ; Mon, 30 May 2022 08:12:31 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S233184AbiE3IMa (ORCPT ); Mon, 30 May 2022 04:12:30 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:41692 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S233178AbiE3IM3 (ORCPT ); Mon, 30 May 2022 04:12:29 -0400 Received: from us-smtp-delivery-44.mimecast.com (us-smtp-delivery-44.mimecast.com [207.211.30.44]) by lindbergh.monkeyblade.net (Postfix) with ESMTP id C57753151E for ; Mon, 30 May 2022 01:12:28 -0700 (PDT) Received: from mimecast-mx02.redhat.com (mx3-rdu2.redhat.com [66.187.233.73]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id us-mta-145-82c8eLv6MkisC8Hwy_VHcQ-1; Mon, 30 May 2022 04:12:26 -0400 X-MC-Unique: 82c8eLv6MkisC8Hwy_VHcQ-1 Received: from smtp.corp.redhat.com (int-mx07.intmail.prod.int.rdu2.redhat.com [10.11.54.7]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx02.redhat.com (Postfix) with ESMTPS id 3176F3C02185; Mon, 30 May 2022 08:12:26 +0000 (UTC) Received: from localhost.localdomain.com (unknown [10.64.242.130]) by smtp.corp.redhat.com (Postfix) with ESMTP id BB8671410F36; Mon, 30 May 2022 08:12:23 +0000 (UTC) From: Gopal Tiwari To: linux-bluetooth@vger.kernel.org Cc: luiz.dentz@gmail.com, gtiwari@redhat.com Subject: [Bluez 03/13] Fixing memroy leak in jlink.c Date: Mon, 30 May 2022 13:41:59 +0530 Message-Id: <20220530081209.560465-4-gopalkrishna.tiwari@gmail.com> In-Reply-To: <20220530081209.560465-1-gopalkrishna.tiwari@gmail.com> References: <20220530081209.560465-1-gopalkrishna.tiwari@gmail.com> MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.85 on 10.11.54.7 Precedence: bulk List-ID: X-Mailing-List: linux-bluetooth@vger.kernel.org From: Gopal Tiwari While performing static tool analysis using coverity found following reports for resouse leak bluez-5.64/monitor/jlink.c:111: leaked_storage: Variable "so" going out of scope leaks the storage it points to. bluez-5.64/monitor/jlink.c:113: leaked_storage: Variable "so" going out of scope leaks the storage it points to. Fixing them. Signed-off-by: Gopal Tiwari --- monitor/jlink.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/monitor/jlink.c b/monitor/jlink.c index 9aaa4ebd8..672097004 100644 --- a/monitor/jlink.c +++ b/monitor/jlink.c @@ -107,9 +107,12 @@ int jlink_init(void) !jlink.tif_select || !jlink.setspeed || !jlink.connect || !jlink.getsn || !jlink.emu_getproductname || - !jlink.rtterminal_control || !jlink.rtterminal_read) + !jlink.rtterminal_control || !jlink.rtterminal_read) { + dlclose(so); return -EIO; + } + dlclose(so) return 0; } From patchwork Mon May 30 08:12:00 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Gopal Tiwari X-Patchwork-Id: 578251 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 470C5C433F5 for ; Mon, 30 May 2022 08:12:37 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S233185AbiE3IMg (ORCPT ); Mon, 30 May 2022 04:12:36 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:42048 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S233180AbiE3IMe (ORCPT ); Mon, 30 May 2022 04:12:34 -0400 Received: from us-smtp-delivery-44.mimecast.com (us-smtp-delivery-44.mimecast.com [207.211.30.44]) by lindbergh.monkeyblade.net (Postfix) with ESMTP id D7E3437A33 for ; Mon, 30 May 2022 01:12:33 -0700 (PDT) Received: from mimecast-mx02.redhat.com (mimecast-mx02.redhat.com [66.187.233.88]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id us-mta-563-GjQ-5gtcOuOz68g1S0Fdlg-1; Mon, 30 May 2022 04:12:29 -0400 X-MC-Unique: GjQ-5gtcOuOz68g1S0Fdlg-1 Received: from smtp.corp.redhat.com (int-mx07.intmail.prod.int.rdu2.redhat.com [10.11.54.7]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx02.redhat.com (Postfix) with ESMTPS id 61651100BAA8; Mon, 30 May 2022 08:12:29 +0000 (UTC) Received: from localhost.localdomain.com (unknown [10.64.242.130]) by smtp.corp.redhat.com (Postfix) with ESMTP id 1C18B1410F36; Mon, 30 May 2022 08:12:26 +0000 (UTC) From: Gopal Tiwari To: linux-bluetooth@vger.kernel.org Cc: luiz.dentz@gmail.com, gtiwari@redhat.com Subject: [Bluez 04/13] Fixing memory leak in sixaxis.c Date: Mon, 30 May 2022 13:42:00 +0530 Message-Id: <20220530081209.560465-5-gopalkrishna.tiwari@gmail.com> In-Reply-To: <20220530081209.560465-1-gopalkrishna.tiwari@gmail.com> References: <20220530081209.560465-1-gopalkrishna.tiwari@gmail.com> MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.85 on 10.11.54.7 Precedence: bulk List-ID: X-Mailing-List: linux-bluetooth@vger.kernel.org From: Gopal Tiwari While performing static tool analysis using coverity found following reports for resouse leak bluez-5.64/plugins/sixaxis.c:425: alloc_arg: "get_pairing_type_for_device" allocates memory that is stored into "sysfs_path". bluez-5.64/plugins/sixaxis.c:428: leaked_storage: Variable "sysfs_path" going out of scope leaks the storage it points to. Fixing them. Signed-off-by: Gopal Tiwari --- plugins/sixaxis.c | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/plugins/sixaxis.c b/plugins/sixaxis.c index ddecbcccb..9249c2715 100644 --- a/plugins/sixaxis.c +++ b/plugins/sixaxis.c @@ -424,10 +424,15 @@ static void device_added(struct udev_device *udevice) cp = get_pairing_type_for_device(udevice, &bus, &sysfs_path); if (!cp || (cp->type != CABLE_PAIRING_SIXAXIS && - cp->type != CABLE_PAIRING_DS4)) + cp->type != CABLE_PAIRING_DS4)) { + g_free(sys_path); return; - if (bus != BUS_USB) + } + + if (bus != BUS_USB) { + g_free(sys_path); return; + } info("sixaxis: compatible device connected: %s (%04X:%04X %s)", cp->name, cp->vid, cp->pid, sysfs_path); From patchwork Mon May 30 08:12:01 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Gopal Tiwari X-Patchwork-Id: 577322 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id EB566C433EF for ; Mon, 30 May 2022 08:12:46 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S233228AbiE3IMm (ORCPT ); Mon, 30 May 2022 04:12:42 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:42356 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S233218AbiE3IMi (ORCPT ); Mon, 30 May 2022 04:12:38 -0400 Received: from us-smtp-delivery-44.mimecast.com (us-smtp-delivery-44.mimecast.com [207.211.30.44]) by lindbergh.monkeyblade.net (Postfix) with ESMTP id 0191337A9C for ; Mon, 30 May 2022 01:12:36 -0700 (PDT) Received: from mimecast-mx02.redhat.com (mx3-rdu2.redhat.com [66.187.233.73]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id us-mta-495-ZShMphXOMWW-YS1vpymWEA-1; Mon, 30 May 2022 04:12:33 -0400 X-MC-Unique: ZShMphXOMWW-YS1vpymWEA-1 Received: from smtp.corp.redhat.com (int-mx07.intmail.prod.int.rdu2.redhat.com [10.11.54.7]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx02.redhat.com (Postfix) with ESMTPS id A11953C02183; Mon, 30 May 2022 08:12:32 +0000 (UTC) Received: from localhost.localdomain.com (unknown [10.64.242.130]) by smtp.corp.redhat.com (Postfix) with ESMTP id 3ACD31410DDB; Mon, 30 May 2022 08:12:29 +0000 (UTC) From: Gopal Tiwari To: linux-bluetooth@vger.kernel.org Cc: luiz.dentz@gmail.com, gtiwari@redhat.com Subject: [Bluez 05/13] Fixing leaked_handle in cltest.c Date: Mon, 30 May 2022 13:42:01 +0530 Message-Id: <20220530081209.560465-6-gopalkrishna.tiwari@gmail.com> In-Reply-To: <20220530081209.560465-1-gopalkrishna.tiwari@gmail.com> References: <20220530081209.560465-1-gopalkrishna.tiwari@gmail.com> MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.85 on 10.11.54.7 Precedence: bulk List-ID: X-Mailing-List: linux-bluetooth@vger.kernel.org From: Gopal Tiwari While performing static tool analysis using coverity found following reports for resouse leak bluez-5.64/tools/cltest.c:75: leaked_handle: Handle variable "fd" going out of scope leaks the handle. Signed-off-by: Gopal Tiwari --- tools/cltest.c | 1 + 1 file changed, 1 insertion(+) diff --git a/tools/cltest.c b/tools/cltest.c index 2766fcd23..250c93cc7 100644 --- a/tools/cltest.c +++ b/tools/cltest.c @@ -72,6 +72,7 @@ static bool send_message(const bdaddr_t *src, const bdaddr_t *dst, return false; } + close(fd); return true; } From patchwork Mon May 30 08:12:02 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Gopal Tiwari X-Patchwork-Id: 578249 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 89CA8C433EF for ; Mon, 30 May 2022 08:13:00 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S233309AbiE3IM7 (ORCPT ); Mon, 30 May 2022 04:12:59 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:42972 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S233318AbiE3IMs (ORCPT ); Mon, 30 May 2022 04:12:48 -0400 Received: from us-smtp-delivery-44.mimecast.com (us-smtp-delivery-44.mimecast.com [205.139.111.44]) by lindbergh.monkeyblade.net (Postfix) with ESMTP id 520A76E8D2 for ; Mon, 30 May 2022 01:12:45 -0700 (PDT) Received: from mimecast-mx02.redhat.com (mimecast-mx02.redhat.com [66.187.233.88]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id us-mta-372-aO-wbx35PFy0OyHpE-IJbQ-1; Mon, 30 May 2022 04:12:36 -0400 X-MC-Unique: aO-wbx35PFy0OyHpE-IJbQ-1 Received: from smtp.corp.redhat.com (int-mx07.intmail.prod.int.rdu2.redhat.com [10.11.54.7]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx02.redhat.com (Postfix) with ESMTPS id CAA2880A0B9; Mon, 30 May 2022 08:12:35 +0000 (UTC) Received: from localhost.localdomain.com (unknown [10.64.242.130]) by smtp.corp.redhat.com (Postfix) with ESMTP id A2B57140EBD5; Mon, 30 May 2022 08:12:33 +0000 (UTC) From: Gopal Tiwari To: linux-bluetooth@vger.kernel.org Cc: luiz.dentz@gmail.com, gtiwari@redhat.com Subject: [Bluez 06/13] Fixing leaked_handle in create-image.c Date: Mon, 30 May 2022 13:42:02 +0530 Message-Id: <20220530081209.560465-7-gopalkrishna.tiwari@gmail.com> In-Reply-To: <20220530081209.560465-1-gopalkrishna.tiwari@gmail.com> References: <20220530081209.560465-1-gopalkrishna.tiwari@gmail.com> MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.85 on 10.11.54.7 Precedence: bulk List-ID: X-Mailing-List: linux-bluetooth@vger.kernel.org From: Gopal Tiwari While performing static tool analysis using coverity found following reports for resouse leak bluez-5.64/tools/create-image.c:124: leaked_storage: Variable "map" going out of scope leaks the storage it points to. Signed-off-by: Gopal Tiwari --- tools/create-image.c | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/tools/create-image.c b/tools/create-image.c index aba940da7..90cd87315 100644 --- a/tools/create-image.c +++ b/tools/create-image.c @@ -97,12 +97,13 @@ static void write_block(FILE *fp, const char *pathname, unsigned int ino, map = mmap(NULL, st.st_size, PROT_READ, MAP_SHARED, fd, 0); if (!map || map == MAP_FAILED) { - close(fd); - fd = -1; map = NULL; st.st_size = 0; } + close(fd); + fd = -1; + done: fprintf(fp, HDR_FMT, HDR_MAGIC, ino, mode, 0, 0, 1, 0, (uintmax_t) st.st_size, 0, 0, 0, 0, namelen + 1, 0, name); @@ -117,9 +118,7 @@ done: pad = 3 - ((st.st_size + 3) % 4); for (i = 0; i < pad; i++) fputc(0, fp); - munmap(map, st.st_size); - close(fd); } } From patchwork Mon May 30 08:12:03 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Gopal Tiwari X-Patchwork-Id: 578250 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 02E28C433F5 for ; Mon, 30 May 2022 08:12:56 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S233240AbiE3IMv (ORCPT ); Mon, 30 May 2022 04:12:51 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:42436 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S233218AbiE3IMq (ORCPT ); Mon, 30 May 2022 04:12:46 -0400 Received: from us-smtp-delivery-44.mimecast.com (us-smtp-delivery-44.mimecast.com [205.139.111.44]) by lindbergh.monkeyblade.net (Postfix) with ESMTP id 70EB23B572 for ; Mon, 30 May 2022 01:12:41 -0700 (PDT) Received: from mimecast-mx02.redhat.com (mx3-rdu2.redhat.com [66.187.233.73]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id us-mta-544-DpkBOrIfMneHj-fHFqUQiA-1; Mon, 30 May 2022 04:12:39 -0400 X-MC-Unique: DpkBOrIfMneHj-fHFqUQiA-1 Received: from smtp.corp.redhat.com (int-mx07.intmail.prod.int.rdu2.redhat.com [10.11.54.7]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx02.redhat.com (Postfix) with ESMTPS id C350C1C0515D; Mon, 30 May 2022 08:12:38 +0000 (UTC) Received: from localhost.localdomain.com (unknown [10.64.242.130]) by smtp.corp.redhat.com (Postfix) with ESMTP id 9FDD91415100; Mon, 30 May 2022 08:12:36 +0000 (UTC) From: Gopal Tiwari To: linux-bluetooth@vger.kernel.org Cc: luiz.dentz@gmail.com, gtiwari@redhat.com Subject: [Bluez 07/13] Fixing leaked_handle in l2cap-tester.c Date: Mon, 30 May 2022 13:42:03 +0530 Message-Id: <20220530081209.560465-8-gopalkrishna.tiwari@gmail.com> In-Reply-To: <20220530081209.560465-1-gopalkrishna.tiwari@gmail.com> References: <20220530081209.560465-1-gopalkrishna.tiwari@gmail.com> MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.85 on 10.11.54.7 Precedence: bulk List-ID: X-Mailing-List: linux-bluetooth@vger.kernel.org From: Gopal Tiwari While performing static tool analysis using coverity found following reports for resouse leak bluez-5.64/tools/l2cap-tester.c:1712: leaked_handle: Handle variable "new_sk" going out of scope leaks the handle. Signed-off-by: Gopal Tiwari --- tools/l2cap-tester.c | 1 + 1 file changed, 1 insertion(+) diff --git a/tools/l2cap-tester.c b/tools/l2cap-tester.c index d78b1e29c..3f0464013 100644 --- a/tools/l2cap-tester.c +++ b/tools/l2cap-tester.c @@ -1709,6 +1709,7 @@ static gboolean l2cap_listen_cb(GIOChannel *io, GIOCondition cond, if (!check_mtu(data, new_sk)) { tester_test_failed(); + close(new_sk); return FALSE; } From patchwork Mon May 30 08:12:04 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Gopal Tiwari X-Patchwork-Id: 577321 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 4B780C433EF for ; Mon, 30 May 2022 08:12:57 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S233305AbiE3IMz (ORCPT ); Mon, 30 May 2022 04:12:55 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:42326 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S233309AbiE3IMs (ORCPT ); Mon, 30 May 2022 04:12:48 -0400 Received: from us-smtp-delivery-44.mimecast.com (us-smtp-delivery-44.mimecast.com [207.211.30.44]) by lindbergh.monkeyblade.net (Postfix) with ESMTP id 681FD6EC4A for ; Mon, 30 May 2022 01:12:45 -0700 (PDT) Received: from mimecast-mx02.redhat.com (mimecast-mx02.redhat.com [66.187.233.88]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id us-mta-17-UGt0DmVlMEymLthO7_-CBQ-1; Mon, 30 May 2022 04:12:42 -0400 X-MC-Unique: UGt0DmVlMEymLthO7_-CBQ-1 Received: from smtp.corp.redhat.com (int-mx07.intmail.prod.int.rdu2.redhat.com [10.11.54.7]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx02.redhat.com (Postfix) with ESMTPS id D64B0101AA45; Mon, 30 May 2022 08:12:41 +0000 (UTC) Received: from localhost.localdomain.com (unknown [10.64.242.130]) by smtp.corp.redhat.com (Postfix) with ESMTP id ACD1C1415100; Mon, 30 May 2022 08:12:39 +0000 (UTC) From: Gopal Tiwari To: linux-bluetooth@vger.kernel.org Cc: luiz.dentz@gmail.com, gtiwari@redhat.com Subject: [Bluez 08/13] Fixing resource leak in mesh/mesh-db.c Date: Mon, 30 May 2022 13:42:04 +0530 Message-Id: <20220530081209.560465-9-gopalkrishna.tiwari@gmail.com> In-Reply-To: <20220530081209.560465-1-gopalkrishna.tiwari@gmail.com> References: <20220530081209.560465-1-gopalkrishna.tiwari@gmail.com> MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.85 on 10.11.54.7 Precedence: bulk List-ID: X-Mailing-List: linux-bluetooth@vger.kernel.org From: Gopal Tiwari While performing static tool analysis using coverity found following reports for resouse leak bluez-5.64/tools/mesh/mesh-db.c:2388: leaked_handle: Handle variable "fd" going out of scope leaks the handle. bluez-5.64/tools/mesh/mesh-db.c:2388: leaked_storage: Variable "str" going out of scope leaks the storage it points to. Signed-off-by: Gopal Tiwari --- tools/mesh/mesh-db.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/tools/mesh/mesh-db.c b/tools/mesh/mesh-db.c index fa11837df..896ff722c 100644 --- a/tools/mesh/mesh-db.c +++ b/tools/mesh/mesh-db.c @@ -2384,6 +2384,8 @@ bool mesh_db_load(const char *fname) sz = read(fd, str, st.st_size); if (sz != st.st_size) { + close(fd); + l_free(str); l_error("Failed to read configuration file %s", fname); return false; } From patchwork Mon May 30 08:12:05 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Gopal Tiwari X-Patchwork-Id: 577320 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 96180C433F5 for ; Mon, 30 May 2022 08:13:01 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S233368AbiE3INA (ORCPT ); Mon, 30 May 2022 04:13:00 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:43448 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S233328AbiE3IMt (ORCPT ); Mon, 30 May 2022 04:12:49 -0400 Received: from us-smtp-delivery-44.mimecast.com (us-smtp-delivery-44.mimecast.com [207.211.30.44]) by lindbergh.monkeyblade.net (Postfix) with ESMTP id B91D1762A8 for ; Mon, 30 May 2022 01:12:48 -0700 (PDT) Received: from mimecast-mx02.redhat.com (mimecast-mx02.redhat.com [66.187.233.88]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id us-mta-619-urJmNI8RNKu4Wl1AodO3GQ-1; Mon, 30 May 2022 04:12:45 -0400 X-MC-Unique: urJmNI8RNKu4Wl1AodO3GQ-1 Received: from smtp.corp.redhat.com (int-mx07.intmail.prod.int.rdu2.redhat.com [10.11.54.7]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx02.redhat.com (Postfix) with ESMTPS id 0B4518219B2; Mon, 30 May 2022 08:12:45 +0000 (UTC) Received: from localhost.localdomain.com (unknown [10.64.242.130]) by smtp.corp.redhat.com (Postfix) with ESMTP id D7120140EBD5; Mon, 30 May 2022 08:12:42 +0000 (UTC) From: Gopal Tiwari To: linux-bluetooth@vger.kernel.org Cc: luiz.dentz@gmail.com, gtiwari@redhat.com Subject: [Bluez 09/13] Fixing leaked_handle in obex-client-tool.c Date: Mon, 30 May 2022 13:42:05 +0530 Message-Id: <20220530081209.560465-10-gopalkrishna.tiwari@gmail.com> In-Reply-To: <20220530081209.560465-1-gopalkrishna.tiwari@gmail.com> References: <20220530081209.560465-1-gopalkrishna.tiwari@gmail.com> MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.85 on 10.11.54.7 Precedence: bulk List-ID: X-Mailing-List: linux-bluetooth@vger.kernel.org From: Gopal Tiwari While performing static tool analysis using coverity found following reports for resouse leak bluez-5.64/tools/obex-client-tool.c:315: leaked_handle: Handle variable "sk" going out of scope leaks the handle. Signed-off-by: Gopal Tiwari --- tools/obex-client-tool.c | 1 + 1 file changed, 1 insertion(+) diff --git a/tools/obex-client-tool.c b/tools/obex-client-tool.c index ab9332896..cb0e41247 100644 --- a/tools/obex-client-tool.c +++ b/tools/obex-client-tool.c @@ -312,6 +312,7 @@ static GIOChannel *unix_connect(GObexTransportType transport) if (connect(sk, (struct sockaddr *) &addr, sizeof(addr)) < 0) { err = errno; g_printerr("connect: %s (%d)\n", strerror(err), err); + close(sk); return NULL; } From patchwork Mon May 30 08:12:06 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Gopal Tiwari X-Patchwork-Id: 577319 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id A37B8C433F5 for ; Mon, 30 May 2022 08:13:06 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S233328AbiE3INE (ORCPT ); Mon, 30 May 2022 04:13:04 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:43816 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S233367AbiE3INA (ORCPT ); Mon, 30 May 2022 04:13:00 -0400 Received: from us-smtp-delivery-44.mimecast.com (us-smtp-delivery-44.mimecast.com [205.139.111.44]) by lindbergh.monkeyblade.net (Postfix) with ESMTP id 1BF3764705 for ; Mon, 30 May 2022 01:12:54 -0700 (PDT) Received: from mimecast-mx02.redhat.com (mx3-rdu2.redhat.com [66.187.233.73]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id us-mta-644-GIYGgpYFMjSzz1YaLsDptg-1; Mon, 30 May 2022 04:12:48 -0400 X-MC-Unique: GIYGgpYFMjSzz1YaLsDptg-1 Received: from smtp.corp.redhat.com (int-mx07.intmail.prod.int.rdu2.redhat.com [10.11.54.7]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx02.redhat.com (Postfix) with ESMTPS id 1CD3129AB45B; Mon, 30 May 2022 08:12:48 +0000 (UTC) Received: from localhost.localdomain.com (unknown [10.64.242.130]) by smtp.corp.redhat.com (Postfix) with ESMTP id D32D31410F36; Mon, 30 May 2022 08:12:45 +0000 (UTC) From: Gopal Tiwari To: linux-bluetooth@vger.kernel.org Cc: luiz.dentz@gmail.com, gtiwari@redhat.com Subject: [Bluez 10/13] Fixing use after free in src/device.c Date: Mon, 30 May 2022 13:42:06 +0530 Message-Id: <20220530081209.560465-11-gopalkrishna.tiwari@gmail.com> In-Reply-To: <20220530081209.560465-1-gopalkrishna.tiwari@gmail.com> References: <20220530081209.560465-1-gopalkrishna.tiwari@gmail.com> MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.85 on 10.11.54.7 Precedence: bulk List-ID: X-Mailing-List: linux-bluetooth@vger.kernel.org From: Gopal Tiwari Following traces reported by covirty tool Error: USE_AFTER_FREE (CWE-416): bluez-5.64/src/device.c:2962: path: Condition "!dbus_message_get_args(msg, NULL, 0 /* (int)0 */)", taking false branch. bluez-5.64/src/device.c:2965: path: Condition "device->bonding", taking false branch. bluez-5.64/src/device.c:2968: path: Condition "device->bredr_state.bonded", taking true branch. bluez-5.64/src/device.c:2969: path: Falling through to end of if statement. bluez-5.64/src/device.c:2977: path: Condition "state->bonded", taking false branch. bluez-5.64/src/device.c:2983: path: Condition "agent", taking true branch. bluez-5.64/src/device.c:2984: path: Falling through to end of if statement. bluez-5.64/src/device.c:2990: path: Condition "agent", taking true branch. bluez-5.64/src/device.c:3005: path: Condition "bdaddr_type != 0", taking true branch. bluez-5.64/src/device.c:3006: path: Condition "!state->connected", taking true branch. bluez-5.64/src/device.c:3006: path: Condition "btd_le_connect_before_pairing()", taking true branch. bluez-5.64/src/device.c:3007: freed_arg: "device_connect_le" frees "device->bonding". bluez-5.64/src/device.c:3007: path: Falling through to end of if statement. bluez-5.64/src/device.c:3012: path: Falling through to end of if statement. bluez-5.64/src/device.c:3017: path: Condition "err < 0", taking true branch. bluez-5.64/src/device.c:3018: double_free: Calling "bonding_request_free" frees pointer "device->bonding" which has already been freed. Signed-off-by: Gopal Tiwari --- src/device.c | 1 + 1 file changed, 1 insertion(+) diff --git a/src/device.c b/src/device.c index 8dc12d026..a0e5d40db 100644 --- a/src/device.c +++ b/src/device.c @@ -2942,6 +2942,7 @@ static void bonding_request_free(struct bonding_req *bonding) bonding->device->bonding = NULL; g_free(bonding); + bonding = NULL; } static DBusMessage *pair_device(DBusConnection *conn, DBusMessage *msg, From patchwork Mon May 30 08:12:07 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Gopal Tiwari X-Patchwork-Id: 578247 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 1DC63C433EF for ; Mon, 30 May 2022 08:13:08 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S233243AbiE3ING (ORCPT ); Mon, 30 May 2022 04:13:06 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:42700 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S233180AbiE3IM6 (ORCPT ); Mon, 30 May 2022 04:12:58 -0400 Received: from us-smtp-delivery-44.mimecast.com (us-smtp-delivery-44.mimecast.com [207.211.30.44]) by lindbergh.monkeyblade.net (Postfix) with ESMTP id 1C66C7629A for ; Mon, 30 May 2022 01:12:55 -0700 (PDT) Received: from mimecast-mx02.redhat.com (mimecast-mx02.redhat.com [66.187.233.88]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id us-mta-449-6Mi8KDGLPYCKCEwxUFlBNQ-1; Mon, 30 May 2022 04:12:51 -0400 X-MC-Unique: 6Mi8KDGLPYCKCEwxUFlBNQ-1 Received: from smtp.corp.redhat.com (int-mx07.intmail.prod.int.rdu2.redhat.com [10.11.54.7]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx02.redhat.com (Postfix) with ESMTPS id 2F58980013E; Mon, 30 May 2022 08:12:51 +0000 (UTC) Received: from localhost.localdomain.com (unknown [10.64.242.130]) by smtp.corp.redhat.com (Postfix) with ESMTP id 075AC1410F36; Mon, 30 May 2022 08:12:48 +0000 (UTC) From: Gopal Tiwari To: linux-bluetooth@vger.kernel.org Cc: luiz.dentz@gmail.com, gtiwari@redhat.com Subject: [Bluez 11/13] Fixing memory leak in pbap.c Date: Mon, 30 May 2022 13:42:07 +0530 Message-Id: <20220530081209.560465-12-gopalkrishna.tiwari@gmail.com> In-Reply-To: <20220530081209.560465-1-gopalkrishna.tiwari@gmail.com> References: <20220530081209.560465-1-gopalkrishna.tiwari@gmail.com> MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.85 on 10.11.54.7 Precedence: bulk List-ID: X-Mailing-List: linux-bluetooth@vger.kernel.org From: Gopal Tiwari Reported by coverity tool as follows: bluez-5.64/obexd/client/pbap.c:929: leaked_storage: Variable "apparam" going out of scope leaks the storage it points to. Signed-off-by: Gopal Tiwari --- obexd/client/pbap.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/obexd/client/pbap.c b/obexd/client/pbap.c index 1a2bacc9f..98e337ea1 100644 --- a/obexd/client/pbap.c +++ b/obexd/client/pbap.c @@ -925,10 +925,11 @@ static DBusMessage *pbap_search(DBusConnection *connection, return g_dbus_create_error(message, ERROR_INTERFACE ".InvalidArguments", NULL); - if (dbus_message_iter_get_arg_type(&args) != DBUS_TYPE_STRING) + if (dbus_message_iter_get_arg_type(&args) != DBUS_TYPE_STRING) { + g_obex_apparam_free(apparam); return g_dbus_create_error(message, ERROR_INTERFACE ".InvalidArguments", NULL); - + } dbus_message_iter_get_basic(&args, &value); dbus_message_iter_next(&args); From patchwork Mon May 30 08:12:08 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Gopal Tiwari X-Patchwork-Id: 578248 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id B77D4C433F5 for ; Mon, 30 May 2022 08:13:04 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S233224AbiE3INC (ORCPT ); Mon, 30 May 2022 04:13:02 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:42700 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S233341AbiE3INA (ORCPT ); Mon, 30 May 2022 04:13:00 -0400 Received: from us-smtp-delivery-44.mimecast.com (us-smtp-delivery-44.mimecast.com [207.211.30.44]) by lindbergh.monkeyblade.net (Postfix) with ESMTP id 217AB37017 for ; Mon, 30 May 2022 01:12:58 -0700 (PDT) Received: from mimecast-mx02.redhat.com (mx3-rdu2.redhat.com [66.187.233.73]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id us-mta-581-9DxRYK9bOJSSAFICN6qNxA-1; Mon, 30 May 2022 04:12:55 -0400 X-MC-Unique: 9DxRYK9bOJSSAFICN6qNxA-1 Received: from smtp.corp.redhat.com (int-mx07.intmail.prod.int.rdu2.redhat.com [10.11.54.7]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx02.redhat.com (Postfix) with ESMTPS id D7CEB29ABA25; Mon, 30 May 2022 08:12:54 +0000 (UTC) Received: from localhost.localdomain.com (unknown [10.64.242.130]) by smtp.corp.redhat.com (Postfix) with ESMTP id 30DE91410F36; Mon, 30 May 2022 08:12:51 +0000 (UTC) From: Gopal Tiwari To: linux-bluetooth@vger.kernel.org Cc: luiz.dentz@gmail.com, gtiwari@redhat.com Subject: [Bluez 12/13] Fixing possible use_after_free in meshctl.c Date: Mon, 30 May 2022 13:42:08 +0530 Message-Id: <20220530081209.560465-13-gopalkrishna.tiwari@gmail.com> In-Reply-To: <20220530081209.560465-1-gopalkrishna.tiwari@gmail.com> References: <20220530081209.560465-1-gopalkrishna.tiwari@gmail.com> MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.85 on 10.11.54.7 Precedence: bulk List-ID: X-Mailing-List: linux-bluetooth@vger.kernel.org From: Gopal Tiwari Reported by coverity tool as follows : bluez-5.64/tools/meshctl.c:1968: freed_arg: "g_free" frees "mesh_dir". bluez-5.64/tools/meshctl.c:2018: double_free: Calling "g_free" frees pointer "mesh_dir" which has already been freed. Signed-off-by: Gopal Tiwari --- tools/meshctl.c | 1 - 1 file changed, 1 deletion(-) diff --git a/tools/meshctl.c b/tools/meshctl.c index 18e20c40d..38ffd35f3 100644 --- a/tools/meshctl.c +++ b/tools/meshctl.c @@ -2015,7 +2015,6 @@ int main(int argc, char *argv[]) fail: bt_shell_cleanup(); - g_free(mesh_dir); return EXIT_FAILURE; } From patchwork Mon May 30 08:12:09 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Gopal Tiwari X-Patchwork-Id: 577318 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 5EF89C433F5 for ; Mon, 30 May 2022 08:13:09 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S233213AbiE3INI (ORCPT ); Mon, 30 May 2022 04:13:08 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:43340 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S233195AbiE3INB (ORCPT ); Mon, 30 May 2022 04:13:01 -0400 Received: from us-smtp-delivery-44.mimecast.com (us-smtp-delivery-44.mimecast.com [207.211.30.44]) by lindbergh.monkeyblade.net (Postfix) with ESMTP id CA1EB37A02 for ; Mon, 30 May 2022 01:13:00 -0700 (PDT) Received: from mimecast-mx02.redhat.com (mimecast-mx02.redhat.com [66.187.233.88]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id us-mta-655-fxl7M77oPbG42cUxnaCIUA-1; Mon, 30 May 2022 04:12:58 -0400 X-MC-Unique: fxl7M77oPbG42cUxnaCIUA-1 Received: from smtp.corp.redhat.com (int-mx07.intmail.prod.int.rdu2.redhat.com [10.11.54.7]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx02.redhat.com (Postfix) with ESMTPS id CFB13802803; Mon, 30 May 2022 08:12:57 +0000 (UTC) Received: from localhost.localdomain.com (unknown [10.64.242.130]) by smtp.corp.redhat.com (Postfix) with ESMTP id ACE7B1410F36; Mon, 30 May 2022 08:12:55 +0000 (UTC) From: Gopal Tiwari To: linux-bluetooth@vger.kernel.org Cc: luiz.dentz@gmail.com, gtiwari@redhat.com Subject: [Bluez 13/13] Fixing use_after_free in prov-db.c Date: Mon, 30 May 2022 13:42:09 +0530 Message-Id: <20220530081209.560465-14-gopalkrishna.tiwari@gmail.com> In-Reply-To: <20220530081209.560465-1-gopalkrishna.tiwari@gmail.com> References: <20220530081209.560465-1-gopalkrishna.tiwari@gmail.com> MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.85 on 10.11.54.7 Precedence: bulk List-ID: X-Mailing-List: linux-bluetooth@vger.kernel.org From: Gopal Tiwari Following scenario happens when prov is false and we have double free as mentioned in the below bluez-5.64/tools/mesh-gatt/prov-db.c:847: freed_arg: "g_free" frees "in_str". bluez-5.64/tools/mesh-gatt/prov-db.c:867: double_free: Calling "g_free" frees pointer "in_str" which has already been freed. Signed-off-by: Gopal Tiwari --- tools/mesh-gatt/prov-db.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/tools/mesh-gatt/prov-db.c b/tools/mesh-gatt/prov-db.c index 2fb08f799..a5b6997e0 100644 --- a/tools/mesh-gatt/prov-db.c +++ b/tools/mesh-gatt/prov-db.c @@ -859,7 +859,8 @@ bool prov_db_local_set_iv_index(uint32_t iv_index, bool update, bool prov) set_local_iv_index(jmain, iv_index, update); prov_file_write(jmain, false); - } + } else + return true; res = true; done: