From patchwork Mon Apr 28 19:51:18 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Luiz Augusto von Dentz X-Patchwork-Id: 885546 Received: from mail-vk1-f181.google.com (mail-vk1-f181.google.com [209.85.221.181]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 1D14F289363 for ; Mon, 28 Apr 2025 19:51:28 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.221.181 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1745869890; cv=none; b=DgBk4gcXvovLtI9PWuIZGpzMmP5w1zL7T+ZaxEV3yPJowYELgBA/qy5dKJ2L6bFYsZfN6r/Bwiv2aygEMg8P5NBYmUX/IOgN9NsfTQiNOWUi9wNjqF4VgefS5dcf1VZ33fnTlj3k9b0DByEzHCgwa/UB01huBZfomGSlMJHRw44= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1745869890; c=relaxed/simple; bh=QnIKf7xKqRPVGiJSyTw0TZO9X8KjEvOqzRHkBAj1+I8=; h=From:To:Subject:Date:Message-ID:MIME-Version; b=NIZ2ZA5se0iXfUNFiNtUjaSGrlVrwd89GBvZo4VJ/W/ydUeNa5nHJM2jxQznQzcewKvCm2kUsLqJCtKAiYFdQy68BMrv9QgHXiMqu5+OQfsaCExvtt6fsCADxi1GVbVyMPSR47hPy5MTfUBjf210BO0lM/SM2n3mZVytGuqCXqk= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com; spf=pass smtp.mailfrom=gmail.com; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b=BSPg3vgD; arc=none smtp.client-ip=209.85.221.181 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="BSPg3vgD" Received: by mail-vk1-f181.google.com with SMTP id 71dfb90a1353d-5259327a93bso1950994e0c.2 for ; Mon, 28 Apr 2025 12:51:28 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1745869887; x=1746474687; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:message-id:date:subject:to :from:from:to:cc:subject:date:message-id:reply-to; bh=Rg2NnFMoAzLfNnPHsUIspeomj4aeRRPa5M7MDPpUqG8=; b=BSPg3vgD47rrOVXQ8ruy6tUvVMmFmZKruViZqfoGhquCqczSNwkZelsJyNPo9rbJ9g FG30jaUjrakIlVyuuc4NrHCwLaEkrSwfv0tRYa+F+zkOoGc8YfchVwQiEAivgiyWrx4N uhoilFamEHQfFp4CO/POgeg4W6uT3NCUkY//oRqclFu29JJMXp6PM25ICXJdsMJIINEq gqjTwwsdPPT5i2LOHJn9zE1Xjw5jVDrafoTB1Vy/SD4bTI/DEIFoZWFdk5CZfZXLeqQi 03H9WmQq6RY/Elm8kbYB9WMKOPj6JH5VAoQ7SLtVu90FNvjNdIJGExeEFdC1rJ3ydrZF GCyg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1745869887; x=1746474687; h=content-transfer-encoding:mime-version:message-id:date:subject:to :from:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=Rg2NnFMoAzLfNnPHsUIspeomj4aeRRPa5M7MDPpUqG8=; b=LoAjluVBgSRVia0Oj/a5pPuKpQzHqcqq0nRQVGcnL7iUegoyrQXzU1uPza2A7TrbLT 7/YmcoELmzQdpIz3PeJPcf3USewPai2aRKzuATv3Y3ueDdmZPzMYlEAt+jAI10QOow3n tUprBf5otykCWUCrqSqyUxFbmubFDhmQjOnRlTimgRiE9t0Sha2OmLBjbRbLNcKPQ+Eh lxfvWklft/ojV8yiU31iyA8xfBM52FJx5OpIz8CT3FUY9/hvMk3YwZsVGDArLAFM6yJw thIjW+U7LjFU2GB46Ltb7+EBVNaMRzqo95IW7lGEOcZeetz4BijlZXuHJ3uXpnKCIRtE co7Q== X-Gm-Message-State: AOJu0YwzI7BpJEmAwFJu90kbhtODaHd4j1Ja9sWjGH8yMAtu/OyDDFZa P4bpGtxH+XW/ypTooD5fcqqx9LNEVo7WtIgZjcLJqLyLybOUlaiofc1dhUd0PGE= X-Gm-Gg: ASbGncv89168rgaa/zaCBWUxLhY0Z8sESqA0z0II1dpZckYEkGpKOQ61J1PzYMQ4jf3 GRpy4khRltpneORllZMPO8MisvbJuqC2t+xMxFARm+rDwLt+wTSI1HQQDyFRM0GYuFboj7GnZbI 0LvLWez4avd1HENP67FC83vV0HYZ7OEssBdT98AnKg1H1MGZZvvmUq9UyV1eg5PKZErkpuhRR/W /HbsN7nQhvV23qtYoUpBSU6YVHEMA99XaCK2KsOFYmFvEHWOSipXG5LDQCq3Pto+JwN1tEDCK9q Nj4yQDRkeO4gY5sPhmUh1ZnOxekm3ZC1+SNLTNZO32qmBkR33eNcQN/6ork2XcfAXpSceGaiRNz +HAXvRIilZg== X-Google-Smtp-Source: AGHT+IHK4px9bFHIfvtPZmSNQUDeQJWQQ9pW+ZspMRF0hE91mEb3ZrOaRqksR4eXgyKkN8Nn8fwJ7A== X-Received: by 2002:a05:6122:d04:b0:529:b2:ea5e with SMTP id 71dfb90a1353d-52abf0421e8mr607727e0c.2.1745869887288; Mon, 28 Apr 2025 12:51:27 -0700 (PDT) Received: from lvondent-mobl5.. (syn-050-089-067-214.res.spectrum.com. [50.89.67.214]) by smtp.gmail.com with ESMTPSA id 71dfb90a1353d-52a99279c2dsm1067669e0c.27.2025.04.28.12.51.25 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 28 Apr 2025 12:51:26 -0700 (PDT) From: Luiz Augusto von Dentz To: linux-bluetooth@vger.kernel.org Subject: [PATCH BlueZ v2 1/5] main: Fix comparison of narrow type with wide type in loop condition Date: Mon, 28 Apr 2025 15:51:18 -0400 Message-ID: <20250428195122.2000808-1-luiz.dentz@gmail.com> X-Mailer: git-send-email 2.49.0 Precedence: bulk X-Mailing-List: linux-bluetooth@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 From: Luiz Augusto von Dentz In a loop condition, comparison of a value of a narrow type with a value of a wide type may result in unexpected behavior if the wider value is sufficiently large (or small). Fixes: https://github.com/bluez/bluez/issues/1213 --- src/main.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/main.c b/src/main.c index 6a682e9b921f..3c51a0092425 100644 --- a/src/main.c +++ b/src/main.c @@ -501,7 +501,7 @@ static void parse_mode_config(GKeyFile *config, const char *group, const struct config_param *params, size_t params_len) { - uint16_t i; + size_t i; if (!config) return; From patchwork Mon Apr 28 19:51:19 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Luiz Augusto von Dentz X-Patchwork-Id: 885858 Received: from mail-vk1-f180.google.com (mail-vk1-f180.google.com [209.85.221.180]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id C1A982951C9 for ; Mon, 28 Apr 2025 19:51:30 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.221.180 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1745869892; cv=none; b=uEBO1UJeJlDxY48r/pNgho4+bFn6a7zOqkNxuxx9cmfxdFznWlcadrnv8Wvgou3gOPgZmMYO8EeBg4+kmtaHn0T+1yGn2CrSLdi28r21mdNb3azvME7nEQG8Wk6BlOhmw7V6JRzd7OaF3bUtawCQE8qTxdOY2IiQvogYd34uGlQ= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1745869892; c=relaxed/simple; bh=nE0NWE1fFey8Y44xOvPHfv5x7bC6k6ZAvJZ2ASyd6Ko=; h=From:To:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=Y9X47os/BKmgI5J+H+EbH2sJ/+EiEwDMNDIidW9GMcrAwP5iDvnJT4qOHPZiQW5x7vylOFurR7RBUH7TW+10/IjNoPCPvtbhJ5+1w9GfJySxu7UqvoGGKtpUt14CAq4qDgW51QHV7aFKyitp1trtakuNpDUMxRLLb3ieUvXoKlc= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com; spf=pass smtp.mailfrom=gmail.com; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b=ZwojCkLg; arc=none smtp.client-ip=209.85.221.180 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="ZwojCkLg" Received: by mail-vk1-f180.google.com with SMTP id 71dfb90a1353d-5240b014f47so2213035e0c.1 for ; Mon, 28 Apr 2025 12:51:30 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1745869889; x=1746474689; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=IB+lsq+QMlgAo5Jf8RjgkOhIMJ6zPfvm2iKuWTRT1bc=; b=ZwojCkLgq08WyUa3yD6xllqYmCrTeKgsWlrtwpeGoIHaZlkD8mleLndzogYh+Iwh6h LxTr3zHOq88gPVU97rsvmtDz8Hz+DUiZDYvT5ThbBrs4w17eXAzC609p/0CVLKXimT8P t7e+hNE5QEY+or0L1kQnetWOz2JE4Q1tI9A2qEPNvrS2S5T0cdk616PkR+E+QXw4qWxR QXKFwqZeNhTI9uEb6Nw9im4cDhj5HAI5EjnJ8oNFuHOLHRIcsSKt+6cRu6KyRuLytlfT nVBp9drG8LeMR6MIzOY5I0qRHJCvxjyozxnv4th7KZex8eNRzTnecVhMYKd0bbtkXi+/ BNdw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1745869889; x=1746474689; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=IB+lsq+QMlgAo5Jf8RjgkOhIMJ6zPfvm2iKuWTRT1bc=; b=ocv0EdjuUA/WrTEzgLVbZUY9Ow2ZLT3jzpcFIZjcE5HMLuSgLfiWnbEBdmz1gyRt5u 4nR5xfYswqC57dSyw1UX6XV7BFBlUFzIWE4Q0yaIHHHmC+/mSdxTMz0/ThpQKup3C9MQ udVHJ9josoiGsBhhOCFX+B+/xWDjME0S3rfi6Q/tpre0iZ8Rhgqy3o+g4rkPNr56V6J4 zEg+8IEO5eTAQGEZSUyoO9IGLT7br5xoeINYzSzSg93EU8FNueKvJZO2ay7c89KJK5t+ QMc95cwmPplMmJGmt9V0bc33j1dOit4+oKg6UbHH+BUBu7x1fQ7NPImxZZXI3232c2kq u1LA== X-Gm-Message-State: AOJu0YxhrPzq0VjqzzIRgfowJyS4q0p7/SUc2ja3jbJNja5I+m8Pacrw GEpuaPgB2lPHdb3J+VN+OiBx4vwKg4rJfeu/Xlzq7fUe+R96ynnWUQjv+MSqSKw= X-Gm-Gg: ASbGncto51qRVDtfJWMVrms7XRo3P7ebe91rYjH2gPm4lBW3nWK6cjuKrK9RmeB/NwJ aHbk5mjud0i728XALBgI2MRE8Ee/BcY8yhbRPzmd7DL/sdDImH99ZuwkUh9RGwEh82R7xpHHUOX JZo/UmYeLADxbkvmPRiIB8KYcGgo7AQSVJR085v91L+/mrJDMkRipHPj7THcoNf+RnQVRkytjT3 5xtL6QIBs4nGZkctNgE6JK6fz4p12YI8vz9UmiRmEKGSF0EbA/GX+vyhWzFZ+HU+0+Ev4bsa7AW uDikFk6noUVWs4VUY9EQHxyQ2QrKdmpCtJ1dUdfMhTstBSTRoMqfhvE4RfPG8QqmhkEp+tSYHAL dcJPPsUql4g== X-Google-Smtp-Source: AGHT+IFdIDKhnZIZllqpJfff1u77XaPOzQArZAoCFmolLZLYDv8/dKG7cjMWzpLNDgmcCY1BVZ/7Tw== X-Received: by 2002:a05:6122:1794:b0:523:e9d2:404d with SMTP id 71dfb90a1353d-52a9716cd80mr6120575e0c.11.1745869888995; Mon, 28 Apr 2025 12:51:28 -0700 (PDT) Received: from lvondent-mobl5.. (syn-050-089-067-214.res.spectrum.com. [50.89.67.214]) by smtp.gmail.com with ESMTPSA id 71dfb90a1353d-52a99279c2dsm1067669e0c.27.2025.04.28.12.51.27 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 28 Apr 2025 12:51:27 -0700 (PDT) From: Luiz Augusto von Dentz To: linux-bluetooth@vger.kernel.org Subject: [PATCH BlueZ v2 2/5] client/mgmt: Fix comparison of narrow type with wide type in loop condition Date: Mon, 28 Apr 2025 15:51:19 -0400 Message-ID: <20250428195122.2000808-2-luiz.dentz@gmail.com> X-Mailer: git-send-email 2.49.0 In-Reply-To: <20250428195122.2000808-1-luiz.dentz@gmail.com> References: <20250428195122.2000808-1-luiz.dentz@gmail.com> Precedence: bulk X-Mailing-List: linux-bluetooth@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 From: Luiz Augusto von Dentz In a loop condition, comparison of a value of a narrow type with a value of a wide type may result in unexpected behavior if the wider value is sufficiently large (or small). Fixes: https://github.com/bluez/bluez/issues/1211 --- client/mgmt.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/client/mgmt.c b/client/mgmt.c index 1946d65d2fe2..86b5879db8b0 100644 --- a/client/mgmt.c +++ b/client/mgmt.c @@ -571,7 +571,7 @@ static void confirm_name_rsp(uint8_t status, uint16_t len, static char *eir_get_name(const uint8_t *eir, uint16_t eir_len) { - uint8_t parsed = 0; + uint16_t parsed = 0; if (eir_len < 2) return NULL; @@ -599,7 +599,7 @@ static char *eir_get_name(const uint8_t *eir, uint16_t eir_len) static unsigned int eir_get_flags(const uint8_t *eir, uint16_t eir_len) { - uint8_t parsed = 0; + uint16_t parsed = 0; if (eir_len < 2) return 0; From patchwork Mon Apr 28 19:51:20 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Luiz Augusto von Dentz X-Patchwork-Id: 885545 Received: from mail-vk1-f175.google.com (mail-vk1-f175.google.com [209.85.221.175]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 555FC2951C9 for ; Mon, 28 Apr 2025 19:51:32 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.221.175 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1745869894; cv=none; b=bgAce3lMfb31v/Y9CwlN8vBwj/MJBQMLNLkm6WvCff1fgj1m33uiKZ/fv32iypFLBaV56f/zV5kcN8B6LnBANPxwjjXQwwOjatWSsCdCYT4rhfISvmlH7IqsDIGv1/Zlr8p2qcJNIRpQSJPySlFHHNNRjDusXGUYT54Qr+LTqEY= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1745869894; c=relaxed/simple; bh=JJfipXQk1PyQD/mEXr9AggEJthLLp5N4AI6Twj8Ouro=; h=From:To:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=qBvJ4iLtUo238nML7oN5gSXXTYsUI4Oio3ruxXq4yN5tHmaNu/JDgNH5yJwnPOi4daA7Al5wJ+8Ya+lx/ZAj197brBleIw9GR2j0cj5Bz60cZmyzgfJUDncQ1T7ao5bVg7YaPXdK2P97S4nyN0O34P7JkygtNJVbS9Bg/Jtn/6U= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com; spf=pass smtp.mailfrom=gmail.com; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b=R9xUW3Eh; arc=none smtp.client-ip=209.85.221.175 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="R9xUW3Eh" Received: by mail-vk1-f175.google.com with SMTP id 71dfb90a1353d-5241abb9761so1908981e0c.1 for ; Mon, 28 Apr 2025 12:51:32 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1745869890; x=1746474690; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=W+qHI0gVWEFa5ZQBSlOOTvwkkqU6pVunKHNS9oPVueU=; b=R9xUW3EhzmVxU62cInBHgv986CHTEHp/Jz2sr8ulZWLdNUG4dJAQeioHDrG1yWKooP p/Wk9Mm5heChquj1kr2dbeE9/PZKe5rLffdZlXWrZ9hvmEoGiG9feivtPbdYrYkFcW4l 5a51E7yV7LDsZ9GcpllHjma+kSd/+BWtqbI7G99kN5ZwhTwnwZNB/7lJKhRwMnCr4TzS rFxJFlTKyPzxijeNN/67JlSo6G5s7xIGEY+cVrC9g0JplMn3IAZpIbsfQdt6mZcDrcyO 0FZlmkvzYXL3jp7sJj5TaG+pBc4XjH+Ru4z+cvrPd/Mn+fRxBEq9XjHhH/p5++7KDO3r QGog== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1745869890; x=1746474690; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=W+qHI0gVWEFa5ZQBSlOOTvwkkqU6pVunKHNS9oPVueU=; b=qmfpub+dP28lOHbJ0GIdqYl+cY9RhQQ900dxGVgaPAxCAKlxzVTc/a2up80x7QpPNi 36zGBeI73Z1t3FuBzb+eODg+O4BLsGqhP0ytH6OFuT8Mo33v6q5wKgej5rlM+sC/7WGJ GB9qV0PkZDMP3hKk/7icNSNAOlmErChqQX1WxOWPbyjAJ8b32dq+TEyDMRzIL9rJtIkR GQmCTJIQagi2jaZbuYqQj/RX7OsS68fg54P/SE02JcNeSjGSsOSSVJiLLz5+URyYP8sG tbgOrGjhpzomWmhV+f2kAj+fT+i5isDBjgq25UdLgEp9q5ouEBYigCqHK5SYmGD17mxg ou1A== X-Gm-Message-State: AOJu0YyE8tip9Hcj2tXO6De0OTgS8hCbnFBzQFtuvhfcXm+MUy1IjrFx aihczM4vLGu184LaNiSwQjkzAptJssd78zDxFACh3WPbB0Tdh1CH8KffIzvEEk4= X-Gm-Gg: ASbGncvl7RztKceRepXdV+svXVRQEnaCQWiqHR4GjGht81NgC4rBOG9fY7pjw9QjIek JHbspz0iV0NyW/ybxvto1uBHzQBBxTPhQeE/qidt206nV2lFSulaaqHoh9tICNf887vikWnB9NQ N8ZMWtWus6ExIvkaxy2rLeV9MjiccASxHkYttDB28Ek08rnYhSWB/Qi8uqb+9Fd0nciqIq+g7bB sPBTJid9hTHC5oGuAfs3Liq03+rqn1g73jwgCsc1X0iL0U9ZWWcJ529lM4i5YntNNjFvd62RrYi UuZsFuIjAU+ogIJ0IBPWa0zb10g2x4QVbXSGiKOkVTvF45Pb/xJ8UaUL/cPxthHQ94BNADQ0eAF KJzwW5l9/YA== X-Google-Smtp-Source: AGHT+IH9PNZzupj8Gp/PVRgQKknjWNUPlThwPqCx4ujPPdDLNj26++iYeHx+Os88vFcQg2QHOAEAhA== X-Received: by 2002:a05:6122:a1b:b0:529:2644:5eec with SMTP id 71dfb90a1353d-52abf1d62b8mr597363e0c.8.1745869890528; Mon, 28 Apr 2025 12:51:30 -0700 (PDT) Received: from lvondent-mobl5.. (syn-050-089-067-214.res.spectrum.com. [50.89.67.214]) by smtp.gmail.com with ESMTPSA id 71dfb90a1353d-52a99279c2dsm1067669e0c.27.2025.04.28.12.51.29 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 28 Apr 2025 12:51:29 -0700 (PDT) From: Luiz Augusto von Dentz To: linux-bluetooth@vger.kernel.org Subject: [PATCH BlueZ v2 3/5] test-runner: Fix potentially overflowing call to snprintf Date: Mon, 28 Apr 2025 15:51:20 -0400 Message-ID: <20250428195122.2000808-3-luiz.dentz@gmail.com> X-Mailer: git-send-email 2.49.0 In-Reply-To: <20250428195122.2000808-1-luiz.dentz@gmail.com> References: <20250428195122.2000808-1-luiz.dentz@gmail.com> Precedence: bulk X-Mailing-List: linux-bluetooth@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 From: Luiz Augusto von Dentz The return value of a call to snprintf is the number of characters that would have been written to the buffer assuming there was sufficient space. In the event that the operation reaches the end of the buffer and more than one character is discarded, the return value will be greater than the buffer size. Fixes: https://github.com/bluez/bluez/issues/1215 --- tools/test-runner.c | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/tools/test-runner.c b/tools/test-runner.c index 1d770330ceaa..7c9386d2c3d3 100644 --- a/tools/test-runner.c +++ b/tools/test-runner.c @@ -261,7 +261,15 @@ static void start_qemu(void) for (i = 1; i < test_argc; i++) { int len = sizeof(testargs) - pos; - pos += snprintf(testargs + pos, len, " %s", test_argv[i]); + int n = snprintf(testargs + pos, len, " %s", test_argv[i]); + + if (n < 0 || n >= len) { + fprintf(stderr, "Buffer overflow detected in " + "testargs\n"); + exit(EXIT_FAILURE); + } + + pos += n; } snprintf(cmdline, sizeof(cmdline), From patchwork Mon Apr 28 19:51:21 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Luiz Augusto von Dentz X-Patchwork-Id: 885857 Received: from mail-vk1-f173.google.com (mail-vk1-f173.google.com [209.85.221.173]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id A74052951C9 for ; Mon, 28 Apr 2025 19:51:34 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.221.173 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1745869897; cv=none; b=JImdccenMvMgOSp8DvDEpxzJu724Rkuxs5jSZbuaXbNpP7MGlY4jk+hkthn8/QjbGBYJXQXq+b+fSVY5w7TWHzsnWkcENi0oOYJCghUnTrcPHsLkIE1r7oCEW+vEieuJGSF2vdb4rIFxP+V0CXCz/rtbEnv6HKf6671C+WsxikA= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1745869897; c=relaxed/simple; bh=ZiUpzfTJrz53vAUDud9dcxIYBvSvKSP+4hBqH46Gcwk=; h=From:To:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=XVKQs8EIN1iNrVvnLdi9YHae/148cNUepJpkKEANn0x/d18BG0u9BaZSPpczDJd/fiwf7kxAaG4Cdw98Gdxi37p16gFy0fWR2v0BT3FlxdPdEqqPEdeoyq6uEa/Fu4fXsgr0LEn6Qk2zPUy+0ZjK0hHoHdMZmHoxSoZP8KLk9lM= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com; spf=pass smtp.mailfrom=gmail.com; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b=CVOWCvvJ; arc=none smtp.client-ip=209.85.221.173 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="CVOWCvvJ" Received: by mail-vk1-f173.google.com with SMTP id 71dfb90a1353d-527b70bd90dso2177983e0c.3 for ; Mon, 28 Apr 2025 12:51:34 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1745869893; x=1746474693; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=U/H1Vtpx2DHWeRgA7B2h/gDRzSIkoRvnLxoWcDny+xw=; b=CVOWCvvJZ+N7apOucHgoIrzX6pB0hDuLk75EaswkVSlMJEcSkpDPuIDp9EHkUwsA+r a2aU1bbKsHLuFPbT99ba/Q2MVWKPQRk7004etTstjGJdwQyKImzaZSTy6eCzvYDzxB/W hjEKEsMGF5p08MG3oUZ3VhR/QDFc+UwuGWwGxwnLGP8MPAWPdgZkqez7T+BtbhuTXKP7 SjrSq74AoFX8BMws1dZopt/K4Z9GrgcWxo1GpObm1r/UYe4psk3osEN9K3eS9o7W1Gc8 QO5HlIcXR1gKgGhmEsWVc6okWW72IUwQ8d/CC+5WbSjMFBSjAEb0BxTbloeGvq9rVMIS eAsA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1745869893; x=1746474693; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=U/H1Vtpx2DHWeRgA7B2h/gDRzSIkoRvnLxoWcDny+xw=; b=iJqlLJwhZfLv/PC+276h9bjXsduj+38n7dvPI4PYgcAq3VD9Pus6vtb73BeBosmiST /dCdj8whJ9LXjpUMOlpWShvrAPpMdytPN9pXyMNr0uqj/RARGyqDSNO3Xs6Ct5lI3LI6 PEVmRY44X+MEs6dNiP6ShwnVZOx57NgV6BIv9OCd1sHf2DxBRhKBVF/zftVCIt+wQx1C BLF00pKczhRtvY+8/zBkTCXi/xJ//p4emNQY2jA/rnWF7kRVRzVPE8YARGVpLmPtK1Tr 7WfCK+zHco+dO/NEXU5t8q5d6v4w0HUC8Nrcx05SjBmca9BNZs01dCdutb0vbVSO95e4 UDug== X-Gm-Message-State: AOJu0YwlJSrqn+SS2AU0TUveC93mTC7IBlsl/POA9QbLXOLW3rHtM6mJ lugSWaPOsevnequcNDpVXn7ERKBsJy5ccRfUxGhx09Nwh9VT992UP+joCCAnuEY= X-Gm-Gg: ASbGncsszG+P45QbwTXgTDVOohz9JSco8AF1a1oVOC15ctJkUQZAeIInRF1a2zCSGHe 9HlPeuNI4DIYZv30N6LWTWwuipTJMvBB1dfIakzuQ/6JyG/M7ik2PDaHWJgEVaKqMSkUZgC3D/U 0AF8/83Rcjhz7lLXgpfaCLwVc2k+tAmG6tlRsbC2yF4MTLomJ9Zym8/HqGyMVdIMdbkS7DCzfZd uqMymA45zFIRHU5I0K2H5XN1JQMazbGPTxIIwFXO+MoxrPgJUzBBGbTDdywA90pQHEMaqj/XSGQ pGBwu1Ifc6yzSnsR5vByLq73fatCizDTTXQdO/V3Fc6138GP9jQrqyCJaMaKYI/dkJv0LdfHGkF hJeEKsxdYZQ== X-Google-Smtp-Source: AGHT+IFGu+CUEN1qoemhPKCDgcD+7vYuhQd9ZqubM3PANdukBMmqjEjASIlPyWveQPCJC2jpfG6k/A== X-Received: by 2002:a05:6122:1ace:b0:52a:93fc:e93d with SMTP id 71dfb90a1353d-52abf09f86amr645118e0c.5.1745869892886; Mon, 28 Apr 2025 12:51:32 -0700 (PDT) Received: from lvondent-mobl5.. (syn-050-089-067-214.res.spectrum.com. [50.89.67.214]) by smtp.gmail.com with ESMTPSA id 71dfb90a1353d-52a99279c2dsm1067669e0c.27.2025.04.28.12.51.30 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 28 Apr 2025 12:51:31 -0700 (PDT) From: Luiz Augusto von Dentz To: linux-bluetooth@vger.kernel.org Subject: [PATCH BlueZ v2 4/5] client/mgmt: Fix potentially overflowing call to snprintf Date: Mon, 28 Apr 2025 15:51:21 -0400 Message-ID: <20250428195122.2000808-4-luiz.dentz@gmail.com> X-Mailer: git-send-email 2.49.0 In-Reply-To: <20250428195122.2000808-1-luiz.dentz@gmail.com> References: <20250428195122.2000808-1-luiz.dentz@gmail.com> Precedence: bulk X-Mailing-List: linux-bluetooth@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 From: Luiz Augusto von Dentz The return value of a call to snprintf is the number of characters that would have been written to the buffer assuming there was sufficient space. In the event that the operation reaches the end of the buffer and more than one character is discarded, the return value will be greater than the buffer size. Fixes: https://github.com/bluez/bluez/issues/1216 Fixes: https://github.com/bluez/bluez/issues/1217 Fixes: https://github.com/bluez/bluez/issues/1218 Fixes: https://github.com/bluez/bluez/issues/1219 --- client/mgmt.c | 48 ++++++++++++++++++++++++++++++++++++++++-------- 1 file changed, 40 insertions(+), 8 deletions(-) diff --git a/client/mgmt.c b/client/mgmt.c index 86b5879db8b0..faa97a159e3c 100644 --- a/client/mgmt.c +++ b/client/mgmt.c @@ -316,9 +316,17 @@ static const char *options2str(uint32_t options) str[0] = '\0'; for (i = 0; i < NELEM(options_str); i++) { - if ((options & (1 << i)) != 0) - off += snprintf(str + off, sizeof(str) - off, "%s ", + if ((options & (1 << i)) != 0) { + int n = snprintf(str + off, sizeof(str) - off, "%s ", options_str[i]); + + if (n < 0 || n >= (int)(sizeof(str) - off)) { + str[off] = '\0'; + break; + } + + off += n; + } } return str; @@ -372,9 +380,17 @@ static const char *settings2str(uint32_t settings) str[0] = '\0'; for (i = 0; i < NELEM(settings_str); i++) { - if ((settings & (1 << i)) != 0) - off += snprintf(str + off, sizeof(str) - off, "%s ", + if ((settings & (1 << i)) != 0) { + int n = snprintf(str + off, sizeof(str) - off, "%s ", settings_str[i]); + + if (n < 0 || n >= (int)(sizeof(str) - off)) { + str[off] = '\0'; + break; + } + + off += n; + } } return str; @@ -4490,9 +4506,17 @@ static const char *adv_flags2str(uint32_t flags) str[0] = '\0'; for (i = 0; i < NELEM(adv_flags_str); i++) { - if ((flags & (1 << i)) != 0) - off += snprintf(str + off, sizeof(str) - off, "%s ", + if ((flags & (1 << i)) != 0) { + int n = snprintf(str + off, sizeof(str) - off, "%s ", adv_flags_str[i]); + + if (n < 0 || n >= (int)(sizeof(str) - off)) { + str[off] = '\0'; + break; + } + + off += n; + } } return str; @@ -5429,9 +5453,17 @@ static const char *phys2str(uint32_t phys) str[0] = '\0'; for (i = 0; i < NELEM(phys_str); i++) { - if ((phys & (1 << i)) != 0) - off += snprintf(str + off, sizeof(str) - off, "%s ", + if ((phys & (1 << i)) != 0) { + int n = snprintf(str + off, sizeof(str) - off, "%s ", phys_str[i]); + + if (n < 0 || n >= (int)(sizeof(str) - off)) { + str[off] = '\0'; + break; + } + + off += n; + } } return str; From patchwork Mon Apr 28 19:51:22 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Luiz Augusto von Dentz X-Patchwork-Id: 885544 Received: from mail-vk1-f181.google.com (mail-vk1-f181.google.com [209.85.221.181]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id A13102951DF for ; Mon, 28 Apr 2025 19:51:36 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.221.181 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1745869898; cv=none; b=DlmQ1P1vQBMSdMt5+97ZmdNPU4fLxhv1eoWc6tFnET5lE8kq3WuPRpX0WE0QnnBKMsExX5jU1fSHHqXQ5ftwEugiu1kdaBH3OTBBYVYs5V7rg0jsFPTeCxe9FWsauOw8g8+yRkdHyeu4TQZ2OOuoiBD21qYNBlb5UgU4a+iQNqo= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1745869898; c=relaxed/simple; bh=VGPDVXLYyZGw0bswnM3YvhKRJv+uPjNA+y0WcnAKPS4=; h=From:To:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=MME3cLsXO2r6sflXUViVnFBRddX3LFS28d7VFPkfdBNOgFO0oZFs1vTIOC396+6x/eUnhqX3CcYT8lEf4hNNy0FJeq1EbqAS8yfmXMeGnUmpEjjThTdBY1H9nNqGl1Asm1ZOd+HeDPDM7HdD1CboseD02mMetLdNWn56JgHsfu8= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com; spf=pass smtp.mailfrom=gmail.com; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b=H+26PNcb; arc=none smtp.client-ip=209.85.221.181 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="H+26PNcb" Received: by mail-vk1-f181.google.com with SMTP id 71dfb90a1353d-51eb1823a8eso2879105e0c.3 for ; Mon, 28 Apr 2025 12:51:36 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1745869895; x=1746474695; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=b9Ao0Hz/2YmXb4eX4MMkkt+UrMh9rLiTbSqgklBFTss=; b=H+26PNcb0hdw4W86wBd9rP57fSabl2cKpxS5QwxJYLqvldl6/gI7Rg/n4ojMdeFTv7 qQRL8fnOV/8FmBuJvANINogE0Ifz7/KpUF0dTy+pUIXsrK9jM//BYn6Bs1IUMAk44lEy SELYBTc8iiN8eJOvBWUugFhnio4/gBTkOT5OaceuMzHerXudN5C6TpdHtFS1vtaPF+iV A6WjBy2aE/GNS/sCKXhn4KwhwFQV5+QOqMgMFM9xc0c7i5LJ0DgevccaCLR05JNeel8z 6o+10o4C1re3ZUp1Qld1h6dWl9cplkoUx1eEG4KPyWsrCQ2CkaQiNuI3k9+JKhXF+32D o4Rw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1745869895; x=1746474695; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=b9Ao0Hz/2YmXb4eX4MMkkt+UrMh9rLiTbSqgklBFTss=; b=TvY4ZF7jn9pZwZWc9tzV6av4lCjG+X1L0ntNZeyqaw5vSL9ZsHqrl0FuoWg0TfPNvU F0bG08RXC1/wmXw0q55L/dteQjyDhBsoPB4gdq49jVfIO7nWXaCT3EZL98Attj4U2U1i rW6og3yIWlhI5q9ztVunjbVuPuhYMJlYYWnfhqgLH5VyRG9L8fvT3+/qP0T1nqMdEB/7 SPBigK7vxbjBeQ2F2IFjDIKYQ+ljm7klUCDAtW5hvk9TV+jpectI16h7k7c1LW3jDK1B nDLufH2uxynte8ZExy3v/Xpg1+CZQbg0yR7wP8VsPnL8i92L2wlr7xufnjNxhEZVHNAn mMfg== X-Gm-Message-State: AOJu0YwVrXRe0o3ijaFikETjMJ8MKBXkzVlK9tsvMMP4M751whBjkmQe v2ukm16MmaedGf2i5pkVtQHZ2zaDo4DvhzvzmGChQ+zrEICYCcwClHmap7znooY= X-Gm-Gg: ASbGncucya+ppFChdT4N458jTRt155CuepiXjHDoaGefKuFCTMXz7l3KVLk4OcV4x1i 8ItoE20+UdObx4oBaRAw29u+pzuIlw9SRVsnpcO0p96/dVAQZj+E0Nnyk+z69Yssh+nP1Wjhqjy pSGJ2NHGYmr73Ck91yWhh8O7bNI3lYTAs5Y4j7wdDXH18uu2+aI2oANdjHWGREtYf95ASHeVgN0 KR0v3Ivfq8lnLIypwnJLhBphR4z2iAs42UkLH29Ol2B9LbtPNRynkVhu0DzYI4uZ/LVQcvIAjtk zSJGq+uTDsb5xn0LX92wz2ysD+2LP2epKY0VcNf+hH7EgcxN8h90Px+fVwrzR75otu/O3PPY5x1 3L5myY7k/qw== X-Google-Smtp-Source: AGHT+IF6fMl4iDmqzSoracgWRuQt8mzzAvE/TU14ZuKId/HWs/vlizTVontEVOmMbF++BtOyP+Haiw== X-Received: by 2002:a05:6122:3c95:b0:52a:863f:4189 with SMTP id 71dfb90a1353d-52a97132b78mr6461683e0c.8.1745869894725; Mon, 28 Apr 2025 12:51:34 -0700 (PDT) Received: from lvondent-mobl5.. (syn-050-089-067-214.res.spectrum.com. [50.89.67.214]) by smtp.gmail.com with ESMTPSA id 71dfb90a1353d-52a99279c2dsm1067669e0c.27.2025.04.28.12.51.33 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 28 Apr 2025 12:51:33 -0700 (PDT) From: Luiz Augusto von Dentz To: linux-bluetooth@vger.kernel.org Subject: [PATCH BlueZ v2 5/5] shared/bap: Too few arguments to formatting function Date: Mon, 28 Apr 2025 15:51:22 -0400 Message-ID: <20250428195122.2000808-5-luiz.dentz@gmail.com> X-Mailer: git-send-email 2.49.0 In-Reply-To: <20250428195122.2000808-1-luiz.dentz@gmail.com> References: <20250428195122.2000808-1-luiz.dentz@gmail.com> Precedence: bulk X-Mailing-List: linux-bluetooth@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 From: Luiz Augusto von Dentz Each call to the printf function, or a related function, should include the number of arguments defined by the format. Passing the function more arguments than required is harmless (although it may be indicative of other defects). However, passing the function fewer arguments than are defined by the format can be a security vulnerability since the function will process the next item on the stack as the missing arguments. Fixes: https://github.com/bluez/bluez/issues/1221 Fixes: https://github.com/bluez/bluez/issues/1222 --- src/shared/bap.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/src/shared/bap.c b/src/shared/bap.c index 4c5b38b1e3d2..2a08f3eea7b8 100644 --- a/src/shared/bap.c +++ b/src/shared/bap.c @@ -1630,7 +1630,8 @@ static bool bap_send(struct bt_bap *bap, struct bt_bap_req *req) DBG(bap, "req %p len %u", req, iov.iov_len); if (req->stream && !queue_find(bap->streams, NULL, req->stream)) { - DBG(bap, "stream %p detached, aborting op 0x%02x", req->op); + DBG(bap, "stream %p detached, aborting op 0x%02x", req->stream, + req->op); return false; } @@ -3138,7 +3139,7 @@ static uint8_t ascs_qos(struct bt_ascs *ascs, struct bt_bap *bap, ep = bap_get_local_endpoint_id(bap, req->ase); if (!ep) { - DBG(bap, "%s: Invalid ASE ID 0x%02x", req->ase); + DBG(bap, "Invalid ASE ID 0x%02x", req->ase); ascs_ase_rsp_add(rsp, req->ase, BT_ASCS_RSP_INVALID_ASE, BT_ASCS_REASON_NONE); return 0;