| 53347040 |
tools/btproxy: Fix buffer overflow with unix socket
btproyx with a unix socket has the similar problem as btmon as below.
So this patch fixes btproxy by the similar way as btmon.
*** strcpy_chk: buffer overflow detected ***: program terminated
at 0x4C3085C: ??? (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
by 0x4C34E46: __strcpy_chk (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
by 0x401B74: strcpy (string3.h:110)
by 0x401B74: open_unix (btproxy.c:625)
by 0x401B74: main (btproxy.c:901) |
ERAMOTO Masaya |
8 years ago |
1 file, +17, -3 |
| 9e997ed2 |
monitor: Fix buffer overflow with unix socket
If btmon uses a unix socket, which has a long pathname, then the
buffer overflow occurs as below:
*** strcpy_chk: buffer overflow detected ***: program terminated
at 0x4C3085C: ??? (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
by 0x4C34E46: __strcpy_chk (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
by 0x4084FE: strcpy (string3.h:110)
by 0x4084FE: control_server (control.c:1148)
by 0x4029E9: main (main.c:144)
This patch also gives an error and stops running when parsing command-line
arguments if the unix socket pathname is too long. And this patch adds the
redundant check in control_server() to prevent the regression when reusing
in the future. |
ERAMOTO Masaya |
8 years ago |
2 files, +14, -1 |
| 42a83dbb |
gatt: Fix sending indications with proxy
When using AcquireNotify with indication, the proxy needs to be filled in
send_notification_to_devices so as to get indication confirmation in
applciation. |
Yunhan Wang |
8 years ago |
1 file, +1, -1 |
| af025403 |
core: Remove const char * const
This type of construct usually makes no difference in practice as it is
very rare that a static table would be changed. |
Luiz Augusto von Dentz |
8 years ago |
1 file, +5, -5 |
| 5d0fadf0 |
gatt: Fix not sending indications properly
When using AcquireNotify with notifications the code would assume that
notification would always be used instead of checking if indications are
supported. |
Luiz Augusto von Dentz |
8 years ago |
1 file, +2, -1 |
| 47410af5 |
gatt: Fix not replying to Write request
When using AcquireWrite the first write would not call
gatt_db_attribute_write_result so no reply would be generated. |
Luiz Augusto von Dentz |
8 years ago |
1 file, +2, -0 |
| efe53dc4 |
plugins/sixaxis: Remove LEDs handling
It's done in the kernel since 2014 in linux kernel commit
8025087acf9d2b941bae93b3e0967560e7e03e87 |
Bastien Nocera |
8 years ago |
1 file, +5, -290 |
| 41d75201 |
doc: fix typos
s/parser/parsed
s/prevously/previously |
Tomasz Duszynski |
8 years ago |
1 file, +2, -2 |
| 725d47ba |
build: use abspath for lib/bluetooth
When building from out of tree, and the top build dir was specified as
an absolute path, the linked headers in ${builddir}/lib/bluetooth were
broken. This patch fixes it by relying on make's abspath macro as
opposed to the path concatenation. |
Yunhan Wang |
8 years ago |
1 file, +1, -1 |
| aa330525 |
client: Use new parse_argument() instead of parse_argument_XX() |
ERAMOTO Masaya |
8 years ago |
1 file, +23, -70 |
| ad65aeff |
client: Use existing function for parsing argument |
ERAMOTO Masaya |
8 years ago |
1 file, +3, -13 |
| fb0ccc96 |
client: Prevent to pass invalid ad type to D-Bus |
ERAMOTO Masaya |
8 years ago |
1 file, +1, -1 |
| 15225b1e |
client: Fix core dump when using set-advertise-name
If repeating to set on/off with set-advertise-name after setting local
name, and then may dump core by double free. This patch uses g_free()
instead of free(). |
ERAMOTO Masaya |
8 years ago |
1 file, +5, -3 |
| 115fd968 |
client: Fix memory leak of advertise command
Since advertise command does not free the variable ad.type when repeating
to enable and disable advertising, the following memory leak occurs.
11 bytes in 1 blocks are definitely lost in loss record 20 of 190
at 0x4C2DB8F: malloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
by 0x4E89718: g_malloc (in /lib/x86_64-linux-gnu/libglib-2.0.so.0.4800.2)
by 0x4EA24EE: g_strdup (in /lib/x86_64-linux-gnu/libglib-2.0.so.0.4800.2)
by 0x40EBC8: ad_register (advertising.c:343)
by 0x40A666: cmd_advertise (main.c:2344)
by 0x40ABA3: rl_handler (main.c:2664)
by 0x53C16F4: rl_callback_read_char (in /lib/x86_64-linux-gnu/libreadline.so.6.3)
by 0x405AFC: input_handler (main.c:110)
by 0x4E84049: g_main_context_dispatch (in /lib/x86_64-linux-gnu/libglib-2.0.so.0.4800.2)
by 0x4E843EF: ??? (in /lib/x86_64-linux-gnu/libglib-2.0.so.0.4800.2)
by 0x4E84711: g_main_loop_run (in /lib/x86_64-linux-gnu/libglib-2.0.so.0.4800.2)
by 0x4055FE: main (main.c:2865) |
ERAMOTO Masaya |
8 years ago |
1 file, +4, -0 |
| 7beae0fd |
client: Remove const char * const
This type of construct usually makes no difference in practice as it is
very rare that a static table would be changed. |
Luiz Augusto von Dentz |
8 years ago |
1 file, +3, -3 |
| 8090f7a6 |
gatt: Update signature of AcquireWrite and AcquireNotify
It should now contain an argument for the options even though there
are not options defined for clients. |
Luiz Augusto von Dentz |
8 years ago |
3 files, +40, -7 |
| 0f3e8102 |
client: Implement AcquireNotify for server
This enables IO via file descriptors using AcquireNotify if server
implements it. |
Luiz Augusto von Dentz |
8 years ago |
1 file, +66, -3 |
| 88dfe179 |
gatt: Implement AcquireNotify for server
This enables IO via file descriptors using AcquireWrite if server
implements it. |
Luiz Augusto von Dentz |
8 years ago |
1 file, +111, -5 |
| 29a8563c |
client: Implement AcquireWrite for server
This enables IO via file descriptors using AcquireWrite if server
implements it. |
Luiz Augusto von Dentz |
8 years ago |
1 file, +158, -8 |
| 08db57d9 |
gatt: Implement AcquireWrite for server
This enables IO via file descriptors using AcquireWrite if server
implements it. |
Luiz Augusto von Dentz |
8 years ago |
1 file, +142, -0 |
| d890b7c7 |
shared/gatt-db: Add gatt_db_attribute_get_user_data
This adds gatt_db_attribute_get_user_data which can be used to retrieve
the user_data given at registration. |
Luiz Augusto von Dentz |
8 years ago |
1 file, +8, -0 |
| 71159ad3 |
shared/gatt-server: Add bt_gatt_server_get_mtu
This adds bt_gatt_server_get_mtu which can be used to read the current
MTU. |
Luiz Augusto von Dentz |
8 years ago |
3 files, +11, -0 |
| ebd800f2 |
doc/gatt-api: Add server support for AcquireWrite and AcquireNotify
This enables servers to use the same mechanism to use packet based IO
using file descriptors bypassing D-Bus.
Note that the application is free to choose any type of medium that can
use file descriptors, thus this is not limited to pipe2 although that is
probably recommended due its simplicity. |
Luiz Augusto von Dentz |
8 years ago |
1 file, +29, -7 |
| 99e8efca |
client: Rework variables for AcquireWrite/AcquireNotify
This creates a struct with necessary fields which is easier to reset. |
Luiz Augusto von Dentz |
8 years ago |
1 file, +39, -41 |
| f5b9244e |
gatt: Remove useless debug |
Luiz Augusto von Dentz |
8 years ago |
1 file, +1, -1 |
| 91321097 |
tools: Only add unique entries to readline history
Don't add duplicate commands to history this is similar to what
HISTCONTROL=ignoredups does. |
Luiz Augusto von Dentz |
8 years ago |
5 files, +11, -5 |
| 686dc41f |
client: Fix indent |
ERAMOTO Masaya |
8 years ago |
1 file, +1, -1 |
| 067c2e79 |
client: Fix completion for list/pair command
The unexpected generator is used if the input string forward matches
with the unexpected command string which a generator for completion
is registered on. Thus,
- since 496b6abf743440e937222c62768e0a3b31f47f02, list command
generates the unneeded argument, which is device id like that
list-attributes command generates.
- since b0fe6045b7d9cfdd02a5e419fc9658a0ffa84619, pair command
generates the invalid argument, which is on/off like that
pairable command generates.
This patch use the exact matching command. |
ERAMOTO Masaya |
8 years ago |
1 file, +4, -2 |
| 2765dd32 |
monitor: Add support for decoding Intel buadrate command |
Marcel Holtmann |
8 years ago |
1 file, +62, -1 |
| 98ef9522 |
adapter: Refactor code around discovery
Make it reuse more code by having helpers to stop, remove and free
clients. |
Luiz Augusto von Dentz |
8 years ago |
1 file, +74, -105 |
| e2137682 |
adapter: Fix not waiting for stop discovery result
We should not reply until the stop discovery completes otherwise
clients may attempt to start the discovery before it even has stopped.
On top of this it will now block clients so they so not be able to
queue more requests. |
Luiz Augusto von Dentz |
8 years ago |
1 file, +113, -101 |
| 3597d137 |
adapter: Fix not waiting for start discovery result
We should not reply until the start discovery completes otherwise
clients may attempt to stop the discovery before it even has started.
On top of this it will now block clients so they so not be able to
queue more requests. |
Luiz Augusto von Dentz |
8 years ago |
1 file, +64, -8 |
| 8168ab64 |
mesh: Use PRIx64 for printing uint64_t variables |
Marcel Holtmann |
8 years ago |
1 file, +2, -1 |
| 251ef215 |
core: Fix potential segfault with passive_scanning_timeout
Segfault of bluetoothd may occur when register passive_scanning_timeout()
and then detach the bluetooth dongle. This patch removes the event for
just in case when detaching it. |
ERAMOTO Masaya |
8 years ago |
1 file, +5, -0 |
| 7802b78a |
core: Fix segfault when detaching adapter
When set PairableTimeout to non-zero and run bluetoothd, and then
repeat attaching and detaching a bluetooth dongle, bluetoothd
frequently do segfault as below:
==6583== Process terminating with default action of signal 11 (SIGSEGV)
==6583== Bad permissions for mapped region at address 0x4D3AC0
==6583== at 0x4DBE27: mgmt_send (mgmt.c:592)
==6583== by 0x48FFC2: set_mode (adapter.c:601)
==6583== by 0x490471: pairable_timeout_handler (adapter.c:649)
==6583== by 0x50CDAB2: ??? (in /lib/x86_64-linux-gnu/libglib-2.0.so.0.4800.2)
==6583== by 0x50CD049: g_main_context_dispatch (in /lib/x86_64-linux-gnu/libglib-2.0.so.0.4800.2)
==6583== by 0x50CD3EF: ??? (in /lib/x86_64-linux-gnu/libglib-2.0.so.0.4800.2)
==6583== by 0x50CD711: g_main_loop_run (in /lib/x86_64-linux-gnu/libglib-2.0.so.0.4800.2)
==6583== by 0x40CD28: main (main.c:781)
At another time, syslog and objdump of bluetoothd outputted below:
Sep 14 13:43:46 fushimi bluetoothd[14192]: src/adapter.c:adapter_free() 0x2374350
Sep 14 13:44:08 fushimi bluetoothd[14192]: src/adapter.c:set_mode() sending set mode command for index 32749
Sep 14 13:44:09 fushimi bluetoothd[14192]: src/adapter.c:set_mode() sending set mode command for index 0
Sep 14 13:44:09 fushimi kernel: [18030.384367] bluetoothd[14192]: segfault at c0 ip 00000000004dbe31 sp 00007fff19f2ca40 error 4 in bluetoothd[400000+147000]
if (mgmt->next_request_id < 1)
4dbe31: 8b 43 40 mov 0x40(%rbx),%eax
4dbe34: 48 83 05 9c 75 2f 00 addq $0x1,0x2f759c(%rip) # 7d33d8 <__gcov0.mgmt_send+0x18> |
ERAMOTO Masaya |
8 years ago |
1 file, +7, -1 |
| d139fd86 |
Release 5.47 |
Marcel Holtmann |
8 years ago |
2 files, +12, -1 |
| 4c476ceb |
a2dp: Remove unnecessary if statement |
Luiz Augusto von Dentz |
8 years ago |
1 file, +0, -1 |
| 2954f707 |
build: Don't install btconfig utility just yet |
Marcel Holtmann |
8 years ago |
1 file, +2, -2 |
| 5dfcfc4d |
build: Update library version |
Marcel Holtmann |
8 years ago |
1 file, +1, -1 |
| a5ceed91 |
client: Fix default_ctrl change when new adapter is found
Since 4e111f3448a126786f3620be1b5ce969456edc65, when another adapter is
found, the default adapter would be changed, which is not expected.
Default adapter can only be changed by select command. |
ERAMOTO Masaya |
8 years ago |
1 file, +27, -4 |
| b7742ccc |
test/example-advertisement: add LocalName to properties
Since local name in advertisement is useful for telling the difference
between devices expose LocalName via properties. |
Tomasz Duszynski |
8 years ago |
1 file, +9, -0 |
| 2b3be1c2 |
Rename sample JSON Databases |
Brian Gix |
8 years ago |
2 files, +4, -4 |
| 125a2e23 |
a2dp: Fix possible crash when accepting stream transport
During the course of bt_io_accept the setup can be freed causing the
callback to be called which can lead to the following crash:
bluetoothd[853]: profiles/audio/a2dp.c:setup_unref() 0x8183c1c0: ref=0
bluetoothd[853]: profiles/audio/a2dp.c:setup_free() 0x8183c1c0
...
bluetoothd[853]: HUP or ERR on socket: Connection reset by peer (104)
bluetoothd[853]: profiles/audio/a2dp.c:setup_unref() 0x8183c1c0: ref=-80438434
bluetoothd[853]: profiles/audio/a2dp.c:setup_free() 0x8183c1c0
0 0x80106888 in stream_free ()
1 0xb7621d49 in g_slist_foreach () from /usr/lib/libglib-2.0.so.0
2 0xb7621d92 in g_slist_free_full () from /usr/lib/libglib-2.0.so.0
3 0x80107d09 in avdtp_unref ()
4 0x8010273b in setup_unref ()
5 0x80104c54 in transport_cb ()
6 0x80136a9c in accept_cb () |
Luiz Augusto von Dentz |
8 years ago |
1 file, +22, -0 |
| a446569b |
mesh: Add 'security' command
This adds 'security' command which can be used to display and change
the provision security level:
[meshctl]# security
Provision Security Level set to 1 (medium)
[meshctl]# security 2
Provision Security Level set to 2 (high)
Note: This doesn't change the default which is still medium. |
Luiz Augusto von Dentz |
8 years ago |
3 files, +58, -3 |
| 9e009647 |
sdp: Fix Out-of-bounds heap read in service_search_attr_req function
Check if there is enough data to continue otherwise return an error. |
Luiz Augusto von Dentz |
8 years ago |
1 file, +1, -1 |
| 660081ce |
mesh: Use correct length for config server response
Also check if the length is nonzero before sending response |
Inga Stotland |
8 years ago |
1 file, +11, -9 |
| 9c2c9d3c |
mesh: Add characteristic property name check
If PropertyChanged signal is not emitted due to a change in
characteristic's "Value" property, the characteristic does
not need to be processed. |
Inga Stotland |
8 years ago |
1 file, +3, -2 |
| ed63d7e5 |
gatt: Fix not calling gatt_db_attribute_write_result
In case an error happens in send_write it should call
gatt_db_attribute_write_result not gatt_db_attribute_read_result as it
is a read operation. |
Luiz Augusto von Dentz |
8 years ago |
1 file, +2, -4 |
| 161691ae |
build: Cleanup GATT profiles
Alert, cyclingspeed, heartrate and proximity can all be implemented
using the GATT D-Bus API so they no longer need dedicated APIs. |
Luiz Augusto von Dentz |
8 years ago |
22 files, +4, -3086 |
| a75b37a4 |
mesh: Typo fix |
Ćukasz Rymanowski |
8 years ago |
1 file, +1, -1 |