| Message ID | 20200507214537.4504-1-lukasz.rymanowski@codecoup.pl (mailing list archive) |
|---|---|
| State | New, archived |
| Headers | show |
| Series | [BlueZ] client: Fix possible stack corruption | expand |
Hi Łukasz, On Thursday, 7 May 2020 23:45:37 CEST Łukasz Rymanowski wrote: > DBUS_TYPE_BOOLEAN is 'int', which does not have to be the same size as > 'bool'. > On architecture where bool is smaller than in, getting prepare-authorize > will corrupt the stack > --- > client/gatt.c | 9 ++++++--- > 1 file changed, 6 insertions(+), 3 deletions(-) > > diff --git a/client/gatt.c b/client/gatt.c > index 416eda953..9d35b54fa 100644 > --- a/client/gatt.c > +++ b/client/gatt.c > @@ -1860,9 +1860,12 @@ static int parse_options(DBusMessageIter *iter, > uint16_t *offset, uint16_t *mtu, } else if (strcasecmp(key, > "prepare-authorize") == 0) { > if (var != DBUS_TYPE_BOOLEAN) > return -EINVAL; > - if (prep_authorize) > - dbus_message_iter_get_basic(&value, > - prep_authorize); > + if (prep_authorize) { > + int tmp; > + > + dbus_message_iter_get_basic(&value, &tmp); > + *prep_authorize = !!tmp; > + } > } > > dbus_message_iter_next(&dict); Applied, thanks.
diff --git a/client/gatt.c b/client/gatt.c index 416eda953..9d35b54fa 100644 --- a/client/gatt.c +++ b/client/gatt.c @@ -1860,9 +1860,12 @@ static int parse_options(DBusMessageIter *iter, uint16_t *offset, uint16_t *mtu, } else if (strcasecmp(key, "prepare-authorize") == 0) { if (var != DBUS_TYPE_BOOLEAN) return -EINVAL; - if (prep_authorize) - dbus_message_iter_get_basic(&value, - prep_authorize); + if (prep_authorize) { + int tmp; + + dbus_message_iter_get_basic(&value, &tmp); + *prep_authorize = !!tmp; + } } dbus_message_iter_next(&dict);