From patchwork Fri May 22 20:57:54 2020
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Brian Gix <brian.gix@intel.com>
X-Patchwork-Id: 11566179
Return-Path: <SRS0=Rzh7=7E=vger.kernel.org=linux-bluetooth-owner@kernel.org>
Received: from mail.kernel.org (pdx-korg-mail-1.web.codeaurora.org
 [172.30.200.123])
	by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id DE164912
	for <patchwork-linux-bluetooth@patchwork.kernel.org>;
 Fri, 22 May 2020 20:57:59 +0000 (UTC)
Received: from vger.kernel.org (vger.kernel.org [23.128.96.18])
	by mail.kernel.org (Postfix) with ESMTP id CFCAD20723
	for <patchwork-linux-bluetooth@patchwork.kernel.org>;
 Fri, 22 May 2020 20:57:59 +0000 (UTC)
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1731056AbgEVU57 (ORCPT
        <rfc822;patchwork-linux-bluetooth@patchwork.kernel.org>);
        Fri, 22 May 2020 16:57:59 -0400
Received: from mga02.intel.com ([134.134.136.20]:25387 "EHLO mga02.intel.com"
        rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP
        id S1731026AbgEVU56 (ORCPT <rfc822;linux-bluetooth@vger.kernel.org>);
        Fri, 22 May 2020 16:57:58 -0400
IronPort-SDR: 
 UcW6mIf23CkYJ425yhDTgxL1yvKy9R0V/g4GZ8wQMxdVyq3BoTYsac8oPzf83JCKmpyuOjagF2
 TEzAcRVICJKg==
X-Amp-Result: SKIPPED(no attachment in message)
X-Amp-File-Uploaded: False
Received: from fmsmga007.fm.intel.com ([10.253.24.52])
  by orsmga101.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384;
 22 May 2020 13:57:58 -0700
IronPort-SDR: 
 q46fR3eVkKr4A82IvG7hHkSPu2McU7r/Dxhone8C8O3F18ypViIq5zXySjsTUsBpLxQkTbEvTT
 kF20gzUHdC5g==
X-ExtLoop1: 1
X-IronPort-AV: E=Sophos;i="5.73,423,1583222400";
   d="scan'208";a="254369943"
Received: from bgi1-mobl2.amr.corp.intel.com ([10.254.68.94])
  by fmsmga007.fm.intel.com with ESMTP; 22 May 2020 13:57:58 -0700
From: Brian Gix <brian.gix@intel.com>
To: linux-bluetooth@vger.kernel.org
Cc: inga.stotland@intel.com, brian.gix@intel.com
Subject: [PATCH BlueZ 1/3] mesh: Fix using uninitialized bytes
Date: Fri, 22 May 2020 13:57:54 -0700
Message-Id: <20200522205756.230907-2-brian.gix@intel.com>
X-Mailer: git-send-email 2.25.4
In-Reply-To: <20200522205756.230907-1-brian.gix@intel.com>
References: <20200522205756.230907-1-brian.gix@intel.com>
MIME-Version: 1.0
Sender: linux-bluetooth-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-bluetooth.vger.kernel.org>
X-Mailing-List: linux-bluetooth@vger.kernel.org

Fixes two problems found with static analysis
---
 mesh/crypto.c | 1 +
 mesh/node.c   | 2 ++
 2 files changed, 3 insertions(+)

diff --git a/mesh/crypto.c b/mesh/crypto.c
index 99536594b..70b96c51b 100644
--- a/mesh/crypto.c
+++ b/mesh/crypto.c
@@ -553,6 +553,7 @@ bool mesh_crypto_packet_build(bool ctl, uint8_t ttl,
 	if (seq > SEQ_MASK)
 		return false;
 
+	packet[0] = 0;
 	l_put_be32(seq, packet + 1);
 	packet[1] = (ctl ? CTL : 0) | (ttl & TTL_MASK);
 
diff --git a/mesh/node.c b/mesh/node.c
index dd28dfd77..49ba7c885 100644
--- a/mesh/node.c
+++ b/mesh/node.c
@@ -1596,6 +1596,8 @@ static void get_managed_objects_cb(struct l_dbus_message *msg, void *user_data)
 		/* Generate device and primary network keys */
 		l_getrandom(dev_key, sizeof(dev_key));
 		l_getrandom(net_key.old_key, sizeof(net_key.old_key));
+		memcpy(net_key.new_key, net_key.old_key,
+						sizeof(net_key.old_key));
 		net_key.net_idx = PRIMARY_NET_IDX;
 		net_key.phase = KEY_REFRESH_PHASE_NONE;
 

From patchwork Fri May 22 20:57:55 2020
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Brian Gix <brian.gix@intel.com>
X-Patchwork-Id: 11566181
Return-Path: <SRS0=Rzh7=7E=vger.kernel.org=linux-bluetooth-owner@kernel.org>
Received: from mail.kernel.org (pdx-korg-mail-1.web.codeaurora.org
 [172.30.200.123])
	by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 224C11668
	for <patchwork-linux-bluetooth@patchwork.kernel.org>;
 Fri, 22 May 2020 20:58:00 +0000 (UTC)
Received: from vger.kernel.org (vger.kernel.org [23.128.96.18])
	by mail.kernel.org (Postfix) with ESMTP id 1380920723
	for <patchwork-linux-bluetooth@patchwork.kernel.org>;
 Fri, 22 May 2020 20:58:00 +0000 (UTC)
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1731062AbgEVU57 (ORCPT
        <rfc822;patchwork-linux-bluetooth@patchwork.kernel.org>);
        Fri, 22 May 2020 16:57:59 -0400
Received: from mga02.intel.com ([134.134.136.20]:25387 "EHLO mga02.intel.com"
        rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP
        id S1731015AbgEVU57 (ORCPT <rfc822;linux-bluetooth@vger.kernel.org>);
        Fri, 22 May 2020 16:57:59 -0400
IronPort-SDR: 
 BTq8dzRDZg9PEJedpcGDAOPlKhlNNf62vL4nD87j/6hrB6cx3GUOcGo6GO4bhm+rFun2ZWec8a
 CnxsXSOeVW1Q==
X-Amp-Result: SKIPPED(no attachment in message)
X-Amp-File-Uploaded: False
Received: from fmsmga007.fm.intel.com ([10.253.24.52])
  by orsmga101.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384;
 22 May 2020 13:57:58 -0700
IronPort-SDR: 
 uVAu2vziPvfS1adOqfjhlM9XM1QcuDKGLBNVgkYMZ1v/7/r7uFmw7iWMJCtLh/u9oFXmtzAWkC
 FUeQIoPZca0Q==
X-ExtLoop1: 1
X-IronPort-AV: E=Sophos;i="5.73,423,1583222400";
   d="scan'208";a="254369946"
Received: from bgi1-mobl2.amr.corp.intel.com ([10.254.68.94])
  by fmsmga007.fm.intel.com with ESMTP; 22 May 2020 13:57:58 -0700
From: Brian Gix <brian.gix@intel.com>
To: linux-bluetooth@vger.kernel.org
Cc: inga.stotland@intel.com, brian.gix@intel.com
Subject: [PATCH BlueZ 2/3] mesh: Fix leaked mesh_net allocation
Date: Fri, 22 May 2020 13:57:55 -0700
Message-Id: <20200522205756.230907-3-brian.gix@intel.com>
X-Mailer: git-send-email 2.25.4
In-Reply-To: <20200522205756.230907-1-brian.gix@intel.com>
References: <20200522205756.230907-1-brian.gix@intel.com>
MIME-Version: 1.0
Sender: linux-bluetooth-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-bluetooth.vger.kernel.org>
X-Mailing-List: linux-bluetooth@vger.kernel.org

---
 mesh/node.c | 2 --
 1 file changed, 2 deletions(-)

diff --git a/mesh/node.c b/mesh/node.c
index 49ba7c885..db888d27c 100644
--- a/mesh/node.c
+++ b/mesh/node.c
@@ -1313,8 +1313,6 @@ static bool add_local_node(struct mesh_node *node, uint16_t unicast, bool kr,
 				bool ivu, uint32_t iv_idx, uint8_t dev_key[16],
 				uint16_t net_key_idx, uint8_t net_key[16])
 {
-	node->net = mesh_net_new(node);
-
 	if (!nodes)
 		nodes = l_queue_new();
 

From patchwork Fri May 22 20:57:56 2020
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Brian Gix <brian.gix@intel.com>
X-Patchwork-Id: 11566183
Return-Path: <SRS0=Rzh7=7E=vger.kernel.org=linux-bluetooth-owner@kernel.org>
Received: from mail.kernel.org (pdx-korg-mail-1.web.codeaurora.org
 [172.30.200.123])
	by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 095BB912
	for <patchwork-linux-bluetooth@patchwork.kernel.org>;
 Fri, 22 May 2020 20:58:01 +0000 (UTC)
Received: from vger.kernel.org (vger.kernel.org [23.128.96.18])
	by mail.kernel.org (Postfix) with ESMTP id F00BF20723
	for <patchwork-linux-bluetooth@patchwork.kernel.org>;
 Fri, 22 May 2020 20:58:00 +0000 (UTC)
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1731054AbgEVU6A (ORCPT
        <rfc822;patchwork-linux-bluetooth@patchwork.kernel.org>);
        Fri, 22 May 2020 16:58:00 -0400
Received: from mga02.intel.com ([134.134.136.20]:25387 "EHLO mga02.intel.com"
        rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP
        id S1731026AbgEVU57 (ORCPT <rfc822;linux-bluetooth@vger.kernel.org>);
        Fri, 22 May 2020 16:57:59 -0400
IronPort-SDR: 
 o6BpXFifhJRA/nE/kDn2fLNN72YqVyDX6EgpYI8RIcdHoaqU5hkLvQv2CbXpD29F+gq2GSbDDD
 2VBr2akRkbhA==
X-Amp-Result: SKIPPED(no attachment in message)
X-Amp-File-Uploaded: False
Received: from fmsmga007.fm.intel.com ([10.253.24.52])
  by orsmga101.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384;
 22 May 2020 13:57:58 -0700
IronPort-SDR: 
 jYY4v45wpOLyr0DwHm2WA/4hXKk1kjQYJeUv4Br/rAJ7vKrjcLnPPkJ2OkSI6DtvH7E+HT87Ro
 9RDatejGPBUQ==
X-ExtLoop1: 1
X-IronPort-AV: E=Sophos;i="5.73,423,1583222400";
   d="scan'208";a="254369949"
Received: from bgi1-mobl2.amr.corp.intel.com ([10.254.68.94])
  by fmsmga007.fm.intel.com with ESMTP; 22 May 2020 13:57:58 -0700
From: Brian Gix <brian.gix@intel.com>
To: linux-bluetooth@vger.kernel.org
Cc: inga.stotland@intel.com, brian.gix@intel.com
Subject: [PATCH BlueZ 3/3] mesh: Fix leaked message reference
Date: Fri, 22 May 2020 13:57:56 -0700
Message-Id: <20200522205756.230907-4-brian.gix@intel.com>
X-Mailer: git-send-email 2.25.4
In-Reply-To: <20200522205756.230907-1-brian.gix@intel.com>
References: <20200522205756.230907-1-brian.gix@intel.com>
MIME-Version: 1.0
Sender: linux-bluetooth-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-bluetooth.vger.kernel.org>
X-Mailing-List: linux-bluetooth@vger.kernel.org

---
 mesh/manager.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/mesh/manager.c b/mesh/manager.c
index 0242bb9e9..a7383e4d5 100644
--- a/mesh/manager.c
+++ b/mesh/manager.c
@@ -228,6 +228,7 @@ static void add_start(void *user_data, int err)
 				"Failed to start provisioning initiator");
 
 	l_dbus_send(dbus_get_bus(), reply);
+	l_dbus_message_unref(add_pending->msg);
 
 	add_pending->msg = NULL;
 }
@@ -264,7 +265,6 @@ static struct l_dbus_message *add_node_call(struct l_dbus *dbus,
 	/* Invoke Prov Initiator */
 
 	add_pending = l_new(struct add_data, 1);
-	add_pending->msg = l_dbus_message_ref(msg);
 	memcpy(add_pending->uuid, uuid, 16);
 	add_pending->node = node;
 	add_pending->agent = node_get_agent(node);
@@ -277,6 +277,7 @@ static struct l_dbus_message *add_node_call(struct l_dbus *dbus,
 		goto fail;
 	}
 
+	add_pending->msg = l_dbus_message_ref(msg);
 	initiator_start(PB_ADV, uuid, 99, 60, add_pending->agent, add_start,
 				add_data_get, add_cmplt, node, add_pending);