From patchwork Sat May 7 17:07:00 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ildar Kamaletdinov X-Patchwork-Id: 12842099 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 756EBC433F5 for ; Sat, 7 May 2022 17:07:29 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1446707AbiEGRLI (ORCPT ); Sat, 7 May 2022 13:11:08 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:33572 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1446714AbiEGRLC (ORCPT ); Sat, 7 May 2022 13:11:02 -0400 Received: from mxout04.lancloud.ru (mxout04.lancloud.ru [45.84.86.114]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 762D33BBDF for ; Sat, 7 May 2022 10:07:12 -0700 (PDT) Received: from LanCloud DKIM-Filter: OpenDKIM Filter v2.11.0 mxout04.lancloud.ru EDD12209D24F Received: from LanCloud Received: from LanCloud Received: from LanCloud From: Ildar Kamaletdinov To: CC: Ildar Kamaletdinov Subject: [PATCH BlueZ 1/4] tools: Fix memory leak in hciconfig Date: Sat, 7 May 2022 20:07:00 +0300 Message-ID: <20220507170703.29902-2-i.kamaletdinov@omp.ru> X-Mailer: git-send-email 2.35.3 In-Reply-To: <20220507170703.29902-1-i.kamaletdinov@omp.ru> References: <20220507170703.29902-1-i.kamaletdinov@omp.ru> MIME-Version: 1.0 X-Originating-IP: [192.168.11.198] X-ClientProxiedBy: LFEXT02.lancloud.ru (fd00:f066::142) To LFEX1910.lancloud.ru (fd00:f066::80) Precedence: bulk List-ID: X-Mailing-List: linux-bluetooth@vger.kernel.org printf() was using function that return dynamic allocated memory as a parameter. Found by Linux Verification Center (linuxtesting.org) with the SVACE static analysis tool. --- tools/hciconfig.c | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/tools/hciconfig.c b/tools/hciconfig.c index e4d521583..e1b73f22a 100644 --- a/tools/hciconfig.c +++ b/tools/hciconfig.c @@ -80,7 +80,11 @@ static void print_pkt_type(struct hci_dev_info *di) static void print_link_policy(struct hci_dev_info *di) { - printf("\tLink policy: %s\n", hci_lptostr(di->link_policy)); + char *str; + + str = hci_lptostr(di->link_policy); + printf("\tLink policy: %s\n", str); + bt_free(str); } static void print_link_mode(struct hci_dev_info *di) From patchwork Sat May 7 17:07:01 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ildar Kamaletdinov X-Patchwork-Id: 12842100 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 8AE37C4332F for ; Sat, 7 May 2022 17:07:29 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1352057AbiEGRLL (ORCPT ); Sat, 7 May 2022 13:11:11 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:60880 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1446666AbiEGRLC (ORCPT ); Sat, 7 May 2022 13:11:02 -0400 Received: from mxout02.lancloud.ru (mxout02.lancloud.ru [45.84.86.82]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 694A03B555 for ; Sat, 7 May 2022 10:07:12 -0700 (PDT) Received: from LanCloud DKIM-Filter: OpenDKIM Filter v2.11.0 mxout02.lancloud.ru 331BB2225710 Received: from LanCloud Received: from LanCloud Received: from LanCloud From: Ildar Kamaletdinov To: CC: Ildar Kamaletdinov Subject: [PATCH BlueZ 2/4] tools: Fix memory leaks in btgatt-server/client Date: Sat, 7 May 2022 20:07:01 +0300 Message-ID: <20220507170703.29902-3-i.kamaletdinov@omp.ru> X-Mailer: git-send-email 2.35.3 In-Reply-To: <20220507170703.29902-1-i.kamaletdinov@omp.ru> References: <20220507170703.29902-1-i.kamaletdinov@omp.ru> MIME-Version: 1.0 X-Originating-IP: [192.168.11.198] X-ClientProxiedBy: LFEXT02.lancloud.ru (fd00:f066::142) To LFEX1910.lancloud.ru (fd00:f066::80) Precedence: bulk List-ID: X-Mailing-List: linux-bluetooth@vger.kernel.org According to man buffer allocated by getline() should be freed by the user program even if getline() failed. Found by Linux Verification Center (linuxtesting.org) with the SVACE static analysis tool. --- tools/btgatt-client.c | 6 +++++- tools/btgatt-server.c | 5 ++++- 2 files changed, 9 insertions(+), 2 deletions(-) diff --git a/tools/btgatt-client.c b/tools/btgatt-client.c index 8c9365aa2..58a03bd48 100644 --- a/tools/btgatt-client.c +++ b/tools/btgatt-client.c @@ -1355,12 +1355,16 @@ static void prompt_read_cb(int fd, uint32_t events, void *user_data) return; } - if ((read = getline(&line, &len, stdin)) == -1) + read = getline(&line, &len, stdin); + if (read < 0) { + free(line); return; + } if (read <= 1) { cmd_help(cli, NULL); print_prompt(); + free(line); return; } diff --git a/tools/btgatt-server.c b/tools/btgatt-server.c index 4a5d2b720..90a6c9b0a 100644 --- a/tools/btgatt-server.c +++ b/tools/btgatt-server.c @@ -1080,12 +1080,15 @@ static void prompt_read_cb(int fd, uint32_t events, void *user_data) } read = getline(&line, &len, stdin); - if (read < 0) + if (read < 0) { + free(line); return; + } if (read <= 1) { cmd_help(server, NULL); print_prompt(); + free(line); return; } From patchwork Sat May 7 17:07:02 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ildar Kamaletdinov X-Patchwork-Id: 12842098 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 01880C433EF for ; Sat, 7 May 2022 17:07:29 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1446638AbiEGRLO (ORCPT ); Sat, 7 May 2022 13:11:14 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:33772 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1386522AbiEGRLC (ORCPT ); Sat, 7 May 2022 13:11:02 -0400 Received: from mxout01.lancloud.ru (mxout01.lancloud.ru [45.84.86.81]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 693DC3B3F8 for ; Sat, 7 May 2022 10:07:12 -0700 (PDT) Received: from LanCloud DKIM-Filter: OpenDKIM Filter v2.11.0 mxout01.lancloud.ru 73A6720D605A Received: from LanCloud Received: from LanCloud Received: from LanCloud From: Ildar Kamaletdinov To: CC: Ildar Kamaletdinov Subject: [PATCH BlueZ 3/4] tools: Fix handle leak in rfcomm Date: Sat, 7 May 2022 20:07:02 +0300 Message-ID: <20220507170703.29902-4-i.kamaletdinov@omp.ru> X-Mailer: git-send-email 2.35.3 In-Reply-To: <20220507170703.29902-1-i.kamaletdinov@omp.ru> References: <20220507170703.29902-1-i.kamaletdinov@omp.ru> MIME-Version: 1.0 X-Originating-IP: [192.168.11.198] X-ClientProxiedBy: LFEXT02.lancloud.ru (fd00:f066::142) To LFEX1910.lancloud.ru (fd00:f066::80) Precedence: bulk List-ID: X-Mailing-List: linux-bluetooth@vger.kernel.org Some branches of execution can make handle (socket) leakage. Found by Linux Verification Center (linuxtesting.org) with the SVACE static analysis tool. --- tools/rfcomm.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/tools/rfcomm.c b/tools/rfcomm.c index cd520aa44..e013ff588 100644 --- a/tools/rfcomm.c +++ b/tools/rfcomm.c @@ -298,6 +298,7 @@ static void cmd_connect(int ctl, int dev, bdaddr_t *bdaddr, int argc, char **arg if (setsockopt(sk, SOL_SOCKET, SO_LINGER, &l, sizeof(l)) < 0) { perror("Can't set linger option"); + close(sk); return; } } @@ -466,6 +467,7 @@ static void cmd_listen(int ctl, int dev, bdaddr_t *bdaddr, int argc, char **argv if (getsockname(nsk, (struct sockaddr *)&laddr, &alen) < 0) { perror("Can't get RFCOMM socket name"); close(nsk); + close(sk); return; } @@ -475,6 +477,7 @@ static void cmd_listen(int ctl, int dev, bdaddr_t *bdaddr, int argc, char **argv if (setsockopt(nsk, SOL_SOCKET, SO_LINGER, &l, sizeof(l)) < 0) { perror("Can't set linger option"); close(nsk); + close(sk); return; } } @@ -490,6 +493,7 @@ static void cmd_listen(int ctl, int dev, bdaddr_t *bdaddr, int argc, char **argv dev = ioctl(nsk, RFCOMMCREATEDEV, &req); if (dev < 0) { perror("Can't create RFCOMM TTY"); + close(nsk); close(sk); return; } From patchwork Sat May 7 17:07:03 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ildar Kamaletdinov X-Patchwork-Id: 12842102 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id CD858C43219 for ; Sat, 7 May 2022 17:07:31 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S243622AbiEGRLQ (ORCPT ); Sat, 7 May 2022 13:11:16 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:33562 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1355155AbiEGRLC (ORCPT ); Sat, 7 May 2022 13:11:02 -0400 Received: from mxout04.lancloud.ru (mxout04.lancloud.ru [45.84.86.114]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 761243BA78 for ; Sat, 7 May 2022 10:07:12 -0700 (PDT) Received: from LanCloud DKIM-Filter: OpenDKIM Filter v2.11.0 mxout04.lancloud.ru AAD40209D3CE Received: from LanCloud Received: from LanCloud Received: from LanCloud From: Ildar Kamaletdinov To: CC: Ildar Kamaletdinov Subject: [PATCH BlueZ 4/4] device: Fix uninitialized value usage Date: Sat, 7 May 2022 20:07:03 +0300 Message-ID: <20220507170703.29902-5-i.kamaletdinov@omp.ru> X-Mailer: git-send-email 2.35.3 In-Reply-To: <20220507170703.29902-1-i.kamaletdinov@omp.ru> References: <20220507170703.29902-1-i.kamaletdinov@omp.ru> MIME-Version: 1.0 X-Originating-IP: [192.168.11.198] X-ClientProxiedBy: LFEXT02.lancloud.ru (fd00:f066::142) To LFEX1910.lancloud.ru (fd00:f066::80) Precedence: bulk List-ID: X-Mailing-List: linux-bluetooth@vger.kernel.org Definitely `dbus_bool_t b;` must be initialized before comparing it with current value. Found by Linux Verification Center (linuxtesting.org) with the SVACE static analysis tool. --- src/device.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/src/device.c b/src/device.c index 6da5c380b..7114e1b3e 100644 --- a/src/device.c +++ b/src/device.c @@ -1568,6 +1568,8 @@ static void dev_property_set_wake_allowed(const GDBusPropertyTable *property, return; } + dbus_message_iter_get_basic(value, &b); + /* Emit busy or success depending on current value. */ if (b == device->pending_wake_allowed) { if (device->wake_allowed == device->pending_wake_allowed) @@ -1580,7 +1582,6 @@ static void dev_property_set_wake_allowed(const GDBusPropertyTable *property, return; } - dbus_message_iter_get_basic(value, &b); device_set_wake_override(device, b); device_set_wake_allowed(device, b, id); }