[PATCH BlueZ v1 1/1] mgmt: Fix crash after pair command

Vinit Mehta <vinit.mehta@xxxxxxx> · Thu, 14 Dec 2023 16:33:38 +0530

After pair command, if the user doesn't provide any input on bluetoothctl
CLI interface after receiving the prompt(yes/no) below crash is observed:

dbus[782]: arguments to dbus_message_get_no_reply() were incorrect,
assertion "message != NULL" failed in file
/usr/src/debug/dbus/1.14.10-r0/dbus/dbus-message.c line 3250.
This is normally a bug in some application using the D-Bus library.
/usr/lib/libc.so.6(+0x27534) [0xffffa1b67534]
/usr/lib/libc.so.6(__libc_start_main+0x9c) [0xffffa1b6760c]
bluetoothctl(+0x188f0) [0xaaaac9c088f0]
Aborted (core dumped)
---
 client/mgmt.c | 23 +++++++++++++++++++++--
 1 file changed, 21 insertions(+), 2 deletions(-)

diff --git a/client/mgmt.c b/client/mgmt.c
index c056d018a..940e25f3c 100644
--- a/client/mgmt.c
+++ b/client/mgmt.c
@@ -54,6 +54,7 @@ static uint16_t mgmt_index = MGMT_INDEX_NONE;
 
 static bool discovery = false;
 static bool resolve_names = true;
+static const char *dummy_input = "N";
 
 static struct {
 	uint16_t index;
@@ -849,10 +850,28 @@ static void prompt_input(const char *input, void *user_data)
 								&prompt.addr);
 		break;
 	case MGMT_EV_USER_CONFIRM_REQUEST:
-		if (input[0] == 'y' || input[0] == 'Y')
-			mgmt_confirm_reply(prompt.index, &prompt.addr);
+		if(len)
+		{
+			if (input[0] == 'y' || input[0] == 'Y')
+				mgmt_confirm_reply(prompt.index, &prompt.addr);
+			else
+				mgmt_confirm_neg_reply(prompt.index, &prompt.addr);
+		}
 		else
+		{
+			/* After pair command, if the user doesn't provide any input on
+			 * bluetoothctl CLI interface after receiving the prompt(yes/no),
+			 * than subsequent CLI command will trigger a call to DBUS
+			 * library function (dbus_message_get_no_reply) with a NULL
+			 * message pointer which triggers assertion in DBUS library
+			 * causing the bluetoothctl process to crash. The change below
+			 * will ensure in case if no input is given by the user, a
+			 * conditional check is added to handle this scenario and a
+			 * default character ('N') will be passed so as to avoid the
+			 * assertion.*/
+			input = dummy_input;
 			mgmt_confirm_neg_reply(prompt.index, &prompt.addr);
+		}
 		break;
 	}
 }
-- 
2.42.0.windows.2








