Re: [PATCH] obexd: Fix null pointer dereference.

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hi Matias,

On Thu, Jun 22, 2017, Matias Karhumaa wrote:
> > >> It seems to me that the bug is with opp.c passing the service_data to
> > >> manager_request_authorization(), and service_data is expected to be the
> > >> obex_transfer object. However, currently the code creates this object
> > >> only upon CONNECT (in opp_connect).
> > >>
> > >> I think one possible way to solve this would be to trigger a call to
> > >> os->service->connect if CONNECT hasn't been explicitly issued, however
> > >> then the code needs to track this in some other way since service_data
> > >> seems too unreliable.
> > 
> > How about the following:
> > 
> > https://gist.github.com/Vudentz/1736d6af9608b9332b93858d92a3feff
> 
> Your fix seems solid to me and fixes the crash with OPP. I checked ftp.c
> also and saw potentially similar problem in ftp_chkput. Should we call
> os->service->connect also in case of OBEX_FTP?

OPP is the only service where the specification allows skipping the
connect step. This is why os->service gets pre-initialized to OPP (in
the obex_session_start function). Also, if the OPP plugin isn't
available os->service will be NULL before CONNECT, and that's something
the code already seems to check for (e.g. in cmd_put). So unless I've
misunderstood something, you shouldn't be able get to a situation where
os->service points at FTP but CONNECT hasn't been issued.

Johan
--
To unsubscribe from this list: send the line "unsubscribe linux-bluetooth" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html



[Index of Archives]     [Bluez Devel]     [Linux Wireless Networking]     [Linux Wireless Personal Area Networking]     [Linux ATH6KL]     [Linux USB Devel]     [Linux Media Drivers]     [Linux Audio Users]     [Linux Kernel]     [Linux SCSI]     [Big List of Linux Books]

  Powered by Linux