diff options
author | Ćukasz Rymanowski <lukasz.rymanowski@codecoup.pl> | 2020-05-07 23:45:37 +0200 |
---|---|---|
committer | Szymon Janc <szymon.janc@codecoup.pl> | 2020-05-11 15:26:55 +0200 |
commit | 1c2271575d955193ca2d77acdad0546c1106c9da (patch) | |
tree | 6955be8fbc8a843216d3679656ade216968526a8 /client/gatt.c | |
parent | 82b2d4cf5e677ba823865d698d0ace7907bb21e0 (diff) | |
download | bluez-1c2271575d955193ca2d77acdad0546c1106c9da.tar.gz |
client: Fix possible stack corruption
DBUS_TYPE_BOOLEAN is 'int', which does not have to be the same size as
'bool'.
On architecture where bool is smaller than in, getting prepare-authorize
will corrupt the stack
Diffstat (limited to 'client/gatt.c')
-rw-r--r-- | client/gatt.c | 9 |
1 files changed, 6 insertions, 3 deletions
diff --git a/client/gatt.c b/client/gatt.c index 416eda953..9d35b54fa 100644 --- a/client/gatt.c +++ b/client/gatt.c @@ -1860,9 +1860,12 @@ static int parse_options(DBusMessageIter *iter, uint16_t *offset, uint16_t *mtu, } else if (strcasecmp(key, "prepare-authorize") == 0) { if (var != DBUS_TYPE_BOOLEAN) return -EINVAL; - if (prep_authorize) - dbus_message_iter_get_basic(&value, - prep_authorize); + if (prep_authorize) { + int tmp; + + dbus_message_iter_get_basic(&value, &tmp); + *prep_authorize = !!tmp; + } } dbus_message_iter_next(&dict); |