diff options
author | Luiz Augusto von Dentz <luiz.von.dentz@intel.com> | 2021-10-22 13:10:09 -0700 |
---|---|---|
committer | Luiz Augusto von Dentz <luiz.von.dentz@intel.com> | 2021-10-22 13:10:09 -0700 |
commit | 8b6b9b775615d533383894fce2e6a94927c9df28 (patch) | |
tree | 0ed6588bb1e2799948610f47cb190030485a4175 /src/adapter.c | |
parent | 329b910babccebb2bc5db5592dd652695aba72fa (diff) | |
download | bluez-8b6b9b775615d533383894fce2e6a94927c9df28.tar.gz |
adapter: Fix storing IRK causing invalid read
When storing an IRK the storage file may not have been created yet
since that uses the device address which is likely changed to the
identity address causing the following trace:
Invalid read of size 8
at 0x196452: store_irk.constprop.0 (adapter.c:8679)
by 0x198C92: new_irk_callback (adapter.c:8737)
by 0x1CF6DC: queue_foreach (queue.c:207)
by 0x1D1394: process_notify (mgmt.c:308)
by 0x1D1394: can_read_data (mgmt.c:374)
by 0x1E0634: watch_callback (io-glib.c:157)
by 0x4954A9E: g_main_context_dispatch (in /usr/lib64/libglib-2.0.so.0.6600.8)
by 0x49A6A97: ??? (in /usr/lib64/libglib-2.0.so.0.6600.8)
by 0x4954162: g_main_loop_run (in /usr/lib64/libglib-2.0.so.0.6600.8)
by 0x1E0CD4: mainloop_run (mainloop-glib.c:66)
by 0x1E10B1: mainloop_run_with_signal (mainloop-notify.c:188)
by 0x12E3FC: main (main.c:1210)
Address 0x6534418 is 8 bytes inside a block of size 16 free'd
Diffstat (limited to 'src/adapter.c')
-rw-r--r-- | src/adapter.c | 6 |
1 files changed, 4 insertions, 2 deletions
diff --git a/src/adapter.c b/src/adapter.c index 54b6322cc..d0d38621b 100644 --- a/src/adapter.c +++ b/src/adapter.c @@ -8660,11 +8660,15 @@ static void store_irk(struct btd_adapter *adapter, const bdaddr_t *peer, snprintf(filename, PATH_MAX, STORAGEDIR "/%s/%s/info", btd_adapter_get_storage_dir(adapter), device_addr); + create_file(filename, 0600); + key_file = g_key_file_new(); if (!g_key_file_load_from_file(key_file, filename, 0, &gerr)) { error("Unable to load key file from %s: (%s)", filename, gerr->message); g_error_free(gerr); + g_key_file_free(key_file); + return; } for (i = 0; i < 16; i++) @@ -8672,8 +8676,6 @@ static void store_irk(struct btd_adapter *adapter, const bdaddr_t *peer, g_key_file_set_string(key_file, "IdentityResolvingKey", "Key", str); - create_file(filename, 0600); - store_data = g_key_file_to_data(key_file, &length, NULL); if (!g_file_set_contents(filename, store_data, length, &gerr)) { error("Unable set contents for %s: (%s)", filename, |