| Commit message (Collapse) | Author | Age | Files | Lines |
... | |
|
|
|
|
| |
Apply the similar change as 5c35029fad ("tools/btmgmt: Remove 'btmgmt'
from help output") to stop-find usage.
|
|
|
|
|
| |
So can continue to run btmgmt even if using 'stop-find --help' in the
interactive mode.
|
|
|
|
| |
The decision whether to segment or not didn't consider the size of the MIC
|
|
|
|
|
| |
When discovering the SDP records the code should attempt to use
16 bit format whenever possible.
|
|
|
|
|
|
|
|
|
|
|
|
| |
btproyx with a unix socket has the similar problem as btmon as below.
So this patch fixes btproxy by the similar way as btmon.
*** strcpy_chk: buffer overflow detected ***: program terminated
at 0x4C3085C: ??? (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
by 0x4C34E46: __strcpy_chk (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
by 0x401B74: strcpy (string3.h:110)
by 0x401B74: open_unix (btproxy.c:625)
by 0x401B74: main (btproxy.c:901)
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
If btmon uses a unix socket, which has a long pathname, then the
buffer overflow occurs as below:
*** strcpy_chk: buffer overflow detected ***: program terminated
at 0x4C3085C: ??? (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
by 0x4C34E46: __strcpy_chk (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
by 0x4084FE: strcpy (string3.h:110)
by 0x4084FE: control_server (control.c:1148)
by 0x4029E9: main (main.c:144)
This patch also gives an error and stops running when parsing command-line
arguments if the unix socket pathname is too long. And this patch adds the
redundant check in control_server() to prevent the regression when reusing
in the future.
|
|
|
|
|
|
| |
When using AcquireNotify with indication, the proxy needs to be filled in
send_notification_to_devices so as to get indication confirmation in
applciation.
|
|
|
|
|
| |
This type of construct usually makes no difference in practice as it is
very rare that a static table would be changed.
|
|
|
|
|
|
| |
When using AcquireNotify with notifications the code would assume that
notification would always be used instead of checking if indications are
supported.
|
|
|
|
|
| |
When using AcquireWrite the first write would not call
gatt_db_attribute_write_result so no reply would be generated.
|
|
|
|
|
| |
It's done in the kernel since 2014 in linux kernel commit
8025087acf9d2b941bae93b3e0967560e7e03e87
|
|
|
|
|
| |
s/parser/parsed
s/prevously/previously
|
|
|
|
|
|
|
| |
When building from out of tree, and the top build dir was specified as
an absolute path, the linked headers in ${builddir}/lib/bluetooth were
broken. This patch fixes it by relying on make's abspath macro as
opposed to the path concatenation.
|
| |
|
| |
|
| |
|
|
|
|
|
|
| |
If repeating to set on/off with set-advertise-name after setting local
name, and then may dump core by double free. This patch uses g_free()
instead of free().
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Since advertise command does not free the variable ad.type when repeating
to enable and disable advertising, the following memory leak occurs.
11 bytes in 1 blocks are definitely lost in loss record 20 of 190
at 0x4C2DB8F: malloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
by 0x4E89718: g_malloc (in /lib/x86_64-linux-gnu/libglib-2.0.so.0.4800.2)
by 0x4EA24EE: g_strdup (in /lib/x86_64-linux-gnu/libglib-2.0.so.0.4800.2)
by 0x40EBC8: ad_register (advertising.c:343)
by 0x40A666: cmd_advertise (main.c:2344)
by 0x40ABA3: rl_handler (main.c:2664)
by 0x53C16F4: rl_callback_read_char (in /lib/x86_64-linux-gnu/libreadline.so.6.3)
by 0x405AFC: input_handler (main.c:110)
by 0x4E84049: g_main_context_dispatch (in /lib/x86_64-linux-gnu/libglib-2.0.so.0.4800.2)
by 0x4E843EF: ??? (in /lib/x86_64-linux-gnu/libglib-2.0.so.0.4800.2)
by 0x4E84711: g_main_loop_run (in /lib/x86_64-linux-gnu/libglib-2.0.so.0.4800.2)
by 0x4055FE: main (main.c:2865)
|
|
|
|
|
| |
This type of construct usually makes no difference in practice as it is
very rare that a static table would be changed.
|
|
|
|
|
| |
It should now contain an argument for the options even though there
are not options defined for clients.
|
|
|
|
|
| |
This enables IO via file descriptors using AcquireNotify if server
implements it.
|
|
|
|
|
| |
This enables IO via file descriptors using AcquireWrite if server
implements it.
|
|
|
|
|
| |
This enables IO via file descriptors using AcquireWrite if server
implements it.
|
|
|
|
|
| |
This enables IO via file descriptors using AcquireWrite if server
implements it.
|
|
|
|
|
| |
This adds gatt_db_attribute_get_user_data which can be used to retrieve
the user_data given at registration.
|
|
|
|
|
| |
This adds bt_gatt_server_get_mtu which can be used to read the current
MTU.
|
|
|
|
|
|
|
|
|
| |
This enables servers to use the same mechanism to use packet based IO
using file descriptors bypassing D-Bus.
Note that the application is free to choose any type of medium that can
use file descriptors, thus this is not limited to pipe2 although that is
probably recommended due its simplicity.
|
|
|
|
| |
This creates a struct with necessary fields which is easier to reset.
|
| |
|
|
|
|
|
| |
Don't add duplicate commands to history this is similar to what
HISTCONTROL=ignoredups does.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The unexpected generator is used if the input string forward matches
with the unexpected command string which a generator for completion
is registered on. Thus,
- since 496b6abf743440e937222c62768e0a3b31f47f02, list command
generates the unneeded argument, which is device id like that
list-attributes command generates.
- since b0fe6045b7d9cfdd02a5e419fc9658a0ffa84619, pair command
generates the invalid argument, which is on/off like that
pairable command generates.
This patch use the exact matching command.
|
| |
|
|
|
|
|
| |
Make it reuse more code by having helpers to stop, remove and free
clients.
|
|
|
|
|
|
|
|
| |
We should not reply until the stop discovery completes otherwise
clients may attempt to start the discovery before it even has stopped.
On top of this it will now block clients so they so not be able to
queue more requests.
|
|
|
|
|
|
|
|
| |
We should not reply until the start discovery completes otherwise
clients may attempt to stop the discovery before it even has started.
On top of this it will now block clients so they so not be able to
queue more requests.
|
| |
|
|
|
|
|
|
| |
Segfault of bluetoothd may occur when register passive_scanning_timeout()
and then detach the bluetooth dongle. This patch removes the event for
just in case when detaching it.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
When set PairableTimeout to non-zero and run bluetoothd, and then
repeat attaching and detaching a bluetooth dongle, bluetoothd
frequently do segfault as below:
==6583== Process terminating with default action of signal 11 (SIGSEGV)
==6583== Bad permissions for mapped region at address 0x4D3AC0
==6583== at 0x4DBE27: mgmt_send (mgmt.c:592)
==6583== by 0x48FFC2: set_mode (adapter.c:601)
==6583== by 0x490471: pairable_timeout_handler (adapter.c:649)
==6583== by 0x50CDAB2: ??? (in /lib/x86_64-linux-gnu/libglib-2.0.so.0.4800.2)
==6583== by 0x50CD049: g_main_context_dispatch (in /lib/x86_64-linux-gnu/libglib-2.0.so.0.4800.2)
==6583== by 0x50CD3EF: ??? (in /lib/x86_64-linux-gnu/libglib-2.0.so.0.4800.2)
==6583== by 0x50CD711: g_main_loop_run (in /lib/x86_64-linux-gnu/libglib-2.0.so.0.4800.2)
==6583== by 0x40CD28: main (main.c:781)
At another time, syslog and objdump of bluetoothd outputted below:
Sep 14 13:43:46 fushimi bluetoothd[14192]: src/adapter.c:adapter_free() 0x2374350
Sep 14 13:44:08 fushimi bluetoothd[14192]: src/adapter.c:set_mode() sending set mode command for index 32749
Sep 14 13:44:09 fushimi bluetoothd[14192]: src/adapter.c:set_mode() sending set mode command for index 0
Sep 14 13:44:09 fushimi kernel: [18030.384367] bluetoothd[14192]: segfault at c0 ip 00000000004dbe31 sp 00007fff19f2ca40 error 4 in bluetoothd[400000+147000]
if (mgmt->next_request_id < 1)
4dbe31: 8b 43 40 mov 0x40(%rbx),%eax
4dbe34: 48 83 05 9c 75 2f 00 addq $0x1,0x2f759c(%rip) # 7d33d8 <__gcov0.mgmt_send+0x18>
|
| |
|
| |
|
| |
|
| |
|
|
|
|
|
|
| |
Since 4e111f3448a126786f3620be1b5ce969456edc65, when another adapter is
found, the default adapter would be changed, which is not expected.
Default adapter can only be changed by select command.
|
|
|
|
|
| |
Since local name in advertisement is useful for telling the difference
between devices expose LocalName via properties.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
During the course of bt_io_accept the setup can be freed causing the
callback to be called which can lead to the following crash:
bluetoothd[853]: profiles/audio/a2dp.c:setup_unref() 0x8183c1c0: ref=0
bluetoothd[853]: profiles/audio/a2dp.c:setup_free() 0x8183c1c0
...
bluetoothd[853]: HUP or ERR on socket: Connection reset by peer (104)
bluetoothd[853]: profiles/audio/a2dp.c:setup_unref() 0x8183c1c0: ref=-80438434
bluetoothd[853]: profiles/audio/a2dp.c:setup_free() 0x8183c1c0
0 0x80106888 in stream_free ()
1 0xb7621d49 in g_slist_foreach () from /usr/lib/libglib-2.0.so.0
2 0xb7621d92 in g_slist_free_full () from /usr/lib/libglib-2.0.so.0
3 0x80107d09 in avdtp_unref ()
4 0x8010273b in setup_unref ()
5 0x80104c54 in transport_cb ()
6 0x80136a9c in accept_cb ()
|
|
|
|
|
|
|
|
|
|
|
|
| |
This adds 'security' command which can be used to display and change
the provision security level:
[meshctl]# security
Provision Security Level set to 1 (medium)
[meshctl]# security 2
Provision Security Level set to 2 (high)
Note: This doesn't change the default which is still medium.
|
|
|
|
| |
Check if there is enough data to continue otherwise return an error.
|
|
|
|
| |
Also check if the length is nonzero before sending response
|