gatt-server : Check the validation of app before sending notification

[Model] All
[BinType] AP
[Customer] OPEN

[Issue#] N/A
[Request] Internal
[Occurrence Version] N/A

[Problem] bluez got crash
[Cause & Measure] If gatt server app is terminated abnormally
 while sending notification, bluetoothd access to invalid proxy of chrc.
 So we need to check the object path of notification characteristic
 path : /com/4260/service1/characteristic2
[Checking Method] GATT notification

[Team] Basic Connection
[Developer] Injun Yang
[Solution company] Samsung
[Change Type] Specification change

Change-Id: I85f0643d8e033935308ed5ae1ef93274f95385d7

diff --git a/src/adapter.c b/src/adapter.c
index ae4d2f8..3c13dcf 100644 (file)
--- a/src/adapter.c
+++ b/src/adapter.c
@@ -4088,8 +4088,6 @@ static DBusMessage *adapter_set_advertising(DBusConnection *conn,
        dbus_bool_t enable = FALSE;
        dbus_int32_t slot_id;
 
-       DBG("adapter_set_advertising");
-
        if (!(adapter->current_settings & MGMT_SETTING_POWERED))
                return btd_error_not_ready(msg);
 
@@ -4098,6 +4096,8 @@ static DBusMessage *adapter_set_advertising(DBusConnection *conn,
                                                DBUS_TYPE_INVALID))
                return btd_error_invalid_args(msg);
 
+       DBG("%s advertising slot_id %d", enable ? "Enable" : "Disable", slot_id);
+
        if (adapter_le_is_supported_multi_advertising() && slot_id > 0)
                err = adapter_le_enable_multi_adv(adapter, enable, slot_id);
        else

diff --git a/src/gatt-database.c b/src/gatt-database.c
index adb4b15..216e643 100644 (file)
--- a/src/gatt-database.c
+++ b/src/gatt-database.c
@@ -1133,8 +1133,11 @@ static void conf_cb(void *user_data)
                if (g_dbus_proxy_method_call(confirm->proxy, "IndicateConfirm",
                                                        indicate_confirm_setup_cb,
                                                        indicate_confirm_reply_cb, confirm->device,
-                                                       NULL) == TRUE)
+                                                       NULL) == TRUE) {
+                       g_dbus_proxy_unref(confirm->proxy);
                        return;
+               }
+               g_dbus_proxy_unref(confirm->proxy);
        }
 #endif
 }
@@ -1162,7 +1165,7 @@ static void send_notification_indication_to_device(void *data, void *user_data)
                return;
 
        confirm = new0(struct notify_indicate_cb, 1);
-       confirm->proxy = notify_indicate->proxy;
+       confirm->proxy = g_dbus_proxy_ref(notify_indicate->proxy);
        confirm->device = device;
        /*
         * TODO: If the device is not connected but bonded, send the