From: Abhishek Chandra <abhishek.ch@samsung.com>
Date: Thu, 21 Sep 2017 05:21:15 +0000 (+0530)
Subject: NULL assertion in g_ascii_strcasecmp
X-Git-Tag: submit/tizen/20171010.004335~4
X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=dce0f2e980f02e536cca4ef8585eb7fd6d849e83;p=platform%2Fcore%2Fapi%2Fbluetooth.git

NULL assertion in g_ascii_strcasecmp

[Problem]Seeker remote address is resetted to
NULL if GATT connect is failed ,which causes
seeker object to remain in the Seeker list and
can never be destroyed as remote address is null .
Next time ,while finding seeker .
g_ascii_strcasecmp is called with NULL remote address,
causing it to assert.

[Causes & Measure] Removed remote address setting
to NULL and guarded code in case of NULL being
passed to strcmp.

[Checking Method] UT

Change-Id: I2f3702d4067c88fb1c36307642dd4dd1d0e40dbc
Signed-off-by: Abhishek Chandra <abhishek.ch@samsung.com>
---

diff --git a/src/bluetooth-gatt.c b/src/bluetooth-gatt.c
index 04d508e..b05bf20 100644
--- a/src/bluetooth-gatt.c
+++ b/src/bluetooth-gatt.c
@@ -80,7 +80,11 @@ static int __get_gatt_handle_by_uuid(GSList *list, const char *uuid,
 		bt_gatt_common_s *common = (bt_gatt_common_s *)l->data;
 
 		uuid128_b = _bt_convert_uuid_to_uuid128(common->uuid);
-		if (g_ascii_strcasecmp(uuid128_a, uuid128_b) == 0) {
+
+		if (uuid128_b == NULL) {
+			BT_ERR("__get_gatt_handle_by_uuid Error Parameter are NULL..\n");
+			continue;
+		} else if (g_ascii_strcasecmp(uuid128_a, uuid128_b) == 0) {
 			g_free(uuid128_b);
 			break;
 		}
@@ -2773,7 +2777,10 @@ int bt_gatt_client_create(const char *remote_address, bt_gatt_client_h *client)
 	for (l = gatt_client_list; l; l = g_slist_next(l)) {
 		bt_gatt_client_s *c = (bt_gatt_client_s *)l->data;
 
-		if (!g_ascii_strcasecmp(c->remote_address, remote_address)) {
+		if ((c == NULL) || (c->remote_address == NULL)) {
+			BT_ERR("bt_gatt_client_create Error Parameter are NULL..\n");
+			continue;
+		} else if (!g_ascii_strcasecmp(c->remote_address, remote_address)) {
 			BT_ERR("Gatt client for %s is already created",
 					remote_address);
 			return BT_ERROR_ALREADY_DONE;
@@ -3134,7 +3141,11 @@ static void __value_changed_cb(char *char_path,
 		svc = (bt_gatt_service_s *)l->data;
 		for (ll = svc->characteristics; ll; ll = g_slist_next(ll)) {
 			chr = (bt_gatt_characteristic_s *)ll->data;
-			if (g_ascii_strcasecmp(chr->path, char_path) == 0) {
+
+			if ((chr == NULL) || (chr->path == NULL)) {
+				BT_ERR("__value_changed_cb Error Parameter are NULL..\n");
+				continue;
+			} else if (g_ascii_strcasecmp(chr->path, char_path) == 0) {
 				if (chr->value_changed_cb)
 					chr->value_changed_cb(chr, value,
 						value_length,
diff --git a/src/bluetooth-otp.c b/src/bluetooth-otp.c
index 7a5328a..4fa02f0 100644
--- a/src/bluetooth-otp.c
+++ b/src/bluetooth-otp.c
@@ -350,9 +350,12 @@ static bt_otp_client_s *_bt_otp_client_find(const char *remote_address)
 
 	for (l = otp_client_list; l; l = g_slist_next(l)) {
 		info = l->data;
-
-		if (info && !g_ascii_strcasecmp(info->remote_address, remote_address))
+		if ((info == NULL) || (info->remote_address == NULL)) {
+			BT_ERR("_bt_otp_client_find Error Parameter are NULL..\n");
+			continue;
+		} else if (info && !g_ascii_strcasecmp(info->remote_address, remote_address)) {
 			return info;
+		}
 	}
 	return NULL;
 }
@@ -807,7 +810,10 @@ int bt_otp_client_create(const char *remote_address, bt_otp_client_h *otp_client
 	for (l = otp_client_list; l; l = g_slist_next(l)) {
 		info = l->data;
 
-		if (info && !g_ascii_strcasecmp(info->remote_address, remote_address)) {
+		if ((info == NULL) || (info->remote_address == NULL)) {
+			BT_ERR("bt_otp_client_create Error Parameter are NULL..\n");
+			continue;
+		} else if (info && !g_ascii_strcasecmp(info->remote_address, remote_address)) {
 			BT_ERR("OTP Client for Remote device [%s] is already created",
 					remote_address);
 			*otp_client = (bt_otp_client_h)info;
diff --git a/src/bluetooth-proximity.c b/src/bluetooth-proximity.c
index 799337d..6ca3990 100644
--- a/src/bluetooth-proximity.c
+++ b/src/bluetooth-proximity.c
@@ -160,8 +160,12 @@ static bt_proximity_monitor_s *_bt_proximity_monitor_find(const char *remote_add
 	for (l = proximity_monitor_list; l; l = g_slist_next(l)) {
 		bt_proximity_monitor_s *c = (bt_proximity_monitor_s *)l->data;
 
-		if (!g_ascii_strcasecmp(c->remote_address, remote_address))
+		if ((c == NULL) || (c->remote_address == NULL)) {
+			BT_ERR("_bt_proximity_monitor_find Error Parameter are NULL..\n");
+			continue;
+		} else if (!g_ascii_strcasecmp(c->remote_address, remote_address)) {
 			return c;
+		}
 	}
 	return NULL;
 }
@@ -220,7 +224,10 @@ int bt_proximity_monitor_create(const char *remote_address, bt_proximity_monitor
 	for (l = proximity_monitor_list; l; l = g_slist_next(l)) {
 		bt_proximity_monitor_s *c = (bt_proximity_monitor_s *)l->data;
 
-		if (!g_ascii_strcasecmp(c->remote_address, remote_address)) {
+		if ((c == NULL) || (c->remote_address == NULL)) {
+			BT_ERR("bt_proximity_monitor_create Error Parameter are NULL..\n");
+			continue;
+		} else if (!g_ascii_strcasecmp(c->remote_address, remote_address)) {
 			BT_ERR("Gatt client for %s is already created",
 					remote_address);
 			return BT_ERROR_ALREADY_DONE;
diff --git a/src/bluetooth-tds.c b/src/bluetooth-tds.c
index 5bade3c..63ff05f 100644
--- a/src/bluetooth-tds.c
+++ b/src/bluetooth-tds.c
@@ -346,8 +346,12 @@ static bt_tds_seeker_s *_bt_tds_seeker_find(const char *remote_address)
 
 	for (l = tds_seeker_list; l; l = g_slist_next(l)) {
 
-		if (!g_ascii_strcasecmp(((bt_tds_seeker_s *)l->data)->remote_address, remote_address))
+		if ((l == NULL) || (l->data == NULL) || (((bt_tds_seeker_s *)l->data)->remote_address == NULL)) {
+			BT_ERR("_bt_tds_seeker_find Error Parameter are NULL..\n");
+			continue;
+		} else if (!g_ascii_strcasecmp(((bt_tds_seeker_s *)l->data)->remote_address, remote_address)) {
 			return ((bt_tds_seeker_s *)l->data);
+		}
 	}
 	return NULL;
 }
@@ -641,8 +645,6 @@ int _bt_tds_parse_transport_blocks(bt_tds_transport_block_list_s **info,
 
 static void __bt_tds_reset_seeker_data(bt_tds_seeker_s *seeker)
 {
-	g_free((seeker)->remote_address);
-	(seeker)->remote_address = NULL;
 
 	g_free((seeker)->tds_control_point);
 	(seeker)->tds_control_point = NULL;
@@ -1040,7 +1042,10 @@ int bt_tds_seeker_create(const char *remote_address, bt_tds_seeker_h *seeker)
 	for (l = tds_seeker_list; l; l = g_slist_next(l)) {
 		bt_tds_seeker_s *c = (bt_tds_seeker_s *)l->data;
 
-		if (!g_ascii_strcasecmp(c->remote_address, remote_address)) {
+		if ((c == NULL) || ((c->remote_address == NULL))) {
+			BT_ERR("bt_tds_seeker_create Error Parameter are NULL..\n");
+			continue;
+		} else if (!g_ascii_strcasecmp(c->remote_address, remote_address)) {
 			BT_ERR("TDS Seeker for Remote Provider [%s] is already created",
 					remote_address);
 			*seeker = (bt_tds_seeker_h)c;