Gopal Tiwari [Tue, 31 May 2022 07:41:16 +0000 (13:11 +0530)]
meshctl: Fix possible use_after_free
Reported by coverity tool as follows :
bluez-5.64/tools/meshctl.c:1968: freed_arg: "g_free" frees "mesh_dir".
bluez-5.64/tools/meshctl.c:2018: double_free: Calling "g_free" frees
pointer "mesh_dir" which has already been freed.
Signed-off-by: Manika Shrivastava <manika.sh@samsung.com>
Signed-off-by: Ayush Garg <ayush.garg@samsung.com>
Gopal Tiwari [Tue, 31 May 2022 07:41:15 +0000 (13:11 +0530)]
pbap: Fix memory leak
Reported by coverity tool as follows:
bluez-5.64/obexd/client/pbap.c:929: leaked_storage: Variable "apparam"
going out of scope leaks the storage it points to.
Signed-off-by: Manika Shrivastava <manika.sh@samsung.com>
Signed-off-by: Ayush Garg <ayush.garg@samsung.com>
Gopal Tiwari [Tue, 31 May 2022 07:41:13 +0000 (13:11 +0530)]
obex-client: Fix leaked_handle
While performing static tool analysis using coverity found following
reports for resouse leak
bluez-5.64/tools/obex-client-tool.c:315: leaked_handle: Handle variable
"sk" going out of scope leaks the handle.
Signed-off-by: Manika Shrivastava <manika.sh@samsung.com>
Signed-off-by: Ayush Garg <ayush.garg@samsung.com>
Gopal Tiwari [Tue, 31 May 2022 07:41:12 +0000 (13:11 +0530)]
mesh/mesh-db: Fix resource leaks
While performing static tool analysis using coverity found following
reports for resouse leak
bluez-5.64/tools/mesh/mesh-db.c:2388: leaked_handle: Handle variable
"fd" going out of scope leaks the handle.
bluez-5.64/tools/mesh/mesh-db.c:2388: leaked_storage: Variable "str"
going out of scope leaks the storage it points to.
Signed-off-by: Manika Shrivastava <manika.sh@samsung.com>
Signed-off-by: Ayush Garg <ayush.garg@samsung.com>
Gopal Tiwari [Tue, 31 May 2022 07:41:11 +0000 (13:11 +0530)]
l2cap-tester: Fix leaked_handle
While performing static tool analysis using coverity found following
reports for resouse leak
bluez-5.64/tools/l2cap-tester.c:1712: leaked_handle: Handle variable
"new_sk" going out of scope leaks the handle.
Signed-off-by: Manika Shrivastava <manika.sh@samsung.com>
Signed-off-by: Ayush Garg <ayush.garg@samsung.com>
Gopal Tiwari [Tue, 31 May 2022 07:41:10 +0000 (13:11 +0530)]
create-image: Fix leaked_handle
While performing static tool analysis using coverity found following
reports for resouse leak
bluez-5.64/tools/create-image.c:124: leaked_storage: Variable "map"
going out of scope leaks the storage it points to.
Signed-off-by: Manika Shrivastava <manika.sh@samsung.com>
Signed-off-by: Ayush Garg <ayush.garg@samsung.com>
Gopal Tiwari [Tue, 31 May 2022 07:41:09 +0000 (13:11 +0530)]
cltest: Fix leaked_handle
While performing static tool analysis using coverity found
following reports for resouse leak
bluez-5.64/tools/cltest.c:75: leaked_handle: Handle variable "fd"
going out of scope leaks the handle.
Signed-off-by: Manika Shrivastava <manika.sh@samsung.com>
Signed-off-by: Ayush Garg <ayush.garg@samsung.com>
Gopal Tiwari [Tue, 31 May 2022 07:41:08 +0000 (13:11 +0530)]
sixaxis: Fix memory leaks
While performing static tool analysis using coverity
found following reports for resouse leak
bluez-5.64/plugins/sixaxis.c:425: alloc_arg:
"get_pairing_type_for_device" allocates memory that is
stored into "sysfs_path".
bluez-5.64/plugins/sixaxis.c:428: leaked_storage: Variable "sysfs_path"
going out of scope leaks the storage it points to.
Signed-off-by: Manika Shrivastava <manika.sh@samsung.com>
Signed-off-by: Ayush Garg <ayush.garg@samsung.com>
Gopal Tiwari [Tue, 31 May 2022 07:41:07 +0000 (13:11 +0530)]
monitor: Fix memory leaks
While performing static tool analysis using coverity
found following reports for resouse leak
bluez-5.64/monitor/jlink.c:111: leaked_storage: Variable "so"
going out of scope leaks the storage it points to.
bluez-5.64/monitor/jlink.c:113: leaked_storage: Variable "so"
going out of scope leaks the storage it points to.
Signed-off-by: Manika Shrivastava <manika.sh@samsung.com>
Signed-off-by: Ayush Garg <ayush.garg@samsung.com>
Gopal Tiwari [Tue, 31 May 2022 07:41:06 +0000 (13:11 +0530)]
mesh/appkey: Fix memory leaks
While performing the static analysis using the coverity tool found
following memory leak reports
bluez-5.64/mesh/appkey.c:143: leaked_storage: Variable "key" going
out of scope leaks the storage it points to.
Error: RESOURCE_LEAK (CWE-772):
bluez-5.64/mesh/appkey.c:146: leaked_storage: Variable "key" going
out of scope leaks the storage it points to.
Signed-off-by: Manika Shrivastava <manika.sh@samsung.com>
Signed-off-by: Ayush Garg <ayush.garg@samsung.com>
Gopal Tiwari [Tue, 31 May 2022 07:41:05 +0000 (13:11 +0530)]
client/gatt: Fix memory leak issues
While performing the static tool analysis using coverity tool
found following reports
Error: RESOURCE_LEAK (CWE-772):
bluez-5.64/client/gatt.c:1531: leaked_storage: Variable "service"
going out of scope leaks the storage it points to.
Error: RESOURCE_LEAK (CWE-772):
bluez-5.64/client/gatt.c:2626: leaked_storage: Variable "chrc"
going out of scope leaks the storage it points to.
Error: RESOURCE_LEAK (CWE-772):
bluez-5.64/client/gatt.c:2906: leaked_storage: Variable "desc"
going out of scope leaks the storage it points to.
Signed-off-by: Manika Shrivastava <manika.sh@samsung.com>
Signed-off-by: Ayush Garg <ayush.garg@samsung.com>
Luiz Augusto von Dentz [Tue, 24 May 2022 01:41:37 +0000 (18:41 -0700)]
monitor/att: Add decoding support for ASE Control Point
This adds decoding support for ASE Control Point attribute:
> ACL Data RX: Handle 42 flags 0x02 dlen 30
Channel: 64 len 26 sdu 24 [PSM 39 mode Enhanced Credit (0x81)] {chan 1}
ATT: Write Command (0x52) len 23
Handle: 0x0030 Type: ASE Control Point (0x2bc6)
Data: 010103020206000000000a02010302020103042800
Opcode: Codec Configuration (0x01)
Number of ASE(s): 1
ASE: #0
ASE ID: 0x03
Target Latency: Balance Latency/Reliability (0x02)
PHY: 0x02
LE 2M PHY (0x02)
Codec: LC3 (0x06)
Codec Specific Configuration #0: len 0x02 type 0x01
Codec Specific Configuration: 03
Codec Specific Configuration #1: len 0x02 type 0x02
Codec Specific Configuration: 01
Codec Specific Configuration #2: len 0x03 type 0x04
Codec Specific Configuration: 2800
< ACL Data TX: Handle 42 flags 0x00 dlen 55
Channel: 64 len 51 sdu 49 [PSM 39 mode Enhanced Credit (0x81)] {chan 0}
ATT: Handle Multiple Value Notification (0x23) len 48
Length: 0x0005
Handle: 0x0030 Type: ASE Control Point (0x2bc6)
Data:
0101030000
Opcode: Codec Configuration (0x01)
Number of ASE(s): 1
ASE: #0
ASE ID: 0x03
ASE Response Code: Success (0x00)
ASE Response Reason: None (0x00)
> ACL Data RX: Handle 42 flags 0x02 dlen 27
Channel: 64 len 23 sdu 21 [PSM 39 mode Enhanced Credit (0x81)] {chan 1}
ATT: Write Command (0x52) len 20
Handle: 0x0030 Type: ASE Control Point (0x2bc6)
Data:
020103000010270000022800020a00409c00
Opcode: QoS Configuration (0x02)
Number of ASE(s): 1
ASE: #0
ASE ID: 0x03
CIG ID: 0x00
CIS ID: 0x00
SDU Interval: 10000 usec
Framing: Unframed (0x00)
PHY: 0x02
LE 2M PHY (0x02)
Max SDU: 40
RTN: 2
Max Transport Latency: 10
Presentation Delay: 40000 us
< ACL Data TX: Handle 42 flags 0x00 dlen 37
Channel: 64 len 33 sdu 31 [PSM 39 mode Enhanced Credit (0x81)] {chan 0}
ATT: Handle Multiple Value Notification (0x23) len 30
Length: 0x0005
Handle: 0x0030 Type: ASE Control Point (0x2bc6)
Data:
0201030000
Opcode: QoS Configuration (0x02)
Number of ASE(s): 1
ASE: #0
ASE ID: 0x03
ASE Response Code: Success (0x00)
ASE Response Reason: None (0x00)
> ACL Data RX: Handle 42 flags 0x02 dlen 17
Channel: 64 len 13 sdu 11 [PSM 39 mode Enhanced Credit (0x81)] {chan 1}
ATT: Write Command (0x52) len 10
Handle: 0x0030 Type: ASE Control Point (0x2bc6)
Data:
0301030403020200
Opcode: Enable (0x03)
Number of ASE(s): 1
ASE: #0
ASE ID: 0x03
Metadata #0: len 0x03 type 0x02
Metadata: 0200
< ACL Data TX: Handle 42 flags 0x00 dlen 33
Channel: 64 len 29 sdu 27 [PSM 39 mode Enhanced Credit (0x81)] {chan 0}
ATT: Handle Multiple Value Notification (0x23) len 26
Length: 0x0005
Handle: 0x0030 Type: ASE Control Point (0x2bc6)
Data:
0301030000
Opcode: Enable (0x03)
Number of ASE(s): 1
ASE: #0
ASE ID: 0x03
ASE Response Code: Success (0x00)
ASE Response Reason: None (0x00)
> ACL Data RX: Handle 42 flags 0x02 dlen 12
Channel: 64 len 8 sdu 6 [PSM 39 mode Enhanced Credit (0x81)] {chan 0}
ATT: Write Command (0x52) len 5
Handle: 0x0030 Type: ASE Control Point (0x2bc6)
Data: 050101
Opcode: Disable (0x05)
Number of ASE(s): 1
Signed-off-by: Manika Shrivastava <manika.sh@samsung.com>
Signed-off-by: Ayush Garg <ayush.garg@samsung.com>
Luiz Augusto von Dentz [Mon, 23 May 2022 22:53:23 +0000 (15:53 -0700)]
monitor/att: Add decoding support for ASE Sink/Source
This adds decoding support for ASE Sink/Source attributes:
> ACL Data RX: Handle 42 flags 0x02 dlen 9
Channel: 65 len 5 sdu 3 [PSM 39 mode Enhanced Credit (0x81)] {chan 0}
ATT: Read Request (0x0a) len 2
Handle: 0x002a Type: Sink ASE (0x2bc4)
< ACL Data TX: Handle 42 flags 0x00 dlen 9
Channel: 64 len 5 sdu 3 [PSM 39 mode Enhanced Credit (0x81)] {chan 0}
ATT: Read Response (0x0b) len 2
Value: 0300
ASE ID: 1
State: Idle (0x00)
< ACL Data TX: Handle 42 flags 0x00 dlen 55
Channel: 64 len 51 sdu 49 [PSM 39 mode Enhanced Credit (0x81)] {chan 0}
ATT: Handle Multiple Value Notification (0x23) len 48
Length: 0x0023
Handle: 0x0024 Type: Sink ASE (0x2bc4)
Data: 01010000000a00204e00409c00204e00409c0006000000000a02010302020103042800
ASE ID: 1
State: Codec Configured (0x01)
Framing: Unframed PDUs supported (0x00)
PHY: 0x00
RTN: 0
Max Transport Latency: 10
Presentation Delay Min: 20000 us
Presentation Delay Max: 40000 us
Preferred Presentation Delay Min: 20000 us
Preferred Presentation Delay Max: 40000 us
Codec: LC3 (0x06)
Codec Specific Configuration #0: len 0x02 type 0x01
Codec Specific Configuration: 03
Codec Specific Configuration #1: len 0x02 type 0x02
Codec Specific Configuration: 01
Codec Specific Configuration #2: len 0x03 type 0x04
Codec Specific Configuration: 2800
< ACL Data TX: Handle 42 flags 0x00 dlen 37
Channel: 64 len 33 sdu 31 [PSM 39 mode Enhanced Credit (0x81)] {chan 0}
ATT: Handle Multiple Value Notification (0x23) len 30
Length: 0x0011
Handle: 0x0024 Type: Sink ASE (0x2bc4)
Data:
0102000010270000022800020a00409c00
ASE ID: 1
State: QoS Configured (0x02)
CIG ID: 0x00
CIS ID: 0x00
SDU Interval: 10000 usec
Framing: Unframed (0x00)
PHY: 0x02
LE 2M PHY (0x02)
Max SDU: 40
RTN: 2
Max Transport Latency: 10
Presentation Delay: 40000 us
< ACL Data TX: Handle 42 flags 0x00 dlen 33
Channel: 64 len 29 sdu 27 [PSM 39 mode Enhanced Credit (0x81)] {chan 0}
ATT: Handle Multiple Value Notification (0x23) len 26
Length: 0x000d
Handle: 0x002a Type: Source ASE (0x2bc5)
Data:
03030000060304030202000000
ASE ID: 3
State: Enabling (0x03)
CIG ID: 0x00
CIS ID: 0x00
Metadata #0: len 0x03 type 0x04
Metadata: 0302
Metadata #1: len 0x02 type 0x00
< ACL Data TX: Handle 42 flags 0x00 dlen 39
Channel: 64 len 35 sdu 33 [PSM 39 mode Enhanced Credit (0x81)] {chan 0}
ATT: Handle Multiple Value Notification (0x23) len 32
Length: 0x000d
Handle: 0x002a Type: Source ASE (0x2bc5)
Data:
03040000060304030202000000
ASE ID: 3
State: Streaming (0x04)
CIG ID: 0x00
CIS ID: 0x00
Metadata #0: len 0x03 type 0x04
Metadata: 0302
Metadata #1: len 0x02 type 0x00
< ACL Data TX: Handle 42 flags 0x00 dlen 33
Channel: 64 len 29 sdu 27 [PSM 39 mode Enhanced Credit (0x81)] {chan 0}
ATT: Handle Multiple Value Notification (0x23) len 26
Length: 0x000d
Handle: 0x002a Type: Source ASE (0x2bc5)
Data:
03050000060304030202000000
ASE ID: 3
State: Disabling (0x05)
CIG ID: 0x00
CIS ID: 0x00
Metadata #0: len 0x03 type 0x04
Metadata: 0302
Metadata #1: len 0x02 type 0x00
Signed-off-by: Manika Shrivastava <manika.sh@samsung.com>
Signed-off-by: Ayush Garg <ayush.garg@samsung.com>
Luiz Augusto von Dentz [Fri, 20 May 2022 22:51:42 +0000 (15:51 -0700)]
monitor/att: Add decoding support for PAC Sink/Source
This adds decoding support for PAC Sink/Source attributes:
< ACL Data TX: Handle 42 flags 0x00 dlen 9
Channel: 64 len 5 sdu 3 [PSM 39 mode Enhanced Credit (0x81)]
{chan 0}
ATT: Read Request (0x0a) len 2
Handle: 0x0017 Type: Sink PAC (0x2bc9)
> ACL Data RX: Handle 42 flags 0x02 dlen 31
Channel: 65 len 27 sdu 25 [PSM 39 mode Enhanced Credit (0x81)]
{chan 0}
Value: 010600000000100301ff0002020302030305041e00f00000
Number of PAC(s): 1
PAC #0:
Codec: LC3 (0x06)
Codec Specific Configuration #0: len 0x03 type 0x01
Codec Specific Configuration: ff00
Codec Specific Configuration #1: len 0x02 type 0x02
Codec Specific Configuration: 03
Codec Specific Configuration #2: len 0x02 type 0x03
Codec Specific Configuration: 03
Codec Specific Configuration #3: len 0x05 type 0x04
Codec Specific Configuration:
1e00f000
Signed-off-by: Manika Shrivastava <manika.sh@samsung.com>
Signed-off-by: Ayush Garg <ayush.garg@samsung.com>
Luiz Augusto von Dentz [Thu, 26 May 2022 20:47:13 +0000 (13:47 -0700)]
monitor/att: Simplify CCC decoders
This simplify callbacks moving the decoding of the value to
print_ccc_value.
Signed-off-by: Manika Shrivastava <manika.sh@samsung.com>
Signed-off-by: Ayush Garg <ayush.garg@samsung.com>
Luiz Augusto von Dentz [Wed, 25 May 2022 00:51:44 +0000 (17:51 -0700)]
monitor/att: Fix parsing of notifications
If there are multiple notifications in the same frame the callback may
alter it when using l2cap_frame_pull helpers, so instead this passes a
cloned frame with just the expected length so callbacks cannot alter
original frame.
Signed-off-by: Manika Shrivastava <manika.sh@samsung.com>
Signed-off-by: Ayush Garg <ayush.garg@samsung.com>
Luiz Augusto von Dentz [Wed, 25 May 2022 00:49:57 +0000 (17:49 -0700)]
monitor/att: Attempt to reload if database is empty
If database is empty attempt to reload since the daemon may have
updated its cache in the meantime.
Signed-off-by: Manika Shrivastava <manika.sh@samsung.com>
Signed-off-by: Ayush Garg <ayush.garg@samsung.com>
Inga Stotland [Fri, 20 May 2022 23:41:51 +0000 (16:41 -0700)]
client: Fix setting of advertisement interval
This fixes incorrect argument read when using "interval" command
in "advertisement" submenu
Signed-off-by: Manika Shrivastava <manika.sh@samsung.com>
Signed-off-by: Ayush Garg <ayush.garg@samsung.com>
Luiz Augusto von Dentz [Fri, 20 May 2022 23:51:38 +0000 (16:51 -0700)]
monitor/att: Fix parsing of Notify Mutiple
Notify Multiple was parsing handle multiple times causing the length to
be assumed to be a handle.
Signed-off-by: Manika Shrivastava <manika.sh@samsung.com>
Signed-off-by: Ayush Garg <ayush.garg@samsung.com>
Luiz Augusto von Dentz [Fri, 20 May 2022 23:36:57 +0000 (16:36 -0700)]
monitor/att: Fix not matching read frame direction
There could be read frames pending on both direction so this ensures
the direction is matched properly.
Signed-off-by: Manika Shrivastava <manika.sh@samsung.com>
Signed-off-by: Ayush Garg <ayush.garg@samsung.com>
Luiz Augusto von Dentz [Fri, 20 May 2022 23:18:46 +0000 (16:18 -0700)]
monitor/att: Fix treating Notification/Indication as a request
Notification/Indication shall be treated as response so the correct
database is used.
Signed-off-by: Manika Shrivastava <manika.sh@samsung.com>
Signed-off-by: Ayush Garg <ayush.garg@samsung.com>
Luiz Augusto von Dentz [Fri, 20 May 2022 23:17:11 +0000 (16:17 -0700)]
monitor/att: Fix not removing read from queue
The code was using queue_find instead of queue_remove_if so follow up
read wouldn't match the attribute properly.
Signed-off-by: Manika Shrivastava <manika.sh@samsung.com>
Signed-off-by: Ayush Garg <ayush.garg@samsung.com>
Luiz Augusto von Dentz [Thu, 19 May 2022 21:36:06 +0000 (14:36 -0700)]
gatt-server: Fix crash while disconnecting
If there is a pending notify multiple the code was not removing before
freeing the object causing the following crash:
Invalid read of size 8
at 0x4A3D10: notify_multiple (gatt-server.c:1703)
by 0x4D05F0: timeout_callback (timeout-glib.c:25)
by 0x4956900: ??? (in /usr/lib64/libglib-2.0.so.0.7000.5)
by 0x49560AE: g_main_context_dispatch
(in /usr/lib64/libglib-2.0.so.0.7000.5)
by 0x49AB307: ??? (in /usr/lib64/libglib-2.0.so.0.7000.5)
by 0x49557C2: g_main_loop_run
(in /usr/lib64/libglib-2.0.so.0.7000.5)
by 0x4D0A34: mainloop_run (mainloop-glib.c:66)
by 0x4D0F2B: mainloop_run_with_signal (mainloop-notify.c:188)
by 0x2B0CD1: main (main.c:1276)
Address 0x6ca35c8 is 136 bytes inside a block of size 144 free'd
at 0x48470E4: free (vg_replace_malloc.c:872)
by 0x415E73: gatt_server_cleanup (device.c:698)
by 0x415E73: attio_cleanup (device.c:715)
by 0x47745B: queue_foreach (queue.c:207)
by 0x490C54: disconnect_cb (att.c:701)
by 0x4CF4AF: watch_callback (io-glib.c:157)
by 0x49560AE: g_main_context_dispatch
(in /usr/lib64/libglib-2.0.so.0.7000.5)
by 0x49AB307: ??? (in /usr/lib64/libglib-2.0.so.0.7000.5)
by 0x49557C2: g_main_loop_run
(in /usr/lib64/libglib-2.0.so.0.7000.5)
by 0x4D0A34: mainloop_run (mainloop-glib.c:66)
by 0x4D0F2B: mainloop_run_with_signal (mainloop-notify.c:188)
by 0x2B0CD1: main (main.c:1276)
Signed-off-by: Manika Shrivastava <manika.sh@samsung.com>
Signed-off-by: Ayush Garg <ayush.garg@samsung.com>
Luiz Augusto von Dentz [Fri, 20 May 2022 00:52:39 +0000 (17:52 -0700)]
monitor/att: Add decoding support for CCC
This adds decoding support for CCC so its value can be decoded:
< ACL Data TX: Handle 3585 flags 0x00 dlen 7
ATT: Read Request (0x0a) len 2
Handle: 0x002c Type: Client Characteristic Configuration (0x2902)
> ACL Data RX: Handle 3585 flags 0x02 dlen 6
ATT: Read Response (0x0b) len 1
Value: 01
Notification (0x01)
< ACL Data TX: Handle 3585 flags 0x00 dlen 9
ATT: Write Request (0x12) len 4
Handle: 0x002c Type: Client Characteristic Configuration (0x2902)
Data: 0100
Notification (0x01)
Signed-off-by: Manika Shrivastava <manika.sh@samsung.com>
Signed-off-by: Ayush Garg <ayush.garg@samsung.com>
Luiz Augusto von Dentz [Wed, 18 May 2022 00:45:22 +0000 (17:45 -0700)]
monitor/att: Decode attribute type
This attempt to decode the attribute type if its gatt_db can be loaded:
< ACL Data TX: Handle 3585 flags 0x00 dlen 9
ATT: Write Request (0x12) len 4
Handle: 0x000b Type: Client Characteristic Configuration (0x2902)
Data: 0200
Change-Id: I7c35c3e872237c82763a65b5f22a450684eb8cd7
Signed-off-by: Manika Shrivastava <manika.sh@samsung.com>
Signed-off-by: Ayush Garg <ayush.garg@samsung.com>
Luiz Augusto von Dentz [Wed, 18 May 2022 01:22:01 +0000 (18:22 -0700)]
monitor: Cache connection information
This caches connection information including the device addres so it can
be printed alongside the handle:
> HCI Event: Disconnect Complete (0x05) plen 4
Status: Success (0x00)
Handle: 3585 Address: 68:79:12:XX:XX:XX (OUI 68-79-12)
Reason: Connection Terminated By Local Host (0x16)
Signed-off-by: Manika Shrivastava <manika.sh@samsung.com>
Signed-off-by: Ayush Garg <ayush.garg@samsung.com>
Luiz Augusto von Dentz [Tue, 17 May 2022 00:50:38 +0000 (17:50 -0700)]
monitor: Move ATT decoding function into its own file
This moves ATT decoding function from l2cap.c to att.c.
Signed-off-by: Manika Shrivastava <manika.sh@samsung.com>
Signed-off-by: Ayush Garg <ayush.garg@samsung.com>
Luiz Augusto von Dentz [Tue, 17 May 2022 00:37:56 +0000 (17:37 -0700)]
monitor: Move print_hex_field to display.h
This moves print_hex_field to display.h and removes the duplicated code
from packet.c and l2cap.c.
Signed-off-by: Manika Shrivastava <manika.sh@samsung.com>
Signed-off-by: Ayush Garg <ayush.garg@samsung.com>
Luiz Augusto von Dentz [Wed, 18 May 2022 21:50:12 +0000 (14:50 -0700)]
gatt: Store local GATT database
This enables storing the local (adapter) GATT database which later will
be used by btmon to decode GATT handles.
Signed-off-by: Manika Shrivastava <manika.sh@samsung.com>
Signed-off-by: Ayush Garg <ayush.garg@samsung.com>
Luiz Augusto von Dentz [Wed, 11 May 2022 22:33:27 +0000 (15:33 -0700)]
settings: Add btd_settings_gatt_db_{store,load}
This adds helper functions to store and load from/to file so they can
get reused by the likes of gatt-database.c and btmon.
Signed-off-by: Manika Shrivastava <manika.sh@samsung.com>
Signed-off-by: Ayush Garg <ayush.garg@samsung.com>
Archie Pusaka [Wed, 18 May 2022 04:33:07 +0000 (12:33 +0800)]
input/device: Notify failure if ctrl disconnect when waiting intr
On some rare occasions, the peer HID device might disconnect the ctrl
channel when we are trying to connect the intr channel. If this
happens, interrupt_connect_cb() will not be called by btio, and we
will be stuck in "connecting" state. Any future connection attempt to
the peer device will fail because of "busy".
This patch prevents that by checking if we need to report connection
failure when the ctrl channel is disconnected.
Reviewed-by: Sonny Sasaka <sonnysasaka@chromium.org>
Signed-off-by: Manika Shrivastava <manika.sh@samsung.com>
Signed-off-by: Ayush Garg <ayush.garg@samsung.com>
Luiz Augusto von Dentz [Fri, 13 May 2022 01:01:03 +0000 (18:01 -0700)]
hog-lib: Fix not reading report_map of instances
If there is multiple instances the gatt_db of the instances was not
initialized causing the report_map_attr to be NULL which prevents the
report_map to be read and uhid device to be created.
Fixes: https://github.com/bluez/bluez/issues/298
Signed-off-by: Manika Shrivastava <manika.sh@samsung.com>
Signed-off-by: Ayush Garg <ayush.garg@samsung.com>
Luiz Augusto von Dentz [Thu, 12 May 2022 23:40:49 +0000 (16:40 -0700)]
device: Fix enabling wake support without RPA Resolution
If device uses RPA it shall only enable wakeup if RPA Resolution has
been enabled otherwise it cannot be programmed in the acceptlist which
can cause suspend to fail.
Link: https://bugzilla.kernel.org/show_bug.cgi?id=215768
Signed-off-by: Manika Shrivastava <manika.sh@samsung.com>
Signed-off-by: Ayush Garg <ayush.garg@samsung.com>
Luiz Augusto von Dentz [Thu, 12 May 2022 00:55:14 +0000 (17:55 -0700)]
gatt-db: Allow passing Characteristic Value to gatt_db_attribute_get_char_data
This makes gatt_db_attribute_get_char_data work with Characteristic
Value rather than only with Characteristic Declaration.
Signed-off-by: Manika Shrivastava <manika.sh@samsung.com>
Signed-off-by: Ayush Garg <ayush.garg@samsung.com>
Luiz Augusto von Dentz [Thu, 12 May 2022 00:55:15 +0000 (17:55 -0700)]
service: Add initiator argument to service_accept
This adds initiator argument to service_accept so profiles accepting
the connection can use btd_service_is_initiator to determine if the
connection was initiated locally (central) or remotely (peripheral).
Signed-off-by: Manika Shrivastava <manika.sh@samsung.com>
Signed-off-by: Ayush Garg <ayush.garg@samsung.com>
wangyouwan [Tue, 10 May 2022 01:27:35 +0000 (09:27 +0800)]
device: Fix pairing has failed due to the error of Already Paired (0x13)
After connect the Bluetooth mouse, open two Bluetoothctl at the same time,
when remove the mouse, quickly go to power off,
try to paired the mouse again when I was power on,
found that the error 0x13 was always reported.
try to connect directly,can connect successfully.
but use the info command to query the information of the mouse
and find that the pairing status of the mouse is No.
so I try to delete the paired information in the kernel
through the "* cancel_pairing()" interface.
Signed-off-by: Manika Shrivastava <manika.sh@samsung.com>
Signed-off-by: Ayush Garg <ayush.garg@samsung.com>
Ildar Kamaletdinov [Sat, 7 May 2022 17:35:05 +0000 (20:35 +0300)]
device: Fix uninitialized value usage
Definitely `dbus_bool_t b;` must be initialized before comparing it
with current value.
Found by Linux Verification Center (linuxtesting.org) with the SVACE
static analysis tool.
Signed-off-by: Manika Shrivastava <manika.sh@samsung.com>
Signed-off-by: Ayush Garg <ayush.garg@samsung.com>
Ildar Kamaletdinov [Sat, 7 May 2022 17:35:04 +0000 (20:35 +0300)]
tools: Fix handle leak in rfcomm
Some branches of execution can make handle (socket) leakage.
Found by Linux Verification Center (linuxtesting.org) with the SVACE
static analysis tool.
Signed-off-by: Manika Shrivastava <manika.sh@samsung.com>
Signed-off-by: Ayush Garg <ayush.garg@samsung.com>
Ildar Kamaletdinov [Sat, 7 May 2022 17:35:03 +0000 (20:35 +0300)]
tools: Fix memory leaks in btgatt-server/client
According to man buffer allocated by getline() should be freed by
the user program even if getline() failed.
Found by Linux Verification Center (linuxtesting.org) with the SVACE
static analysis tool.
Signed-off-by: Manika Shrivastava <manika.sh@samsung.com>
Signed-off-by: Ayush Garg <ayush.garg@samsung.com>
Ildar Kamaletdinov [Sat, 7 May 2022 17:35:02 +0000 (20:35 +0300)]
tools: Fix memory leak in hciconfig
printf() was using function that return dynamic allocated memory as
a parameter.
Found by Linux Verification Center (linuxtesting.org) with the SVACE
static analysis tool.
Signed-off-by: Manika Shrivastava <manika.sh@samsung.com>
Signed-off-by: Ayush Garg <ayush.garg@samsung.com>
Luiz Augusto von Dentz [Fri, 6 May 2022 23:05:14 +0000 (16:05 -0700)]
advertising: Treat empty LocalName the same as omitting it
This treats empty LocalName ("") the same as omitting it so not name is
set in the advertising data since some D-Bus binding seems to have
problems to omit properties at runtime.
Fixes: https://github.com/bluez/bluez/issues/337
Signed-off-by: Manika Shrivastava <manika.sh@samsung.com>
Signed-off-by: Ayush Garg <ayush.garg@samsung.com>
Luiz Augusto von Dentz [Wed, 4 May 2022 23:39:30 +0000 (16:39 -0700)]
device-api: Clarify Paired/Bonded documentation
This attempt to clarify the distinction of Paired and Bonded
properties.
Signed-off-by: Manika Shrivastava <manika.sh@samsung.com>
Signed-off-by: Ayush Garg <ayush.garg@samsung.com>
Zhengping Jiang [Wed, 4 May 2022 21:09:48 +0000 (14:09 -0700)]
client: Add filter to devices and show Bonded in info
Use the property name as optional filters to the command "devices" and
show the "Bonded" property for the command "info".
Reviewed-by: Sonny Sasaka <sonnysasaka@chromium.org>
Reviewed-by: Yun-Hao Chung <howardchung@chromium.org>
Signed-off-by: Manika Shrivastava <manika.sh@samsung.com>
Signed-off-by: Ayush Garg <ayush.garg@samsung.com>
Zhengping Jiang [Wed, 4 May 2022 21:09:46 +0000 (14:09 -0700)]
device: Add "Bonded" flag to dbus property
Add "Bonded" to dbus device property table. When setting the "Bonded
flag, check the status of the Bonded property first. If the Bonded
property is changed, send property changed signal.
Reviewed-by: Sonny Sasaka <sonnysasaka@chromium.org>
Reviewed-by: Yun-Hao Chung <howardchung@chromium.org>
Signed-off-by: Manika Shrivastava <manika.sh@samsung.com>
Signed-off-by: Ayush Garg <ayush.garg@samsung.com>
Zhengping Jiang [Wed, 4 May 2022 21:09:47 +0000 (14:09 -0700)]
doc: add "Bonded" flag to dbus property
Bonded flag is used to indicate the link key or ltk of the remote
device has been stored.
Reviewed-by: Sonny Sasaka <sonnysasaka@chromium.org>
Reviewed-by: Yun-Hao Chung <howardchung@chromium.org>
Signed-off-by: Manika Shrivastava <manika.sh@samsung.com>
Signed-off-by: Ayush Garg <ayush.garg@samsung.com>
Luiz Augusto von Dentz [Mon, 2 May 2022 21:43:20 +0000 (14:43 -0700)]
monitor: Fix parsing of LE Terminate BIG Complete event
LE Terminate BIG Complete event format Subevent_Code, BIG_Handle and
Reason but the last two were swapped.
Signed-off-by: Manika Shrivastava <manika.sh@samsung.com>
Signed-off-by: Ayush Garg <ayush.garg@samsung.com>
Luiz Augusto von Dentz [Mon, 2 May 2022 20:02:46 +0000 (13:02 -0700)]
monitor: Decode LTV fields of Basic Audio Announcements
This decodes the LTV fields of Basic Audio Announcements:
< HCI Command: LE Set Periodic Advertising Data (0x08|0x003f) plen 41
Handle: 0
Operation: Complete ext advertising data (0x03)
Data length: 0x26
Service Data: Basic Audio Announcement (0x1851)
Presetation Delay: 40000
Number of Subgroups: 1
Subgroup #0:
Number of BIS(s): 1
Codec: LC3 (0x06)
Codec Specific Configuration #0: len 0x02 type 0x01
Codec Specific Configuration: 03
Codec Specific Configuration #1: len 0x02 type 0x02
Codec Specific Configuration: 01
Codec Specific Configuration #2: len 0x05 type 0x03
Codec Specific Configuration:
01000000
Codec Specific Configuration #3: len 0x03 type 0x04
Codec Specific Configuration: 2800
Metadata #0: len 0x03 type 0x02
Metadata: 0200
BIS #0:
Index: 1
Codec Specific Configuration:
Signed-off-by: Manika Shrivastava <manika.sh@samsung.com>
Signed-off-by: Ayush Garg <ayush.garg@samsung.com>
Luiz Augusto von Dentz [Mon, 2 May 2022 19:59:50 +0000 (12:59 -0700)]
btdev: Fix not removing connection and advertising set on reset
This makes sure that all connections and advertising sets are cleanup
on reset.
Signed-off-by: Manika Shrivastava <manika.sh@samsung.com>
Signed-off-by: Ayush Garg <ayush.garg@samsung.com>
Luiz Augusto von Dentz [Wed, 27 Apr 2022 20:14:19 +0000 (13:14 -0700)]
transport: Fix not being able to initialize volume properly
In case AVRCP is connected first and
media_transport_update_device_volume is called without any media_player
being available the volume setting would be lost and Transport.Volume
won't be available, so this introduces btd_device_{set,get}_volume
helpers which is used to store the volume temporarely so
media_player_get_device_volume is able to restore it when the transport
is created.
Fixes: https://github.com/bluez/bluez/issues/335
Signed-off-by: Manika Shrivastava <manika.sh@samsung.com>
Signed-off-by: Ayush Garg <ayush.garg@samsung.com>
Luiz Augusto von Dentz [Tue, 26 Apr 2022 23:02:54 +0000 (16:02 -0700)]
btmon: Fix not decoding LC3 id
This enablind decoding LC3 codec id (0x06).
Signed-off-by: Manika Shrivastava <manika.sh@samsung.com>
Signed-off-by: Ayush Garg <ayush.garg@samsung.com>
Luiz Augusto von Dentz [Tue, 26 Apr 2022 22:57:15 +0000 (15:57 -0700)]
btmon: Add support for decoding Basic Audio Annoucements
This adds support for decoding Basic Audio Announcements as shown
on:
Basic Audio Profile / Profile Specification
Page 36 of 146
Table 3.15: Format of BASE used in Basic Audio Announcements
< HCI Command: LE Set Periodic Advertising Data (0x08|0x003f) plen 36
Handle: 0
Operation: Complete ext advertising data (0x03)
Data length: 0x21
Service Data: Basic Audio Announcement (0x1851)
Presetation Delay: 40000
Number of Subgroups: 1
Subgroup #0:
Number of BIS(s): 1
Codec: Reserved (0x06)
Codec Specific Configuration:
010101020403010000020428
Metadata: 020202
BIS #0:
Index: 1
Codec Specific Configuration:
Signed-off-by: Manika Shrivastava <manika.sh@samsung.com>
Signed-off-by: Ayush Garg <ayush.garg@samsung.com>
Luiz Augusto von Dentz [Tue, 26 Apr 2022 20:22:03 +0000 (13:22 -0700)]
btmon: Add support for decoding Broadcast Audio Annoucements
This adds support for decoding Broadcast Audio Announcements as shown
on:
Basic Audio Profile / Profile Specification
Page 34 of 146
Table 3.14: Broadcast Source AD format when transmitting Broadcast
Audio Announcements
< HCI Command: LE Set Extended Advertising Data (0x08|0x0037) plen 36
Handle: 0x00
Operation: Complete extended advertising data (0x03)
Fragment preference: Minimize fragmentation (0x01)
Data length: 0x20
Service Data: Broadcast Audio Announcement (0x1852)
Broadcast ID: 904177 (0x0dcbf1)
Name (complete): Broadcast Audio Source
Signed-off-by: Manika Shrivastava <manika.sh@samsung.com>
Signed-off-by: Ayush Garg <ayush.garg@samsung.com>
Luiz Augusto von Dentz [Tue, 26 Apr 2022 18:39:14 +0000 (11:39 -0700)]
btmon: Add proper decoding to Service Data UUID
This adds proper decoding for Service Data UUID:
Service Data: Apple, Inc. (0xfd6f)
Data:
e6b07e19815e902100b8b2f4a55255fd18f0c6be
Signed-off-by: Manika Shrivastava <manika.sh@samsung.com>
Signed-off-by: Ayush Garg <ayush.garg@samsung.com>
Luiz Augusto von Dentz [Mon, 25 Apr 2022 23:58:54 +0000 (16:58 -0700)]
client/player: Add transport.receive command
This adds transport.receive command:
Get/Set file to receive
Usage:
receive [filename]
Signed-off-by: Manika Shrivastava <manika.sh@samsung.com>
Signed-off-by: Ayush Garg <ayush.garg@samsung.com>
Luiz Augusto von Dentz [Fri, 22 Apr 2022 23:01:29 +0000 (16:01 -0700)]
client/player: Add transport.volume command
This adds transport.volume command:
Get/Set transport volume
Usage:
volume <transport> [value]
Signed-off-by: Manika Shrivastava <manika.sh@samsung.com>
Signed-off-by: Ayush Garg <ayush.garg@samsung.com>
Luiz Augusto von Dentz [Wed, 20 Apr 2022 23:43:31 +0000 (16:43 -0700)]
btmon: Fix decoding of Enhanced Credit Connection Request
This fixes the decoding of Enhanced Credit Connection Request which was
not accounting the fields correctly causing 2 extra Source CID to be
printed.
Signed-off-by: Manika Shrivastava <manika.sh@samsung.com>
Signed-off-by: Ayush Garg <ayush.garg@samsung.com>
Luiz Augusto von Dentz [Wed, 20 Apr 2022 20:08:59 +0000 (13:08 -0700)]
hog-lib: Check if Report ID is set before prepending it
Before prepending the Report ID check if it is non-zero:
BLUETOOTH SPECIFICATION Page 16 of 26
HID Service Specification
Report ID shall be nonzero in a Report Reference characteristic
descriptor where there is more than one instance of the Report
characteristic for any given Report Type.
Fixes: https://www.spinics.net/lists/linux-bluetooth/msg97262.html
Signed-off-by: Manika Shrivastava <manika.sh@samsung.com>
Signed-off-by: Ayush Garg <ayush.garg@samsung.com>
Diego Rondini [Tue, 19 Apr 2022 15:09:49 +0000 (17:09 +0200)]
test: changes for Python3
Remove some leftover usage of Python2 code. In particular replace
iteritems() with items() to fix the following error:
AttributeError: 'dbus.Dictionary' object has no attribute 'iteritems'
Signed-off-by: Manika Shrivastava <manika.sh@samsung.com>
Signed-off-by: Ayush Garg <ayush.garg@samsung.com>
Luiz Augusto von Dentz [Tue, 19 Apr 2022 18:30:16 +0000 (11:30 -0700)]
settings-storage: Document use of StateDirectory
This documents the use of StateDirecory environment variable which
overwrites the default storage diretory when set.
Signed-off-by: Manika Shrivastava <manika.sh@samsung.com>
Signed-off-by: Ayush Garg <ayush.garg@samsung.com>
Luiz Augusto von Dentz [Mon, 18 Apr 2022 23:56:48 +0000 (16:56 -0700)]
client/player: Fix use of unsupported config_qos
QoS is not yet supported by bluetoothd so remove them.
Signed-off-by: Manika Shrivastava <manika.sh@samsung.com>
Signed-off-by: Ayush Garg <ayush.garg@samsung.com>
Luiz Augusto von Dentz [Sat, 16 Apr 2022 00:17:04 +0000 (17:17 -0700)]
test-runner: Add dedicated option to start D-Bus
This adds a dedicated option to start D-Bus alone which can be useful
when testing the bluetoothd with the likes of valgrind.
Signed-off-by: Manika Shrivastava <manika.sh@samsung.com>
Signed-off-by: Ayush Garg <ayush.garg@samsung.com>
Luiz Augusto von Dentz [Fri, 15 Apr 2022 21:18:09 +0000 (14:18 -0700)]
main: Add support for CONFIGURATION_DIRECTORY environment variable
When running as a systemd service the CONFIGURATION_DIRECTORY
environment variable maybe set:
https://www.freedesktop.org/software/systemd/man/systemd.exec.html
Signed-off-by: Manika Shrivastava <manika.sh@samsung.com>
Signed-off-by: Ayush Garg <ayush.garg@samsung.com>
Luiz Augusto von Dentz [Fri, 15 Apr 2022 20:48:39 +0000 (13:48 -0700)]
storage: Add support for STATE_DIRECTORY environment variable
When running as a systemd service the STATE_DIRECTORY environment
variable maybe set:
https://www.freedesktop.org/software/systemd/man/systemd.exec.html
Signed-off-by: Manika Shrivastava <manika.sh@samsung.com>
Signed-off-by: Ayush Garg <ayush.garg@samsung.com>
Luiz Augusto von Dentz [Wed, 13 Apr 2022 22:21:00 +0000 (15:21 -0700)]
policy: Change AutoEnable default to true
This changes the default of AutoEnable to true so controllers are power
up by default.
Fixes: https://github.com/bluez/bluez/issues/328
Signed-off-by: Manika Shrivastava <manika.sh@samsung.com>
Signed-off-by: Ayush Garg <ayush.garg@samsung.com>
Luiz Augusto von Dentz [Mon, 11 Apr 2022 23:53:56 +0000 (16:53 -0700)]
client/player: Add transport menu
This adds transport menu:
[bluetooth]# menu transport
Menu transport:
Available commands:
-------------------
list List available transports
show <transport> Transport information
acquire <transport> Acquire Transport
release <transport> Release Transport
send <filename> Send contents of a file
Signed-off-by: Manika Shrivastava <manika.sh@samsung.com>
Signed-off-by: Ayush Garg <ayush.garg@samsung.com>
Luiz Augusto von Dentz [Mon, 11 Apr 2022 23:51:12 +0000 (16:51 -0700)]
client/player: Add endpoint menu
This adds endpoint menu:
[bluetooth]# menu endpoint
Menu endpoint:
Available commands:
-------------------
list [local] List available endpoints
show <endpoint> Endpoint information
register <UUID> <codec> [capabilities...] Register Endpoint
unregister <UUID/object> Register Endpoint
config <endpoint> <local endpoint> [preset] Configure Endpoint
presets <UUID> [default] List available presets
Signed-off-by: Manika Shrivastava <manika.sh@samsung.com>
Signed-off-by: Ayush Garg <ayush.garg@samsung.com>
Luiz Augusto von Dentz [Fri, 11 Mar 2022 21:12:33 +0000 (13:12 -0800)]
btdev: Fix CIS Established
CIS Established was using the ISO latency instead of SDU interval for
transport latency.
Signed-off-by: Manika Shrivastava <manika.sh@samsung.com>
Signed-off-by: Ayush Garg <ayush.garg@samsung.com>
Luiz Augusto von Dentz [Fri, 11 Mar 2022 21:10:33 +0000 (13:10 -0800)]
bthost: Fix not setting all parameters when using Create BIG cmd
Create BIG shall set proper values for interval, latency, rtn and phy.
Signed-off-by: Manika Shrivastava <manika.sh@samsung.com>
Signed-off-by: Ayush Garg <ayush.garg@samsung.com>
Luiz Augusto von Dentz [Thu, 10 Mar 2022 23:20:49 +0000 (15:20 -0800)]
bthost: Add support for Create CIS
This introduces bthost_set_cig_params and bthost_create_cis.
Signed-off-by: Manika Shrivastava <manika.sh@samsung.com>
Signed-off-by: Ayush Garg <ayush.garg@samsung.com>
Luiz Augusto von Dentz [Mon, 11 Apr 2022 21:50:23 +0000 (14:50 -0700)]
btdev: Fix not cleanup ssp_status and ssp_auto_complete
This resets ssp_status and ssp_auto_complete flags on auth_complete.
Signed-off-by: Manika Shrivastava <manika.sh@samsung.com>
Signed-off-by: Ayush Garg <ayush.garg@samsung.com>
Jakob hilmer [Sat, 9 Apr 2022 10:01:30 +0000 (12:01 +0200)]
adapter: Fix check of DISCOVERABLE setting
The test for `DISCOVERABLE` should be done with
`MGMT_SETTING_DISCOVERABLE` instead of `MGMT_OP_SET_DISCOVERABLE`.
Acked-by: Paul Menzel <pmenzel@molgen.mpg.de>
Signed-off-by: Manika Shrivastava <manika.sh@samsung.com>
Signed-off-by: Ayush Garg <ayush.garg@samsung.com>
Luiz Augusto von Dentz [Thu, 7 Apr 2022 23:41:34 +0000 (16:41 -0700)]
shell: Fix not able to auto complete commands with submenu prefix
If the command was given with submenu prefix the code wasn't able to
detect the command to be able to generate the auto complete for its
arguments.
Signed-off-by: Manika Shrivastava <manika.sh@samsung.com>
Signed-off-by: Ayush Garg <ayush.garg@samsung.com>
Luiz Augusto von Dentz [Thu, 7 Apr 2022 23:19:26 +0000 (16:19 -0700)]
shell: Fix not being able to auto complete submenus
submenus should be part of the list of possible auto completes just as
other commands.
Signed-off-by: Manika Shrivastava <manika.sh@samsung.com>
Signed-off-by: Ayush Garg <ayush.garg@samsung.com>
Luiz Augusto von Dentz [Wed, 6 Apr 2022 20:01:03 +0000 (13:01 -0700)]
btdev: Fix BIG Create Sync
This fixes status return to BIG Create Sync command.
Signed-off-by: Manika Shrivastava <manika.sh@samsung.com>
Signed-off-by: Ayush Garg <ayush.garg@samsung.com>
Luiz Augusto von Dentz [Tue, 5 Apr 2022 00:41:06 +0000 (17:41 -0700)]
btdev: Add support for sending LE BIG Info Adv Reports
This adds support for sending LE BIG Info Adv Reports if LE Create BIG
has been called.
Signed-off-by: Manika Shrivastava <manika.sh@samsung.com>
Signed-off-by: Ayush Garg <ayush.garg@samsung.com>
Luiz Augusto von Dentz [Mon, 4 Apr 2022 23:20:33 +0000 (16:20 -0700)]
monitor: Add support for LE BIG Info Adverting Report
This adds support for LE BIG Info Advertising Report.
Signed-off-by: Manika Shrivastava <manika.sh@samsung.com>
Signed-off-by: Ayush Garg <ayush.garg@samsung.com>
Luiz Augusto von Dentz [Mon, 4 Apr 2022 20:15:18 +0000 (13:15 -0700)]
gap: Don't attempt to read the appearance if already set
Devices are unlikely to change appearance over time which is the reason
why we cache then on the storage so this skips reading it on every
reconnection.
Signed-off-by: Manika Shrivastava <manika.sh@samsung.com>
Signed-off-by: Ayush Garg <ayush.garg@samsung.com>
Ildar Kamaletdinov [Fri, 1 Apr 2022 12:16:47 +0000 (15:16 +0300)]
gatt: Fix double free and freed memory dereference
If device is no longer exists or not paired when notifications send it
is possible to get double free and dereference of already freed memory.
To avoid this we need to recheck the state of device after sending
notification.
Found by Linux Verification Center (linuxtesting.org) with the SVACE
static analysis tool.
Signed-off-by: Manika Shrivastava <manika.sh@samsung.com>
Signed-off-by: Ayush Garg <ayush.garg@samsung.com>
Ildar Kamaletdinov [Fri, 1 Apr 2022 12:16:46 +0000 (15:16 +0300)]
device: Limit width of fields in sscanf
In src/device.c few sscanf does not limit width of uuid field. This
could lead to static overflow and stack corruption.
Found by Linux Verification Center (linuxtesting.org) with the SVACE
static analysis tool.
Signed-off-by: Manika Shrivastava <manika.sh@samsung.com>
Signed-off-by: Ayush Garg <ayush.garg@samsung.com>
Ildar Kamaletdinov [Fri, 1 Apr 2022 12:16:45 +0000 (15:16 +0300)]
tools: Limit width of fields in sscanf
In tools/btmgmt.c and tools/hex2hcd.c few sscanf does not limit width
of fields. This could lead to static overflow and stack corruption.
Found by Linux Verification Center (linuxtesting.org) with the SVACE
static analysis tool.
Signed-off-by: Manika Shrivastava <manika.sh@samsung.com>
Signed-off-by: Ayush Garg <ayush.garg@samsung.com>
Ildar Kamaletdinov [Fri, 1 Apr 2022 12:16:44 +0000 (15:16 +0300)]
tools: Fix signed integer overflow in btsnoop.c
If malformed packet is proceed with zero 'size' field we will face with
wrong behaviour of write() call. Value 'toread - 1' gives wrong sign
for value 'written' (-1) in write() call. To prevent this we should
check that 'toread' is not equal to zero.
Found by Linux Verification Center (linuxtesting.org) with the SVACE
static analysis tool.
Signed-off-by: Manika Shrivastava <manika.sh@samsung.com>
Signed-off-by: Ayush Garg <ayush.garg@samsung.com>
Ildar Kamaletdinov [Fri, 1 Apr 2022 12:16:43 +0000 (15:16 +0300)]
tools: Fix buffer overflow in hciattach_tialt.c
Array 'c_brf_chip' of size 8 could be accessed by index > 7. We should
limit array access like in previous check at line 221.
Found by Linux Verification Center (linuxtesting.org) with the SVACE
static analysis tool.
Signed-off-by: Manika Shrivastava <manika.sh@samsung.com>
Signed-off-by: Ayush Garg <ayush.garg@samsung.com>
Ildar Kamaletdinov [Fri, 1 Apr 2022 12:16:42 +0000 (15:16 +0300)]
monitor: Fix out-of-bound read in print_le_states
Accessing le_states_desc_table array with value 15 can cause
out-of-bound read because current size of array is 14.
Currently this cannot lead to any problems becase we do no have such
state in le_states_comb_table but this could be changed in future and
raise described problem.
Found by Linux Verification Center (linuxtesting.org) with the SVACE
static analysis tool.
Signed-off-by: Manika Shrivastava <manika.sh@samsung.com>
Signed-off-by: Ayush Garg <ayush.garg@samsung.com>
Frédéric Danis [Wed, 30 Mar 2022 09:47:40 +0000 (11:47 +0200)]
tools: Fix g_dbus_setup_private connection check in mpris-proxy
Signed-off-by: Manika Shrivastava <manika.sh@samsung.com>
Signed-off-by: Ayush Garg <ayush.garg@samsung.com>
Luiz Augusto von Dentz [Fri, 1 Apr 2022 21:32:53 +0000 (14:32 -0700)]
shared/gatt-db: Fix gatt_db_attribute_get_index
gatt_db_attribute_get_index was calculating the index based on
attrib->handle - service->attributes[0]->handle which doesn't work when
there are gaps in between handles.
Fixes: https://github.com/bluez/bluez/issues/326
Signed-off-by: Manika Shrivastava <manika.sh@samsung.com>
Signed-off-by: Ayush Garg <ayush.garg@samsung.com>
Luiz Augusto von Dentz [Thu, 31 Mar 2022 22:25:10 +0000 (15:25 -0700)]
btdev: Check parameter for CIG related commands
This checks if the parameters given to Set CIG Parameters and Remove CIG
are in the valid range.
Signed-off-by: Manika Shrivastava <manika.sh@samsung.com>
Signed-off-by: Ayush Garg <ayush.garg@samsung.com>
Inga Stotland [Wed, 30 Mar 2022 21:17:47 +0000 (14:17 -0700)]
mesh: use explicit uint32_t when bit shifting left
This addresses a situation when a boolean type is represented by
an integer and performing a left shift on a boolean causes
an integer overflow.
This fixes the following runtime error:
"left shift of 1 by 31 places cannot be represented in type 'int'"
Signed-off-by: Manika Shrivastava <manika.sh@samsung.com>
Signed-off-by: Ayush Garg <ayush.garg@samsung.com>
Frédéric Danis [Wed, 30 Mar 2022 09:28:44 +0000 (11:28 +0200)]
a2dp: Fix crash when SEP codec has not been initialized
If SEP has not been properly discovered avdtp_get_codec may return NULL
thus causing crashes such as when running AVRCP/TG/VLH/BI-01-C after
AVRCP/TG/RCR/BV-04-C.
Prevent remote endpoint registration if its codec is not available.
Remove queue_isempty check from store_remote_seps since that prevents
cleaning up if no seps could be registered.
Signed-off-by: Manika Shrivastava <manika.sh@samsung.com>
Signed-off-by: Ayush Garg <ayush.garg@samsung.com>
Luiz Augusto von Dentz [Mon, 28 Mar 2022 21:18:07 +0000 (14:18 -0700)]
client: Add support for player submenu
This moves adds the functionality of bluetooth-player into
bluetoothctl.
Signed-off-by: Manika Shrivastava <manika.sh@samsung.com>
Signed-off-by: Ayush Garg <ayush.garg@samsung.com>
Luiz Augusto von Dentz [Mon, 28 Mar 2022 20:56:58 +0000 (13:56 -0700)]
shell: Make bt_shell_add_submenu set main menu if none has been set
If not main menu has been set when calling bt_shell_add_submenu then
turns it on it main menu.
Signed-off-by: Manika Shrivastava <manika.sh@samsung.com>
Signed-off-by: Ayush Garg <ayush.garg@samsung.com>
Luiz Augusto von Dentz [Fri, 25 Mar 2022 18:11:47 +0000 (11:11 -0700)]
mgmt: Remove mgmt_set_verbose
The likes of btmon already decode the commands/events so there is no
need to have the code hexdump their contents.
Signed-off-by: Manika Shrivastava <manika.sh@samsung.com>
Signed-off-by: Ayush Garg <ayush.garg@samsung.com>
Luiz Augusto von Dentz [Thu, 24 Mar 2022 22:14:34 +0000 (15:14 -0700)]
a2dp: Always invalidate the cache if its configuration fails
When a configuration had been restored from last_used cache but it
fails invalidate it so another sep can be used.
Fixes: https://github.com/bluez/bluez/issues/313
Signed-off-by: Manika Shrivastava <manika.sh@samsung.com>
Signed-off-by: Ayush Garg <ayush.garg@samsung.com>
Luiz Augusto von Dentz [Thu, 24 Mar 2022 21:32:11 +0000 (14:32 -0700)]
a2dp: Don't initialize a2dp_sep->destroy until properly registered
On a2dp_add_sep if the record cannot be properly registred
a2dp_unregister_sep would be called which would attempt to destroy the
user_data causing the following backtrace:
Invalid write of size 8
at 0x2F41EB: endpoint_init_a2dp_source (media.c:687)
by 0x2F41EB: media_endpoint_create (media.c:1030)
by 0x2F6713: register_endpoint (media.c:1155)
by 0x46983F: process_message (object.c:246)
by 0x4A574A8: dbus_connection_dispatch (in /usr/lib64/libdbus-1.so.3.19.14)
by 0x45F0BF: message_dispatch (mainloop.c:59)
by 0x495239A: ??? (in /usr/lib64/libglib-2.0.so.0.7000.4)
by 0x495605E: g_main_context_dispatch (in /usr/lib64/libglib-2.0.so.0.7000.4)
by 0x49AB2A7: ??? (in /usr/lib64/libglib-2.0.so.0.7000.4)
by 0x4955772: g_main_loop_run (in /usr/lib64/libglib-2.0.so.0.7000.4)
by 0x4CA924: mainloop_run (mainloop-glib.c:66)
by 0x4CAE1B: mainloop_run_with_signal (mainloop-notify.c:188)
by 0x2AE791: main (main.c:1258)
Address 0x6e47a30 is 0 bytes inside a block of size 112 free'd
at 0x48470E4: free (vg_replace_malloc.c:872)
by 0x4957CDC: g_free (in /usr/lib64/libglib-2.0.so.0.7000.4)
by 0x2C2D57: a2dp_unregister_sep (a2dp.c:2588)
by 0x2D124C: a2dp_add_sep (a2dp.c:2697)
by 0x2F41D5: endpoint_init_a2dp_source (media.c:687)
by 0x2F41D5: media_endpoint_create (media.c:1030)
by 0x2F6713: register_endpoint (media.c:1155)
by 0x46983F: process_message (object.c:246)
by 0x4A574A8: dbus_connection_dispatch (in /usr/lib64/libdbus-1.so.3.19.14)
by 0x45F0BF: message_dispatch (mainloop.c:59)
by 0x495239A: ??? (in /usr/lib64/libglib-2.0.so.0.7000.4)
by 0x495605E: g_main_context_dispatch (in /usr/lib64/libglib-2.0.so.0.7000.4)
by 0x49AB2A7: ??? (in /usr/lib64/libglib-2.0.so.0.7000.4)
Signed-off-by: Manika Shrivastava <manika.sh@samsung.com>
Signed-off-by: Ayush Garg <ayush.garg@samsung.com>
Luiz Augusto von Dentz [Thu, 24 Mar 2022 21:24:12 +0000 (14:24 -0700)]
adapter: Fix adding SDP records when operating on LE only mode
If mode is set to BT_MODE_LE SDP protocol won't be operational so it is
useless to attempt to add records.
Signed-off-by: Manika Shrivastava <manika.sh@samsung.com>
Signed-off-by: Ayush Garg <ayush.garg@samsung.com>
Inga Stotland [Fri, 25 Mar 2022 23:46:25 +0000 (16:46 -0700)]
mesh: Fix address overrun error in rx filter
This fixes the following error for invalid read access when registering
filter for incoming messages:
140632==ERROR: AddressSanitizer: stack-buffer-overflow on address...
#0 0x7f60c185741d in MemcmpInterceptorCommon(...
#1 0x7f60c1857af8 in __interceptor_memcmp (/lib64/libasan.so...
#2 0x55a10101536e in find_by_filter mesh/mesh-io-unit.c:494
#3 0x55a1010d8c46 in l_queue_remove_if ell/queue.c:517
#4 0x55a101014ebd in recv_register mesh/mesh-io-unit.c:506
#5 0x55a10102946f in mesh_net_attach mesh/net.c:2885
#6 0x55a101086f64 in send_reply mesh/dbus.c:153
#7 0x55a101124c3d in handle_method_return ell/dbus.c:216
#8 0x55a10112c8ef in message_read_handler ell/dbus.c:276
#9 0x55a1010dae20 in io_callback ell/io.c:120
#10 0x55a1010dff7e in l_main_iterate ell/main.c:478
#11 0x55a1010e06e3 in l_main_run ell/main.c:525
#12 0x55a1010e06e3 in l_main_run ell/main.c:507
#13 0x55a1010e0bfc in l_main_run_with_signal ell/main.c:647
#14 0x55a10100316e in main mesh/main.c:292
#15 0x7f60c0c6855f in __libc_start_call_main (/lib64/libc.so.6+...
#16 0x7f60c0c6860b in __libc_start_main_alias_1 (/lib64/libc.so.6+...
#17 0x55a101003ce4 in _start (/home/istotlan/bluez/mesh/bluetooth-m...
Signed-off-by: Manika Shrivastava <manika.sh@samsung.com>
Signed-off-by: Ayush Garg <ayush.garg@samsung.com>
Luiz Augusto von Dentz [Mon, 21 Mar 2022 20:04:33 +0000 (13:04 -0700)]
device: Don't use DBG in gatt_debug
gatt_debug callback is used to print debug strings from bt_att which
includes the file and function names so using DBG would add yet another
set of file and function prefixes which makes the logs confusing.
Signed-off-by: Manika Shrivastava <manika.sh@samsung.com>
Signed-off-by: Ayush Garg <ayush.garg@samsung.com>
Luiz Augusto von Dentz [Mon, 21 Mar 2022 20:36:52 +0000 (13:36 -0700)]
att: Rename att_debug and att_verbose to DBG and VERBOSE
att_debug and att_verbose are macros which are more common to be
used as uppercase, this also change them to use DBG like other parts of
the code.
Signed-off-by: Manika Shrivastava <manika.sh@samsung.com>
Signed-off-by: Ayush Garg <ayush.garg@samsung.com>
Luiz Augusto von Dentz [Mon, 21 Mar 2022 20:29:48 +0000 (13:29 -0700)]
gatt-server: Add DBG macro
This adds gatt_log wrapper for util_debug and DBG so file and function
names are printed with the logs.
Signed-off-by: Manika Shrivastava <manika.sh@samsung.com>
Signed-off-by: Ayush Garg <ayush.garg@samsung.com>
Luiz Augusto von Dentz [Mon, 21 Mar 2022 20:21:16 +0000 (13:21 -0700)]
gatt-client: Add DBG macro
This adds gatt_log wrapper for util_debug and DBG macro so file and
function names are printed which is more consistent with other parts of
the daemon code.
Change-Id: I802443ecd6bd249c174c1dcf0d1f8ed246425427
Signed-off-by: Manika Shrivastava <manika.sh@samsung.com>
Signed-off-by: Ayush Garg <ayush.garg@samsung.com>
Luiz Augusto von Dentz [Mon, 21 Mar 2022 20:01:37 +0000 (13:01 -0700)]
att: Log file and function names
This adds logging of file and function names.
Signed-off-by: Manika Shrivastava <manika.sh@samsung.com>
Signed-off-by: Ayush Garg <ayush.garg@samsung.com>
projects / platform / upstream / bluez.git / log