Samuel Ortiz [Fri, 12 Oct 2012 12:51:37 +0000 (14:51 +0200)]
handover: No need to explicitely close the server socket
gio will do that when the channel refcount drops to 0.
Samuel Ortiz [Fri, 12 Oct 2012 10:41:25 +0000 (12:41 +0200)]
handover: Unref client push channel after adding the watch
g_io_add_watch() bumps the channel refcount to 2, so it can be unreferenced
after that.
Also, since it is set to close on unref there is no need to explicitely
close it when removing the source.
Samuel Ortiz [Fri, 12 Oct 2012 08:20:11 +0000 (10:20 +0200)]
bluetooth: Do not use near_info for displaying successful pairing string
Samuel Ortiz [Fri, 12 Oct 2012 08:19:35 +0000 (10:19 +0200)]
ndef: Use DBG instead of near_info for Hs preparation succes path
Samuel Ortiz [Thu, 11 Oct 2012 21:52:07 +0000 (23:52 +0200)]
ndef: Parsing complete is not an error
Use DBG instead of near_error.
Samuel Ortiz [Wed, 10 Oct 2012 08:30:27 +0000 (10:30 +0200)]
Release 0.7
Dorota Moskal [Fri, 28 Sep 2012 09:07:30 +0000 (11:07 +0200)]
tag: Correct NDEF header for tag type 1 and 2
If NDEF size is larger than 0xfe, length field inside TLV block
should be 3 bytes long.
Dorota Moskal [Thu, 27 Sep 2012 11:22:23 +0000 (13:22 +0200)]
nfctype4: Call write callback when writing failed
In some cases when writing was broken, e.g. when there was
not enough space on tag, tag write callback wasn't called
and writing was left 'in progress'.
Dorota Moskal [Thu, 27 Sep 2012 11:22:22 +0000 (13:22 +0200)]
nfctype3: Call write callback when writing failed
In some cases when writing was broken before allocating
the cookie (e.g. when there was not enough space on tag)
tag write callback wasn't called and writing was left 'in progress'.
Dorota Moskal [Thu, 27 Sep 2012 11:22:21 +0000 (13:22 +0200)]
nfctype3: Call callback function while freeing cookie
When each operation is finished (no matter if succeeded or not),
callback has to be called before returning. In some places it was,
but in other - not. Moving calling callback to cookie release
makes sure it is always called and shortens the source code.
Dorota Moskal [Thu, 27 Sep 2012 11:22:20 +0000 (13:22 +0200)]
nfctype2: Call write callback when writing failed
In some cases when writing was broken before allocating
the cookie (e.g. when there was not enough space on tag)
tag write callback wasn't called and writing was left 'in progress'.
Dorota Moskal [Thu, 27 Sep 2012 11:22:19 +0000 (13:22 +0200)]
nfctype2: Call callback function while freeing cookie
When each operation is finished (no matter if succeeded or not),
callback has to be called before returning. In some places it was,
but in other - not. Moving calling callback to cookie release
makes sure it is always called and shortens the source code.
Dorota Moskal [Thu, 27 Sep 2012 11:22:18 +0000 (13:22 +0200)]
nfctype1: Call write callback when writing failed
In some cases when writing was broken before allocating
the cookie (e.g. when there was not enough space on tag)
tag write callback wasn't called and writing was left 'in progress'.
Dorota Moskal [Thu, 27 Sep 2012 11:22:17 +0000 (13:22 +0200)]
nfctype1: Call callback function while freeing cookie
When each operation is finished (no matter if succeeded or not),
callback has to be called before returning. In some places it was,
but in other - not. Moving calling callback to cookie release
makes sure it is always called and shortens the source code.
Dorota Moskal [Thu, 27 Sep 2012 11:22:24 +0000 (13:22 +0200)]
mifare: Correct memory leaks
There were some memory leaks:
* in some reading and writing callback functions,
in case sending command failed (e.g. after
failed authorisation), cookie wasn't released,
* after checking presence global cookie wasn't released,
* while processing MADs before writing, new data was
allocated (although there was no need for this) and so
the old one was lost.
Dorota Moskal [Thu, 27 Sep 2012 11:22:15 +0000 (13:22 +0200)]
mifare: Check access rights while writing
As access rights can vary for each sector, some sectors may be
writable but the next one can be read only. If so, new tag size
(valid only for writing) is calculated. Then check for enough space
on tag is done.
Dorota Moskal [Thu, 27 Sep 2012 11:22:14 +0000 (13:22 +0200)]
mifare: Add Readonly flag support
Readonly flag is set if first NFC sector isn't writable
with key A (as key B is not supported).
Dorota Moskal [Thu, 27 Sep 2012 11:22:13 +0000 (13:22 +0200)]
mifare: Correct processing MADs
NFC sectors have to be continuous, so only some sectors
at the beginning and at the end of tag can be non-NFC.
First non-NFC sector after NFC sectors should end
MAD processing and than resulting tag size and sector list
should be saved.
Dorota Moskal [Thu, 27 Sep 2012 11:22:12 +0000 (13:22 +0200)]
mifare: Fix possible NULL pointer dereference in reading loop
After reading first sector, reading loop should check if sector list
is NULL in case only one valid NFC sector is present.
Wiktor Lawski [Thu, 27 Sep 2012 08:31:28 +0000 (10:31 +0200)]
nfctypes: Reduce amount of goto statements
goto statements were removed for functions that on error only release cookies.
Wiktor Lawski [Thu, 27 Sep 2012 08:31:27 +0000 (10:31 +0200)]
nfctypes: Simplify returning error codes
After refactoring near_adapter_send and its calls it is possible now to
simplify returning error codes. Also removed a couple of local variables
from functions where it is safe to return error code directly.
Wiktor Lawski [Thu, 27 Sep 2012 08:31:26 +0000 (10:31 +0200)]
adapter: Refactor function near_adapter_send
Now this function will release allocated data using callback, so it will
be unnecessary to check its returned error code (if callback was passed).
Main reasons to prepare this change were improvement of code readability
and removing error prone code paths.
Thierry Escande [Mon, 8 Oct 2012 14:30:28 +0000 (16:30 +0200)]
tag: Fix a possible double free
On a successful write tag operation, tag->data is freed by write_cb, then it
gets re-allocated through __near_tag_read. At last tag->data is freed by
free_tag when the tag is removed from its hash table.
But if the write operation failed, tag->data is freed by write_cb but
__near_tag_read is not called (status != 0) and thus is not re-allocated.
The double free occurs when the tag is removed and free_tag is called.
This fix simply set tag->data to NULL in write_cb.
Dorota Moskal [Thu, 27 Sep 2012 08:31:22 +0000 (10:31 +0200)]
tag: Add near_tag_get_blank function
This is needed by the MIFARE plugin.
Dorota Moskal [Mon, 8 Oct 2012 14:13:24 +0000 (16:13 +0200)]
tag: Dereference writing after reading new data
tag->write_msg was dereference just after writing was finished.
Therefore, new writing command might start before reading new data
has been finished.
Preventing write to start before read is completed is especially
important for Mifare Classic as it prevents authorisation failure.
Dorota Moskal [Mon, 8 Oct 2012 19:52:11 +0000 (21:52 +0200)]
tag: Don't check presence while busy
When reading, writing or formating is in progress, no check presence
should be done.
Samuel Ortiz [Fri, 5 Oct 2012 10:37:02 +0000 (12:37 +0200)]
ndef: Set proper URI identifier when writing URI NDEF
When the URI doesn't have any know prefix (e.g. google.com, without the
http://) we should set the URI identifier to 0, not 0x24 (RFU).
Szymon Janc [Fri, 21 Sep 2012 14:48:32 +0000 (16:48 +0200)]
agent: Release handover agent on exit
If handover agent is registered release it on exit.
Szymon Janc [Fri, 21 Sep 2012 14:48:31 +0000 (16:48 +0200)]
agent: Check if adding disconnect watch succeed
Return error if call to g_dbus_add_disconnect_watch failed when
registering handover agent.
This could lead to situation when agent was registered without watch.
If agent exited without unregistering (e.g. due to crash) further
register attempts would be rejected by neard.
Szymon Janc [Fri, 21 Sep 2012 14:48:30 +0000 (16:48 +0200)]
handover: Try to send HS only if message preparation succeed
near_ndef_prepare_handover_record can return NULL in message
preparation failed e.g. due to failure in requesting data from handover
agent. This could result in crash due to NULL pointer dereference.
Szymon Janc [Fri, 21 Sep 2012 14:48:29 +0000 (16:48 +0200)]
handover: Correct FRAME_TYPE_OFFSET value
FRAME_TYPE_OFFSET is 3 bytes. This fix not sending HS due to invalid
string compare.
Wiktor Lawski [Wed, 19 Sep 2012 13:20:48 +0000 (15:20 +0200)]
plugins: Refactor functions for releasing cookies
Now all plugins will release their cookies in an analogous manner. This
approach will simplify and reduce the amount of code because those functions
will be called by refactored version of near_adapter_send.
Wiktor Lawski [Wed, 19 Sep 2012 13:20:47 +0000 (15:20 +0200)]
nfctypes: Improve consequence of goto labels
Now all goto labels in files plugins/nfctype[1-4].c are named 'out_err'
instead of 'out'.
Wiktor Lawski [Wed, 19 Sep 2012 13:20:46 +0000 (15:20 +0200)]
plugins: Standardize function signatures
Now nfctypes have more similar interface (both inside and outside).
Wiktor Lawski [Wed, 19 Sep 2012 13:20:45 +0000 (15:20 +0200)]
nfctype1: Refactor nfctype1_read
Created helper function nfctype1_read_meta to improve readability, avoid code
duplication and memory leaks in case of errors.
Wiktor Lawski [Wed, 19 Sep 2012 13:20:44 +0000 (15:20 +0200)]
nfctype1: Improve nfctype1_read readability
WHEN either uid is NULL or uid_length is not equal to UID_LENGTH AND uid is
not NULL, uid_length must to be NOT equal to UID_LENGTH, so additional
conditional in if statement is not necessary. It will be always true. It is
only harder to analyze function code.
Wiktor Lawski [Wed, 19 Sep 2012 13:20:43 +0000 (15:20 +0200)]
p2p: Fix not freed channel allocated in p2p_bind
Channel was not freed because of non-zero reference count. Function
g_io_add_watch increments reference count (to value of 2 in p2p_bind). Pointer
to channel is not saved by neard, so the only one reference count decrement is
done by g_source_remove in function free_server_data. It is safe to decrement
reference count right after adding a watch.
Issue was reported by valgrind:
378 (360 direct, 18 indirect) bytes in 3 blocks are definitely lost in loss record 118 of 143
at 0x4C2B6CD: malloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
by 0x4E7FA78: g_malloc (in /lib/x86_64-linux-gnu/libglib-2.0.so.0.3200.3)
by 0x4EB66F4: g_io_channel_unix_new (in /lib/x86_64-linux-gnu/libglib-2.0.so.0.3200.3)
by 0x412102: p2p_listen (p2p.c:260)
by 0x4E6A4DF: g_hash_table_foreach (in /lib/x86_64-linux-gnu/libglib-2.0.so.0.3200.3)
by 0x417C06: near_device_driver_register (device.c:468)
by 0x419771: __near_plugin_init (plugin.c:180)
by 0x407E2E: main (main.c:214)
Wiktor Lawski [Wed, 19 Sep 2012 13:20:42 +0000 (15:20 +0200)]
nfctype1: Fix possible memory leak in meta_recv
If read_dynamic_tag returned an error or neard does not support specified
response, memory allocated for t1_tag should also be freed.
Wiktor Lawski [Wed, 19 Sep 2012 13:20:41 +0000 (15:20 +0200)]
adapter: Fix error message for StopPollLoop
Now when adapter is not polling and StopPollLoop is called, correct error
message will be returned.
Samuel Ortiz [Fri, 21 Sep 2012 06:50:10 +0000 (08:50 +0200)]
AUTHORS: Mention Dorota's contributions
Olivier Guiter [Thu, 13 Sep 2012 14:46:44 +0000 (16:46 +0200)]
snep: Add handover select frame check
Samuel Ortiz [Wed, 19 Sep 2012 00:15:52 +0000 (02:15 +0200)]
test: Add a Bluetooth handover wrapper script
Samuel Ortiz [Mon, 17 Sep 2012 10:06:42 +0000 (12:06 +0200)]
adapter: Remove the linked device when DEP goes down
Samuel Ortiz [Mon, 17 Sep 2012 10:06:14 +0000 (12:06 +0200)]
device: Add a target index accessor
Dorota Moskal [Mon, 10 Sep 2012 08:06:30 +0000 (10:06 +0200)]
tag: Remove redundant __near_tag_get_idx function
__near_tag_get_idx function wasn't needed as the same action was
performed by near_tag_get_target_idx.
Dorota Moskal [Mon, 10 Sep 2012 08:06:27 +0000 (10:06 +0200)]
mifare: Correct comments format and DBG message
Dorota Moskal [Mon, 10 Sep 2012 08:06:26 +0000 (10:06 +0200)]
mifare: Add Mifare Classic writing functions
Added specific Mifare Classic tag writing funcions, following
Mifare Classic mandatory NDEF Write Procedure:
* Setting length field of NDEF message to 00h first,
* writing NDEF data,
* correcting length field to actual value after.
Dorota Moskal [Mon, 10 Sep 2012 08:06:25 +0000 (10:06 +0200)]
mifare: Rename mifare cookie fields
Change 'rs' to 'rws' in 4 cookie fields to note that they will also
be used for writing: rws_next_fct, rws_block_start, rws_block_end,
rws_completed.
Dorota Moskal [Mon, 10 Sep 2012 08:06:24 +0000 (10:06 +0200)]
mifare: Add mifare_check_presence and check_presence
When tag type 2 is Mifare Classic, specific mifare check presence is run.
Samuel Ortiz [Thu, 13 Sep 2012 13:57:29 +0000 (15:57 +0200)]
monitor-near: Add Devices to the Adapter properties
Samuel Ortiz [Thu, 13 Sep 2012 13:55:43 +0000 (15:55 +0200)]
bluetooth: Fix OOB alignement issue
Use the BlueZ alignement macro access for that matter. It could eventually
be exported through near.h if needed.
Samuel Ortiz [Thu, 13 Sep 2012 13:40:26 +0000 (15:40 +0200)]
snep: Add some further comments on the SNEP_REQ_GET support code
Samuel Ortiz [Thu, 13 Sep 2012 13:29:26 +0000 (15:29 +0200)]
adapter: Send the Devices property changed earlier
As opposed to a tag, a device should be accessible before the first read
(That could potentially never happen) so the Adapter Devices property change
should be sent when the DEP link is up.
Olivier Guiter [Tue, 11 Sep 2012 13:44:22 +0000 (15:44 +0200)]
snep: SNEP GET client for Android 4.1 handover support
Prepare a SNEP GET frame to request bluetooth handover select frame from
Android 4.1 devices.
Olivier Guiter [Tue, 11 Sep 2012 13:44:21 +0000 (15:44 +0200)]
snep: SNEP GET request for Android 4.1 handover
Handle incoming SNEP GET request from an Android 4.1 device. This code
includes a hack to fix malformed Android NDEF frame ('Hr' is used instead
of 'cr').
Also handling SNEP GET from the server goes against the SNEP specifications
recomendations but is mandatory to support all Jelly Bean NFC devices.
Olivier Guiter [Tue, 11 Sep 2012 13:44:20 +0000 (15:44 +0200)]
handover: Add fallback code for p2p services
This code would allow non-strict implementations of p2p (e.g. Android 4
uses SNEP for handover, so first we try to connect to the Handover service,
and, if it fails, fallback to SNEP service) services.
Olivier Guiter [Tue, 11 Sep 2012 13:44:19 +0000 (15:44 +0200)]
bluetooth: Support malformed oob record
Some oob structure are malformed (e.g.: Android 4.1) with the oob
length stored as big endian (requirements are little endian). As
the length size is ALWAYS one byte (because of payload length size)
the length is always below 0x100.
Wiktor Lawski [Mon, 10 Sep 2012 07:41:25 +0000 (09:41 +0200)]
p2p: Fix returned error code in p2p_listen
In the previous version that function always returned 0 because of logical
error. Now when all bindings fail it will return -1.
Wiktor Lawski [Mon, 10 Sep 2012 07:43:25 +0000 (09:43 +0200)]
nfctype2: Fix possible memory leak in meta_recv
Tag was not freed when data_read failed.
Olivier Guiter [Thu, 6 Sep 2012 08:45:35 +0000 (10:45 +0200)]
bluetooth: Fix default adapter check
Check for def_adapter instead of bt_name.
Samuel Ortiz [Fri, 7 Sep 2012 15:17:41 +0000 (17:17 +0200)]
AUTHORS: Mention Wiktor's contributions
Wiktor Lawski [Mon, 3 Sep 2012 09:57:29 +0000 (11:57 +0200)]
adapter: Fix SetProperty error message
Now when adapter is disabled and an attempt is made to disable it, correct
error message will be returned.
Wiktor Lawski [Mon, 3 Sep 2012 09:57:26 +0000 (11:57 +0200)]
nfctype1: Improve returned errors consistency
Match returned error and message with Tag Type 2.
Wiktor Lawski [Mon, 3 Sep 2012 09:57:25 +0000 (11:57 +0200)]
plugins: Delete unnecessary initializes
Those variables are always written before read so there is no need to
initialize them.
Wiktor Lawski [Mon, 3 Sep 2012 09:57:24 +0000 (11:57 +0200)]
plugins: Fix error messages
Make errors from plugins follow the same message convention.
Wiktor Lawski [Mon, 3 Sep 2012 09:57:23 +0000 (11:57 +0200)]
plugins: Improve code & comments formatting
Wiktor Lawski [Mon, 3 Sep 2012 09:57:22 +0000 (11:57 +0200)]
plugins: Fix some whitespace issues
Wiktor Lawski [Mon, 3 Sep 2012 09:57:21 +0000 (11:57 +0200)]
gitignore: Add temporary files & TAGS to ignore list
These files are often created during development.
Jaganath Kanakkassery [Thu, 16 Aug 2012 12:51:19 +0000 (18:21 +0530)]
gdbus: Fix compilation error if macro "error" is defined
The variable "signature" used in error is not defined and "args" is now
a struct instead of a string.
Samuel Ortiz [Thu, 23 Aug 2012 22:05:08 +0000 (00:05 +0200)]
Release 0.6
Samuel Ortiz [Thu, 23 Aug 2012 19:11:30 +0000 (21:11 +0200)]
nfctype4: Remove the math.h inclusion
No need for it now that pow() is gone...
Samuel Ortiz [Thu, 23 Aug 2012 19:05:54 +0000 (21:05 +0200)]
nfctype4: Remove the MIFARE_DESFIRE_EV1_SIZE macro
pow() converts its arguments into float, and this macro was basically
doing (1 << (x / 2)). Since it's only used once, let's remove it.
Olivier Guiter [Thu, 23 Aug 2012 14:25:21 +0000 (16:25 +0200)]
ndef: Fix parse_mime_type() parameter name
Ravi kumar Veeramally [Mon, 20 Aug 2012 15:16:27 +0000 (18:16 +0300)]
nfctype3: Support blank tag formatting
When using a new tag for the first time, sytem code and attribute
block might not be existed (un-formatted tag) this was causing the
tag to be dropped. Currently it supports only Felica Lite series.
This patch add handling for such tags:
1) When a tag with out system code(12FC) is found and reported
it as blank tag, updating sytem code depends upon the tag
series (now supporting only Felica Lite series).
2) Write attribute block information like NDEF version, max blocks
for NDEF content, zero NDEF length and read write permissions.
3) Call back the format_resp with status (in case of success, tag is
ready to write and read).
Ravi kumar Veeramally [Mon, 20 Aug 2012 15:16:26 +0000 (18:16 +0300)]
nfctype3: Detect blank tags while reading
If tag is empty means no NDEF content in tag does not support
system code 0x12FC(in polling). In case of blank tags polling
request response is an error. Finding out tag is blank or not
couple of more steps added before tag reading. Currently it
supports only Felica Lite.
1) Poll Type-3 tag with 0xFFFF system code.
2) In response to poll command, tag ID and manufacturer parameter
will be received. And Manufacturer information contains IC Type
which is used to identify the tag is Felica Lite, LiteS or other.
3) Depends upon the tag, read block number 0x88(MC Block) which
contains memory configuration.
4) MC contains system code(byte3) related information. If tag is
blank then it is '0x00', if tag supports NDEF( that means it
supports system code 0x12FC) then it is '0x01'.
5) If byte3 is 0x00 then it as 'Blank tag', if it contains 0x01
then detect ndef(poll with 12FC), read and write.
6) In case tag is not Felica Lite series then detect ndef
(poll with 12FC), read and write.
Ravi kumar Veeramally [Tue, 21 Aug 2012 08:09:44 +0000 (11:09 +0300)]
tag: Caching type3 tag IC type information
The type3 tag IC type information will be used for tag formatting.
Samuel Ortiz [Thu, 23 Aug 2012 10:47:49 +0000 (12:47 +0200)]
test: Add simple-agent script
Mostly to check that neard sends the right data to the right NDEF agent.
Samuel Ortiz [Thu, 23 Aug 2012 10:47:02 +0000 (12:47 +0200)]
org.neard.conf: Add the NDEF Agent interface sending permissions
Samuel Ortiz [Thu, 23 Aug 2012 10:45:41 +0000 (12:45 +0200)]
agent: Parse tags and devices records
If a record type matches an agent registered type, GetNDEF will be called.
Samuel Ortiz [Thu, 23 Aug 2012 10:41:19 +0000 (12:41 +0200)]
agent: Send Release method when freeing an NDEF agent
Samuel Ortiz [Wed, 22 Aug 2012 14:49:08 +0000 (16:49 +0200)]
ndef: Export the record type field to the neard core
Samuel Ortiz [Wed, 22 Aug 2012 10:54:15 +0000 (12:54 +0200)]
doc: Rename handover-agent-api to agent-api
This document now also includes the NDEF agent API description.
Samuel Ortiz [Tue, 21 Aug 2012 18:08:52 +0000 (20:08 +0200)]
ndef: Build a record type string for each NDEF record
This record type string will be matched against the registered type
NDEF agents are monitoring.
Szymon Janc [Fri, 17 Aug 2012 14:46:51 +0000 (16:46 +0200)]
TODO: Change Handover Agent API owner
Szymon Janc [Fri, 17 Aug 2012 14:46:50 +0000 (16:46 +0200)]
doc: Update handover agent api
Handover agent will now receive and provide raw binary blob with EIR.
Thanks to this neard will not have to have any Bluetooth specific
code related to handover.
Ravi kumar Veeramally [Fri, 17 Aug 2012 11:16:58 +0000 (14:16 +0300)]
nfctype3: Support blank tag detection in check presence
System code 0x12FC is used to find NDEF in Type-3 tags. In case
of blank tags, tag does not support system code 12FC. So polling
with 0xFFFF system code returns ID if tag is in range.
Szymon Janc [Thu, 16 Aug 2012 08:31:45 +0000 (10:31 +0200)]
netlink: Fix return value when NLA_PUT_* macros are used
NLA_PUT_* macros contain hidden goto and in case of error don't set
error value. This results in returning non-error (zero) or garbage
value when error occurs.
To avoid confusion explicite assign err value before calling NLA_PUT_*
macros.
Ravi kumar Veeramally [Thu, 16 Aug 2012 14:31:53 +0000 (16:31 +0200)]
nfctype4: Add support for blank tag handling
When using a new tag for the first time, the CC fie and ndef file might
not be created (un-formatted tag) this was causing the tag to be dropped.
This patch add handling for such tags:
* When a tag with out CC file is found, it is marked as blank tag
and is not dropped.
* Add a new nfctype4_format() function used for creating iso file
(D2760000850101h), CC (E103h) file and empty NDEF (E104h) file
in blank t4 (mifare desfire ev1 2K, 4K and 8K) tags with desfire
commands. And select iso file, cc file and ndef file with
iso 7816-4 commands to make sure ndef file is ready to write.
Ravi kumar Veeramally [Tue, 14 Aug 2012 15:46:41 +0000 (18:46 +0300)]
nfctype4: Report empty tags as blank tags
Tag without NDEF data does not mean that tag is malformed.
Treating them as blank tags.
Samuel Ortiz [Tue, 14 Aug 2012 15:59:57 +0000 (17:59 +0200)]
AUTHORS: Mention Szymon's contributions
Szymon Janc [Thu, 9 Aug 2012 13:42:52 +0000 (15:42 +0200)]
ndef: Fix returned error code in near_ndef_count_records
In case of error positive value was returned due to err being of
unsigned type uint8_t.
Szymon Janc [Wed, 8 Aug 2012 07:42:06 +0000 (09:42 +0200)]
p2p: Fix not freeing server_data in free_server_data
Free server_data when clearing servers list. This fix following issue
reported by valgrind:
84 bytes in 3 blocks are definitely lost in loss record 167 of 210
at 0x402BE68: malloc (in /usr/lib/valgrind/vgpreload_memcheck-x86-linux.so)
by 0x4095C5A: ??? (in /lib/i386-linux-gnu/libglib-2.0.so.0.3306.0)
by 0x40961DC: g_try_malloc0 (in /lib/i386-linux-gnu/libglib-2.0.so.0.3306.0)
by 0x8056853: p2p_listen (p2p.c:247)
by 0x407FA21: g_hash_table_foreach (in /lib/i386-linux-gnu/libglib-2.0.so.0.3306.0)
by 0x805BA2F: __near_adapter_listen (adapter.c:1048)
by 0x805C64D: near_device_driver_register (device.c:461)
by 0x80567E2: p2p_init (p2p.c:374)
by 0x805E317: __near_plugin_init (plugin.c:180)
by 0x804E0E1: main (main.c:214)
Szymon Janc [Tue, 7 Aug 2012 12:22:36 +0000 (14:22 +0200)]
bluetooth: Fix EIR parsing
Fix parsing of EIR data to avoid reading data from wrong offset.
This also fix invalid memory access reported by valgrind which could
potentially result in daemon crash.
neard[30296]: src/bluetooth.c:bt_parse_eir()
neard[30296]: Unknown EIR: x03 (len: 4)
neard[30296]: Unknown EIR: x00 (len: 253)
==30296== Invalid read of size 1
==30296== at 0x8064DF8: __near_bluetooth_parse_oob_record (bluetooth.c:531)
==30296== by 0x8060DF3: parse_mime_type.isra.3 (ndef.c:1299)
==30296== by 0x8062043: near_ndef_parse (ndef.c:2124)
==30296== by 0x8063BB7: near_tlv_parse (tlv.c:95)
==30296== by 0x8053252: data_recv (nfctype2.c:148)
==30296== by 0x8059D03: execute_recv_cb (adapter.c:846)
==30296== by 0x408D1BF: ??? (in /lib/i386-linux-gnu/libglib-2.0.so.0.3306.0)
==30296== by 0x408FEF2: g_main_context_dispatch (in /lib/i386-linux-gnu/libglib-2.0.so.0.3306.0)
==30296== by 0x409028F: ??? (in /lib/i386-linux-gnu/libglib-2.0.so.0.3306.0)
==30296== by 0x40906EA: g_main_loop_run (in /lib/i386-linux-gnu/libglib-2.0.so.0.3306.0)
==30296== by 0x41E44D2: (below main) (libc-start.c:226)
==30296== Address 0x4556405 is 13 bytes inside a block of size 22 free'd
==30296== at 0x402B06C: free (in /usr/lib/valgrind/vgpreload_memcheck-x86-linux.so)
==30296== by 0x4095FCA: ??? (in /lib/i386-linux-gnu/libglib-2.0.so.0.3306.0)
==30296== by 0x409613F: g_free (in /lib/i386-linux-gnu/libglib-2.0.so.0.3306.0)
==30296== by 0x805CCAF: near_tag_get_tag (tag.c:94)
==30296== by 0x8052F36: meta_recv (nfctype2.c:221)
==30296== by 0x8059D03: execute_recv_cb (adapter.c:846)
==30296== by 0x408D1BF: ??? (in /lib/i386-linux-gnu/libglib-2.0.so.0.3306.0)
==30296== by 0x408FEF2: g_main_context_dispatch (in /lib/i386-linux-gnu/libglib-2.0.so.0.3306.0)
==30296== by 0x409028F: ??? (in /lib/i386-linux-gnu/libglib-2.0.so.0.3306.0)
==30296== by 0x40906EA: g_main_loop_run (in /lib/i386-linux-gnu/libglib-2.0.so.0.3306.0)
==30296== by 0x41E44D2: (below main) (libc-start.c:226)
Szymon Janc [Tue, 7 Aug 2012 12:22:35 +0000 (14:22 +0200)]
snep: Remove unreachable code in snep_read
Szymon Janc [Tue, 7 Aug 2012 12:22:34 +0000 (14:22 +0200)]
snep: Fix possible memory leak in snep_read
Free previously allocated snep_data if nfc_data allocation failed
before returning error.
Szymon Janc [Tue, 7 Aug 2012 12:22:33 +0000 (14:22 +0200)]
nfctype3: Always free cookie in case of error
Free cookie allocated in nfctype3_recv_UID in case of error
irrespectively of callback being present.
Szymon Janc [Tue, 7 Aug 2012 12:22:32 +0000 (14:22 +0200)]
nfctype3: Fix possible memory leak in nfctype3_read
If call to near_adapter_send() failed cookie should be freed before
returning.
Szymon Janc [Tue, 7 Aug 2012 12:22:31 +0000 (14:22 +0200)]
nfctype3: Fix possible NULL pointer dereference in nfctype3_read
Check if memory allocation succeed before dereferencing pointer.
Szymon Janc [Tue, 7 Aug 2012 12:22:30 +0000 (14:22 +0200)]
nfctype3: Fix possible NULL pointer dereference in nfctype3_recv_UID
Check if memory allocation succeed before dereferencing pointer and
free any allocated memory before returning. This also fix memory leak
if call to near_adapter_send failed.
Szymon Janc [Tue, 7 Aug 2012 12:22:29 +0000 (14:22 +0200)]
nfctype2: Fix possible NULL pointer dereference in nfctype2_format
Check if memory allocation succeed before dereferencing pointers and
free any allocated memory before returning. This also fix memory leaks
if call to near_adapter_send failed.