korg/bluez
0
0
Fork 0
mirror of https://git.kernel.org/pub/scm/bluetooth/bluez.git synced 2024-12-14 06:25:08 +08:00
Code Issues Packages Projects Releases Wiki Activity

advertising: Fix crash when if client invalidate property

Browse Source 
If a property is invalidated the iter is set to NULL which should be
checked and properly reset.
This commit is contained in:
Luiz Augusto von Dentz 2018-01-19 11:37:07 -02:00
parent 32bcd5a34f
commit 5b890a1962
1 changed files with 54 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

54
src/advertising.c
View File

@ -202,6 +202,9 @@ static bool parse_type(DBusMessageIter *iter, struct btd_adv_client *client)
{
const char *msg_type;
if (!iter)
return true;
if (dbus_message_iter_get_arg_type(iter) != DBUS_TYPE_STRING)
return false;
@ -225,6 +228,11 @@ static bool parse_service_uuids(DBusMessageIter *iter,
{
DBusMessageIter ariter;
if (!iter) {
bt_ad_clear_service_uuid(client->data);
return true;
}
if (dbus_message_iter_get_arg_type(iter) != DBUS_TYPE_ARRAY)
return false;
@ -261,6 +269,11 @@ static bool parse_solicit_uuids(DBusMessageIter *iter,
{
DBusMessageIter ariter;
if (!iter) {
bt_ad_clear_solicit_uuid(client->data);
return true;
}
if (dbus_message_iter_get_arg_type(iter) != DBUS_TYPE_ARRAY)
return false;
@ -297,6 +310,11 @@ static bool parse_manufacturer_data(DBusMessageIter *iter,
{
DBusMessageIter entries;
if (!iter) {
bt_ad_clear_manufacturer_data(client->data);
return true;
}
if (dbus_message_iter_get_arg_type(iter) != DBUS_TYPE_ARRAY)
return false;
@ -352,6 +370,11 @@ static bool parse_service_data(DBusMessageIter *iter,
{
DBusMessageIter entries;
if (!iter) {
bt_ad_clear_service_data(client->data);
return true;
}
if (dbus_message_iter_get_arg_type(iter) != DBUS_TYPE_ARRAY)
return false;
@ -421,11 +444,19 @@ static bool parse_includes(DBusMessageIter *iter,
{
DBusMessageIter entries;
if (!iter) {
client->flags = 0;
return true;
}
if (dbus_message_iter_get_arg_type(iter) != DBUS_TYPE_ARRAY)
return false;
dbus_message_iter_recurse(iter, &entries);
/* Reset flags before parsing */
client->flags = 0;
while (dbus_message_iter_get_arg_type(&entries) == DBUS_TYPE_STRING) {
const char *str;
struct adv_include *inc;
@ -455,6 +486,12 @@ static bool parse_local_name(DBusMessageIter *iter,
{
const char *name;
if (!iter) {
free(client->name);
client->name = NULL;
return true;
}
if (dbus_message_iter_get_arg_type(iter) != DBUS_TYPE_STRING)
return false;
@ -474,6 +511,11 @@ static bool parse_local_name(DBusMessageIter *iter,
static bool parse_appearance(DBusMessageIter *iter,
struct btd_adv_client *client)
{
if (!iter) {
client->appearance = 0;
return true;
}
if (dbus_message_iter_get_arg_type(iter) != DBUS_TYPE_UINT16)
return false;
@ -490,6 +532,11 @@ static bool parse_appearance(DBusMessageIter *iter,
static bool parse_duration(DBusMessageIter *iter,
struct btd_adv_client *client)
{
if (!iter) {
client->duration = 0;
return true;
}
if (dbus_message_iter_get_arg_type(iter) != DBUS_TYPE_UINT16)
return false;
@ -515,6 +562,13 @@ static gboolean client_timeout(void *user_data)
static bool parse_timeout(DBusMessageIter *iter,
struct btd_adv_client *client)
{
if (!iter) {
client->timeout = 0;
g_source_remove(client->to_id);
client->to_id = 0;
return true;
}
if (dbus_message_iter_get_arg_type(iter) != DBUS_TYPE_UINT16)
return false;