korg/bluez
0
0
Fork 0
mirror of https://git.kernel.org/pub/scm/bluetooth/bluez.git synced 2024-11-15 08:14:28 +08:00
Code Issues Packages Projects Releases Wiki Activity

plugins/admin: Fix heap-use-after-free when using 2 controllers

Browse Source 
This commit fixes the heap-use-after-free error when connecting 2
controllers. When a controller is connected
admin_policy_adapter_probe is called. If policy_data was already
allocated it gets freed, if not, it only gets allocated. Eventually
add_interface is called. Here policy_data is put in the "data" variable
(specific for each controller) and the process_changes task is called
with idle priority. This function ultimately accesses policy_data from
the "data" variable.

When Bluez crashes the flow is:
1)first controller is attached
2)admin_policy_adapter_probe is called and policy_data is allocated
4)second controller is attached
5)admin_policy_adapter_probe is called and policy_data is freed, then
allocated again
6)process_changes runs and the policy_data for the first controller is
read, but it was already freed, thus the crash
This commit is contained in:
Vlad Pruteanu 2023-07-04 08:56:43 +03:00 committed by Luiz Augusto von Dentz
parent f9557931ad
commit b741460688
1 changed files with 0 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
plugins/admin.c
View File

@ -502,7 +502,6 @@ static int admin_policy_adapter_probe(struct btd_adapter *adapter)
if (policy_data) {
btd_warn(policy_data->adapter_id,
"Policy data already exists");
admin_policy_free(policy_data);
policy_data = NULL;
}