Include sys/types.h to avoid the following build failure on musl raised
since commit fb57ad9b9d:
In file included from src/shared/queue.c:15:
./src/shared/util.h:106:1: error: unknown type name 'ssize_t';
did you mean 'size_t'?
106 | ssize_t util_getrandom(void *buf, size_t buflen, unsigned int flags);
| ^~~~~~~
| size_t
Fixes:
- http://autobuild.buildroot.org/results/83eaeb3863040645409f5787fdbdde79385c5257
In a connection without outgoing traffic, conn->tx_num will remain 0.
In this case, conn->tx_pkt_med should be simply 0 without calculating
"conn->tx_bytes / conn->tx_num".
This was likely to happen, for example, when "btmon -w btsnoop.log"
was launched in the middle of a LE mouse connection, and a number of
incoming ACL Data RX were received as the mouse movements. When
running "btmon -a btsnoop.log", it would encounter this error.
Reviewed-by: Alain Michaud <alainm@chromium.org>
Reviewed-by: Yun-Hao Chung <howardchung@chromium.org>
Reviewed-by: Shuo-Peng Liao <deanliao@chromium.org>
This sometimes causes the Track to be schedule while some metadata are
still pending, also don't remove the Duration from track when updating
its metadata since Duration is typically updated by player status rather
than metadata.
Fixes: https://github.com/bluez/bluez/issues/291
This patch sets the pointer to null after free since the g_free(p)
doesn't set the pointer to NULL.
This is reported by the Coverity.
Fixes: 7e7d826aa1 ("gobex: Print error if data cannot be written")
This patch fixes the following runtime error:
$ sudo ./monitor/btmon -w test.btsnoop
Bluetooth monitor ver 5.63
src/shared/btsnoop.c:339:18: runtime error: left shift of 65535 by 16 places cannot be represented in type 'int'
This replace the use of g_key_file_get_integer, which is limited to
only decimal values, to g_key_file_get_string and then use strtol to
convert the string value to integer.
Fixes: https://github.com/bluez/bluez/issues/293
The bdaddr of an adapter is used for its unique storage path so having
multiple adapters with the same address would likely cause problems
with its storage as they would be shared.
Enable battery provider dbus interface BatteryProviderManager1 for
non-LE controllers, so external clients like pipewire can provide
battery information for bluetooth headsets on non-LE controllers.
Reviewed-by: Sonny Sasaka <sonnysasaka@chromium.org>
This adds a third argument to connect command so a channel can be passed
to CreateSession which is useful since it possible to force a specific
RFCOMM channel.
When the GError variable is freeed with g_error_free(), it is not set to
NULL and reusing the same variable again can cause the seg_fault because
it is still pointing the old memory address which is freed.
This patch relaces the g_error_free() to g_clear_error() which frees the
variable and set it to NULL if the variable is used in the function
again.
Fixes: 4ad622d592 ("profiles/a2dp: Fix unchecked return value")
When the GError variable is freeed with g_error_free(), it is not set to
NULL and reusing the same variable again can cause the seg_fault because
it is still pointing the old memory address which is freed.
This patch relaces the g_error_free() to g_clear_error() which frees the
variable and set it to NULL if the variable is used in the function
again.
Fixes: 6a154cd080 ("device: Fix unchecked return value")
When the GError variable is freeed with g_error_free(), it is not set to
NULL and reusing the same variable again can cause the seg_fault because
it is still pointing the old memory address which is freed.
This patch relaces the g_error_free() to g_clear_error() which frees the
variable and set it to NULL if the variable is used in the function
again.
Fixes: 2287c517ca ("adapter: Fix unchecked return value")
Fixes: https://github.com/bluez/bluez/issues/276
Calling btd_adapter_remove_device from device_remove_connection can
cause a crash, so instead of removing it immediatelly this set a the
temporary timeout to 0.
Fixes: https://github.com/bluez/bluez/issues/290
This patch fixes the out-of-bounds array access caught by the ASAN.
monitor/sdp.c:497:19: runtime error: index 8 out of bounds for type
'cont_data [8]'
=================================================================
==4180==ERROR: AddressSanitizer: global-buffer-overflow on address
0x7fe2d271a542 at pc 0x7fe2d174a57d bp 0x7ffc6dcac1d0 sp 0x7ffc6dcab978
WRITE of size 9 at 0x7fe2d271a542 thread T0
#0 0x7fe2d174a57c (/lib/x86_64-linux-gnu/libasan.so.5+0x9b57c)
#1 0x7fe2d23bae85 in search_attr_rsp monitor/sdp.c:692
#2 0x7fe2d23be3f1 in sdp_packet monitor/sdp.c:771
#3 0x7fe2d23b004c in l2cap_frame monitor/l2cap.c:3247
#4 0x7fe2d23b3d9c in l2cap_packet monitor/l2cap.c:3312
#5 0x7fe2d237d5c3 in packet_hci_acldata monitor/packet.c:11638
#6 0x7fe2d2381876 in packet_monitor monitor/packet.c:3967
#7 0x7fe2d230b285 in data_callback monitor/control.c:973
#8 0x7fe2d2447029 in mainloop_run src/shared/mainloop.c:106
#9 0x7fe2d2449306 in mainloop_run_with_signal src/shared/mainloop-notify.c:188
#10 0x7fe2d230324a in main monitor/main.c:290
#11 0x7fe2d0b440b2 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x270b2)
#12 0x7fe2d2303b7d in _start (/home/han1/work/dev/bluez/monitor/btmon+0x1dbb7d)
0x7fe2d271a542 is located 30 bytes to the left of global variable 'tid_list'
defined in 'monitor/sdp.c:43:24' (0x7fe2d271a560) of size 384
0x7fe2d271a542 is located 2 bytes to the right of global variable 'cont_list'
defined in 'monitor/sdp.c:424:25' (0x7fe2d271a400) of size 320
SUMMARY: AddressSanitizer: global-buffer-overflow
(/lib/x86_64-linux-gnu/libasan.so.5+0x9b57c)
...
==4180==ABORTING
If advertising manager is not enabled don't log any error on
btd_adapter_update_found_device, also change
btd_adv_monitor_offload_supported to btd_adv_monitor_offload_enabled
since that is checking if the features has been enabled rather than it
is just supported.
Fixes: https://github.com/bluez/bluez/issues/286
- key_aid refers to application key AID
- net_key_id refers to unique, internal id of the network key, used in
net-keys.h
Also, remove unused mesh_frnd_pkt struct.
As pointed out by https://github.com/bluez/bluez/issues/250, the last
segment of a multi-segmented message added to Friend Queue was getting
reset to the seqAuth value incorrectly. The correct sequence was set
within the preceding for loop.
This fixes erros such as:
monitor/packet.c:8129:2: runtime error: load of misaligned address
0x55956a438f2d for type 'const uint16_t', which requires 2 byte
alignment
PrivateTmp makes bluetoothd's /tmp and /var/tmp be inside a different
namespace. This is useful to secure access to temporary files of the
process.
NoNewPrivileges ensures that service process and all its children
can never gain new privileges through execve(), lowering the risk of
possible privilege escalations.
This removes the custom MGMT send/reply timeout since bt_mgmt itself
can handle them itself and it actually start the timer only when the
command is actually sent to the kernel rather then when it is queued.
Fixes: https://github.com/bluez/bluez/issues/275
This adds request timeout handling when using mgmt_send_timeout and
mgmt_reply_timeout, the timeout is applied to the request only when it
is actually transmitted and not while queued.
