By sending OPP Put request before CONNECT we were able to cause
SIGSEGV in obexd. Crash was caused by null pointer dereference.
Crash was found using Synopsys Defensics Obex Server test suite.
This was fixed by calling os->service->connect if CONNECT was not
done before.
In messages-dummy it is not necessary to add parent folder in the
response to folder-lisintg. when tested with some carkit the present
method is not working when navigating to different folders. so removing
it.
Remote device is not able to fetch call logs from different folder.
It always returns the call logs requested in first request.
Considering a situation to fetch from och and then from cch,
there are two ways to request x-bt/vcard-listing:
Case I:
1. SetPhoneBook to /telecom/och (absolute path)
2. PullvCardListing with name header '' (empty)
Remote devices using this method always calls SetPhoneBook with absolute path
to set the path and we clear the cache when new path is set.
Case II:
1. SetPhoneBook to /telecom (relative path)
2. PullvCardListing with name header 'och'
Remote devices using this method calls SetPhoneBook with '/telecom' only once
and cache is not cleared when second PullvCardListing is made with name header.
This results in cached incorrect list sent to remote device.
Clear cache if name header is present would prevent sending of
cache list as it is not present. Instead it would request to
create new cache based on new name header.
When sending the ExchangeBusinessCards() command, the command returns
a failure. It isn't clear what that failure is. Upon looking through
the code, it is obvious the function is not implemented.
This patch just adds an extra detail message 'Not Implemented' to make
the failure a little more clear about what the problem is.
There are two functions in phonebook-dummy that were returning
'int's instead of 'struct dummy_data'
phonebook_create_cache
phonebook_get_entry
As a result, when an obex-client sends the GetSize command, the obexd
on the server segfaults.
Fix this by storing the id and returning the dummy_data struct.
The GetSize test now passes correctly.
When the remote device sends the 'CreateFolder' command, obexd
first tries to verify the path in ftp_setpath(). Because we are
creating a new directory, the verify_path() is expected to fail (it does
not exist yet; ENOENT).
Trap that special case and cause the function to fail directly to the
create directory path.
If session owner disconnect from the bus while g_obex_connect is pending
it may lead to a crash since it is never canceled connected_cb may still
be called after callback_data is freed.
When client queries for the size of a phonebook we fall into a
indefinite loop as g_obex_apparam_encode always returns the same
number of items added to the buffer regardless how often it is
called. In former times where this code wasn't using GObexApparams
a array was reduced each time the headers where added and so we could
easily find out when we've added all headers. However today we need
to solve this a bit differently by also setting the firstpacket flag
when we receive the phonebook size result from the phonebook
implementation which then lets us correctly go through without
falling into a indefinite loop.
If the owner disconnects the session should be destroyed even if the
connection is pending:
obexd/client/session.c:owner_disconnected()
obexd/client/session.c:obc_session_shutdown() 0x822abb8
obexd/client/session.c:obc_session_ref() 0x822abb8: ref=3
obexd/client/session.c:obc_session_unref() 0x822abb8: ref=2
obexd/client/bluetooth.c:transport_connect() port 19
obexd/client/bluetooth.c:transport_callback()
obexd/client/session.c:transport_func()
obexd/client/bluetooth.c:bluetooth_getpacketopt()
obexd/client/pbap.c:pbap_probe() /org/bluez/obex/client/session1
obexd/client/session.c:obc_session_ref() 0x822abb8: ref=3
obexd/client/session.c:obc_session_register() Session(0x822abb8) registered /org/bluez/obex/client/session1
obexd/client/session.c:obc_session_unref() 0x822abb8: ref=2
To fix this the code now checks if the connect callback is pending, in
that case destroy the callback releasing the reference it carrying.
session_process_queue needs to be able to access the request .func in
case an error happen and it later calls pending_request_free so .process
shall not attempt to free the request otherwise it will cause crashes:
Invalid read of size 8
at 0x4349D2: session_process_queue (session.c:857)
by 0x434AC5: setpath_complete.isra.1 (session.c:1026)
by 0x434B29: setpath_cb (session.c:1077)
by 0x416448: handle_response (gobex.c:1128)
by 0x41739D: incoming_data (gobex.c:1402)
by 0x59747FA: g_main_context_dispatch (in /usr/lib64/libglib-2.0.so.0.4200.2)
by 0x5974B97: ??? (in /usr/lib64/libglib-2.0.so.0.4200.2)
by 0x5974EC1: g_main_loop_run (in /usr/lib64/libglib-2.0.so.0.4200.2)
by 0x40E23F: main (main.c:322)
Address 0x66e3d30 is 32 bytes inside a block of size 56 free'd
at 0x4C2ACE9: free (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
by 0x597A50E: g_free (in /usr/lib64/libglib-2.0.so.0.4200.2)
by 0x4345F5: pending_request_free (session.c:193)
by 0x4348DF: session_process_setpath (session.c:1131)
by 0x4349C9: session_process_queue (session.c:854)
by 0x434AC5: setpath_complete.isra.1 (session.c:1026)
by 0x434B29: setpath_cb (session.c:1077)
by 0x416448: handle_response (gobex.c:1128)
by 0x41739D: incoming_data (gobex.c:1402)
by 0x59747FA: g_main_context_dispatch (in /usr/lib64/libglib-2.0.so.0.4200.2)
by 0x5974B97: ??? (in /usr/lib64/libglib-2.0.so.0.4200.2)
by 0x5974EC1: g_main_loop_run (in /usr/lib64/libglib-2.0.so.0.4200.2)
This adds supported_features support to obc_driver so driver can
provide this information when connecting.
This is required by PBAP 1.2 (page 48):
'Mandatory if the PSE advertises a PbapSupportedFeatures attribute in
its SDP record, else excluded.'
g_str_equal has been used for the session path compare
which is not NULL-safe. Used the g_strcmp0() for the NULL-Safe
string comparision.
*#0 strcmp (p1=0x0, p2=0x7105c "/org/bluez/obex/client/session0")
* at strcmp.c:38
*#1 0xb6e0cd0a in g_str_equal (v1=<value optimized out>,
* v2=<value optimized out>) at ghash.c:1704
*#2 0x000264d8 in find_session (connection=<value optimized out>,
* message=0x55b38, user_data=<value optimized out>)
* at obexd/client/manager.c:162
*#3 remove_session (connection=<value optimized out>, message=0x55b38,
user_data=<value optimized out>) at obexd/client/manager.c:231
CC obexd/plugins/obexd-filesystem.o
In file included from obexd/plugins/filesystem.c:40:0:
/usr/include/wait.h:1:2: error: #warning redirecting incorrect
#include <wait.h> to <sys/wait.h> [-Werror=cpp]
#warning redirecting incorrect #include <wait.h> to <sys/wait.h>
^
cc1: all warnings being treated as errors
Makefile:6447: recipe for target 'obexd/plugins/obexd-filesystem.o' failed
make[1]: *** [obexd/plugins/obexd-filesystem.o] Error 1
