This replaces the uses of g_memdup with util_memdup since the former has
been deprecated:
warning: ‘g_memdup’ is deprecated: Use 'g_memdup2' instead
[-Wdeprecated-declarations]
g_memdup2 requires bumping glib version which would likely have its
own problems thus why util_memdup was introduced.
Some PTS clients do not send all the mandatory apparams
when retrieving the phonebook. Clients such as car multimedia systems
cannot be fixed, therefore working around this issue by inserting
default apparams which makes these clients work as well.
Modernize PBAP phonebook-ebook plugin for newer libebook version
of the Evolution Data Server.
The ebook plugin was introduced during GSoC 2011 [1] and allows
BlueZ to share contacts stored in the Evolution Data Server to
connected clients such as car multimedia systems.
With the rise of Mobile Linux thanks to the PinePhone and Librem 5,
this plugin was modernized to compile with newer libebook versions
because the API was changed [2].
[1] http://www.bluez.org/gsoc-eds-backend-of-phonebook-access-profilepbap/
[2] https://wiki.gnome.org/Apps/Evolution/ESourceMigrationGuide
This patch fixes a couple memory leaks.
In filesystem, g_file_get_contents allocates fresh memory to buf.
It needs to be freed after conversion to a GString object.
Destination was missed on an error path as is mld.
obexd/src/main.c: In function 'main':
obexd/src/main.c:237:13: warning: Deprecated pre-processor symbol
237 | if (g_thread_supported() == FALSE)
| ^~~~~~~~~~~~~~~~~~~~~~~
obexd/src/main.c:238:3: warning: 'g_thread_init' is deprecated
[-Wdeprecated-declarations]
238 | g_thread_init(NULL);
| ^~~~~~~~~~~~~
In file included from /usr/include/glib-2.0/glib.h:111,
from obexd/src/main.c:31:
/usr/include/glib-2.0/glib/deprecated/gthread.h:261:10: note: declared here
261 | void g_thread_init (gpointer vtable);
| ^~~~~~~~~~~~~
When files are to be placed not in libexecdir but a subdirectory of
it, automake has a variable name reserved for exactly that purpose
(and a default value, which Makefile.am will override), called
pkglibexecdir. Let's use it.
On failure to open plugin directory, memory allocated to 'patterns'
and 'excludes' is not being freed, and the following memory leak is
logged:
Direct leak of 28 byte(s) in 1 object(s) allocated from:
#0 0xb6aa1c49 in malloc (/usr/lib/liblsan.so+0x9c49)
#1 0xb6976e89 in g_malloc (/lib/libglib-2.0.so.0+0x3ae89)
#2 0xb69886f1 in g_strsplit_set (/lib/libglib-2.0.so.0+0x4c6f1)
#3 0xb6f82f3b in plugin_init (/usr/libexec/bluetooth/obexd+0x20f3b)
#4 0xb6f70dc9 in main (/usr/libexec/bluetooth/obexd+0xedc9)
Due to using g_dbus_emit_property_changed() and g_dbus_get_properties(),
obex_dbus_signal_property_changed() is unused since commit 96063756
("obex-client: Rename org.bluez.obex.Transfer to Transfer1"), and
OBC_PROPERTIES_ARRAY_SIGNATURE macro is unused since commit 3eadc034
("obex-client: Make use of g_dbus_get_properties to get transfer properties").
Prints out "<unknown>" string if there is no response name as below:
obexd[8117]: obexd/src/obex.c:cmd_connect()
obexd[8117]: CONNECT(0x0), (null)(0xffffffff)
Also replaces emit_transfer_progress() with the new wrapper function
because the total/transferred arguments have not been used since commit
a5c2b6e8 ("obexd: Align client and server spec of org.bluez.obex.Transfer1")
and g_dbus_emit_property_changed_full() checks if the path argument is
NULL.
When obexd is started with the option auto-accept or the agent is killed
after starting to transfer a file, obexd crashes due to cancellation of
the transfer from a client as below:
Process terminating with default action of signal 11 (SIGSEGV)
Access not within mapped region at address 0x0
at 0x158A40: transfer_cancel (manager.c:272)
by 0x18A5D2: process_message.isra.4 (object.c:259)
by 0x18AE44: generic_message (object.c:1079)
by 0x5290FD2: ??? (in /lib/x86_64-linux-gnu/libdbus-1.so.3.14.13)
by 0x5282623: dbus_connection_dispatch (in /lib/x86_64-linux-gnu/libdbus-1.so.3.14.13)
by 0x184DBF: message_dispatch (mainloop.c:72)
by 0x5505E24: g_main_context_dispatch (in /lib/x86_64-linux-gnu/libglib-2.0.so.0.5400.1)
by 0x55061EF: ??? (in /lib/x86_64-linux-gnu/libglib-2.0.so.0.5400.1)
by 0x5506501: g_main_loop_run (in /lib/x86_64-linux-gnu/libglib-2.0.so.0.5400.1)
by 0x137902: main (main.c:322)
A fd is duplicated if dbus type is unix fd, and then it is not closed
even after the file is finished transporting. In the end obexd can not
transport due to the limitation of open-able fd as below.
Warning: invalid file descriptor 1031 in syscall fcntl(DUPFD_CLOEXEC)()
FILE DESCRIPTORS: 1021 open at exit.
Open pf-31 socket 1023:
at 0x5061F1F: fcntl_common (fcntl.c:46)
by 0x5061F1F: fcntl (fcntl.c:79)
by 0x52A1C3D: _dbus_dup (in /lib/x86_64-linux-gnu/libdbus-1.so.3.14.13)
by 0x528C7B8: dbus_message_iter_get_basic (in /lib/x86_64-linux-gnu/libdbus-1.so.3.14.13)
by 0x149E04: profile_new_connection (bluetooth.c:136)
by 0x18AAF2: process_message.isra.3 (object.c:259)
by 0x18B364: generic_message (object.c:1079)
by 0x5290FD2: ??? (in /lib/x86_64-linux-gnu/libdbus-1.so.3.14.13)
by 0x5282623: dbus_connection_dispatch (in /lib/x86_64-linux-gnu/libdbus-1.so.3.14.13)
by 0x1852FF: message_dispatch (mainloop.c:72)
by 0x5505E24: g_main_context_dispatch (in /lib/x86_64-linux-gnu/libglib-2.0.so.0.5400.1)
by 0x55061EF: ??? (in /lib/x86_64-linux-gnu/libglib-2.0.so.0.5400.1)
by 0x5506501: g_main_loop_run (in /lib/x86_64-linux-gnu/libglib-2.0.so.0.5400.1)
Since this glibc commit:
https://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=37f802f86400684c8d13403958b2c598721d6360
glibc doesn't include declare ssize_t when fcntl.h is included (fcntl.h
included <bits/uio.h> which includes <sys/types.h>).
This fixes the following compile-time error:
In file included from obexd/plugins/mas.c:41:0:
./obexd/src/obex.h:37:1: error: unknown type name ‘ssize_t’; did you mean ‘size_t’?
ssize_t obex_get_size(struct obex_session *os);
^~~~~~~
By sending OPP Put request before CONNECT we were able to cause
SIGSEGV in obexd. Crash was caused by null pointer dereference.
Crash was found using Synopsys Defensics Obex Server test suite.
This was fixed by calling os->service->connect if CONNECT was not
done before.
In messages-dummy it is not necessary to add parent folder in the
response to folder-lisintg. when tested with some carkit the present
method is not working when navigating to different folders. so removing
it.
Remote device is not able to fetch call logs from different folder.
It always returns the call logs requested in first request.
Considering a situation to fetch from och and then from cch,
there are two ways to request x-bt/vcard-listing:
Case I:
1. SetPhoneBook to /telecom/och (absolute path)
2. PullvCardListing with name header '' (empty)
Remote devices using this method always calls SetPhoneBook with absolute path
to set the path and we clear the cache when new path is set.
Case II:
1. SetPhoneBook to /telecom (relative path)
2. PullvCardListing with name header 'och'
Remote devices using this method calls SetPhoneBook with '/telecom' only once
and cache is not cleared when second PullvCardListing is made with name header.
This results in cached incorrect list sent to remote device.
Clear cache if name header is present would prevent sending of
cache list as it is not present. Instead it would request to
create new cache based on new name header.
When sending the ExchangeBusinessCards() command, the command returns
a failure. It isn't clear what that failure is. Upon looking through
the code, it is obvious the function is not implemented.
This patch just adds an extra detail message 'Not Implemented' to make
the failure a little more clear about what the problem is.
There are two functions in phonebook-dummy that were returning
'int's instead of 'struct dummy_data'
phonebook_create_cache
phonebook_get_entry
As a result, when an obex-client sends the GetSize command, the obexd
on the server segfaults.
Fix this by storing the id and returning the dummy_data struct.
The GetSize test now passes correctly.
When the remote device sends the 'CreateFolder' command, obexd
first tries to verify the path in ftp_setpath(). Because we are
creating a new directory, the verify_path() is expected to fail (it does
not exist yet; ENOENT).
Trap that special case and cause the function to fail directly to the
create directory path.
If session owner disconnect from the bus while g_obex_connect is pending
it may lead to a crash since it is never canceled connected_cb may still
be called after callback_data is freed.
When client queries for the size of a phonebook we fall into a
indefinite loop as g_obex_apparam_encode always returns the same
number of items added to the buffer regardless how often it is
called. In former times where this code wasn't using GObexApparams
a array was reduced each time the headers where added and so we could
easily find out when we've added all headers. However today we need
to solve this a bit differently by also setting the firstpacket flag
when we receive the phonebook size result from the phonebook
implementation which then lets us correctly go through without
falling into a indefinite loop.
If the owner disconnects the session should be destroyed even if the
connection is pending:
obexd/client/session.c:owner_disconnected()
obexd/client/session.c:obc_session_shutdown() 0x822abb8
obexd/client/session.c:obc_session_ref() 0x822abb8: ref=3
obexd/client/session.c:obc_session_unref() 0x822abb8: ref=2
obexd/client/bluetooth.c:transport_connect() port 19
obexd/client/bluetooth.c:transport_callback()
obexd/client/session.c:transport_func()
obexd/client/bluetooth.c:bluetooth_getpacketopt()
obexd/client/pbap.c:pbap_probe() /org/bluez/obex/client/session1
obexd/client/session.c:obc_session_ref() 0x822abb8: ref=3
obexd/client/session.c:obc_session_register() Session(0x822abb8) registered /org/bluez/obex/client/session1
obexd/client/session.c:obc_session_unref() 0x822abb8: ref=2
To fix this the code now checks if the connect callback is pending, in
that case destroy the callback releasing the reference it carrying.
session_process_queue needs to be able to access the request .func in
case an error happen and it later calls pending_request_free so .process
shall not attempt to free the request otherwise it will cause crashes:
Invalid read of size 8
at 0x4349D2: session_process_queue (session.c:857)
by 0x434AC5: setpath_complete.isra.1 (session.c:1026)
by 0x434B29: setpath_cb (session.c:1077)
by 0x416448: handle_response (gobex.c:1128)
by 0x41739D: incoming_data (gobex.c:1402)
by 0x59747FA: g_main_context_dispatch (in /usr/lib64/libglib-2.0.so.0.4200.2)
by 0x5974B97: ??? (in /usr/lib64/libglib-2.0.so.0.4200.2)
by 0x5974EC1: g_main_loop_run (in /usr/lib64/libglib-2.0.so.0.4200.2)
by 0x40E23F: main (main.c:322)
Address 0x66e3d30 is 32 bytes inside a block of size 56 free'd
at 0x4C2ACE9: free (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
by 0x597A50E: g_free (in /usr/lib64/libglib-2.0.so.0.4200.2)
by 0x4345F5: pending_request_free (session.c:193)
by 0x4348DF: session_process_setpath (session.c:1131)
by 0x4349C9: session_process_queue (session.c:854)
by 0x434AC5: setpath_complete.isra.1 (session.c:1026)
by 0x434B29: setpath_cb (session.c:1077)
by 0x416448: handle_response (gobex.c:1128)
by 0x41739D: incoming_data (gobex.c:1402)
by 0x59747FA: g_main_context_dispatch (in /usr/lib64/libglib-2.0.so.0.4200.2)
by 0x5974B97: ??? (in /usr/lib64/libglib-2.0.so.0.4200.2)
by 0x5974EC1: g_main_loop_run (in /usr/lib64/libglib-2.0.so.0.4200.2)
