Commit Graph

26883 Commits

Author SHA1 Message Date
Iulia Tanasescu
b56479f4f5 tools/iso-tester: Add Broadcast tests for encrypted BIG
This adds the following tests for encrypted broadcast:

ISO Broadcaster Encrypted - Success
ISO Broadcaster Receiver Encrypted - Success
2023-04-19 13:46:00 -07:00
Iulia Tanasescu
ce1eb5dd0a tools/isotest: Add BIG encryption options
Add command line options for BIG encryption and broadcast code.
2023-04-19 13:46:00 -07:00
Iulia Tanasescu
180d1c9ad0 monitor/packet: Fix BIG encryption decoding
Fix incorrect decoding of the encryption parameter when logging
the LE BIG Create Sync command.
2023-04-19 13:45:59 -07:00
Luiz Augusto von Dentz
4d197b859e iso-tester: Add BAP Audio Configuration tests
This adds the following tests based on BAP Audio Configurations:

ISO AC 1 & 4 - Success
ISO AC 2 & 10 - Success
ISO AC 3 & 5 - Success
ISO AC 6(i) - Success
ISO AC 6(ii) - Success
ISO AC 7(i) - Success
ISO AC 7(ii) - Success
ISO AC 8(i) - Success
ISO AC 8(ii) - Success
ISO AC 9(i) - Success
ISO AC 9(ii) - Success
ISO AC 11(i) - Success
ISO AC 11(ii) - Success
2023-04-13 13:46:19 -07:00
Luiz Augusto von Dentz
57b67987d4 btdev: Fix not setting CIS parameters properly
The code was assuming only index 0 was to be used which doesn't work
when there are multiple CIS being programmed with different parameters.
2023-04-12 17:39:03 -07:00
Luiz Augusto von Dentz
e122a07088 mgmt-tester: Fix Get/Set PHY tests
This fixes the following tests now that all supported PHYs are enabled
by default:

Start Discovery LE - (Ext Scan Param)   Failed
Get PHY Success                         Failed
Set PHY 1m 2m coded Succcess            Timed out
2023-04-07 11:42:23 -07:00
Luiz Augusto von Dentz
070c78c426 client/advertising: Add support for advertise.rsi command
This adds support for advertise.rsi command which can be used to request
the generation of RSI and include it as part of advertising data:

[bluetooth]# advertise.rsi --help
Show/Enable/Disable RSI to be advertised
Usage:
	 rsi [on/off]
[bluetooth]# advertise.rsi
RSI: on
[bluetooth]# advertise on
...
Advertising object registered
Tx Power: off
Name: off
Appearance: off
Discoverable: on
RSI: on
[bluetooth]#
2023-04-05 17:00:00 -07:00
Luiz Augusto von Dentz
eef2e62a5b advertising: Add support for rsi as Includes
This adds support for "rsi" when a SIRK has been set on main.conf, the
clients can then enable it via Includes property which will make the
daemon to automatically generate an RSI (hash+random) and include it as
part of the advertising data:

< HCI Command: LE Set Extended Advertising Data (0x08|0x0037) plen 15
        Handle: 0x01
        Operation: Complete extended advertising data (0x03)
        Fragment preference: Minimize fragmentation (0x01)
        Data length: 0x0b
        Resolvable Set Identifier: E2-4E-AA-1B-2B-61
          Hash: 0x1b2b61
          Random: 0xe24eaa
        Flags: 0x06
          LE General Discoverable Mode
          BR/EDR Not Supported
2023-04-05 15:59:47 -07:00
Luiz Augusto von Dentz
23bc47437a advertising-api: Add rsi to SupportedIncludes
This adds "rsi" as possible value to SupportedIncludes so when it is
available it means client and set it on its Includes property so a
proper RSI is generated and included as part of the Advertising Data.
2023-04-05 15:56:11 -07:00
Luiz Augusto von Dentz
759d1442a5 shared/ad: Fix bt_ad_has_data not matching when only type is passed
bt_ad_has_data attempts to match the data portion even when not set
which is useful the user is only interested in actually mataching the
type alone.
2023-04-05 15:53:12 -07:00
Luiz Augusto von Dentz
a1b93db14d main.conf: Fix parsing of CSIS group
There was a typo in the group name using CSIP instead of CSIS.
2023-04-05 15:51:37 -07:00
Iulia Tanasescu
61971f0264 monitor/att: Add decoding support for BASS
This adds decoding support for BASS attributes:

> ACL Data RX: Handle 0 flags 0x02 dlen 7
      ATT: Read Request (0x0a) len 2
        Handle: 0x003a Type: Broadcast Receive State (0x2bc8)

< ACL Data TX: Handle 0 flags 0x00 dlen 45
      ATT: Read Response (0x0b) len 40
        Handle: 0x003a Type: Broadcast Receive State (0x2bc8)
        Value: 0100f2698be807c0013a6501020101000000000403020400
          Source_ID: 1
          Source_Address_Type: 0
          Source_Address: C0:07:E8:8B:69:F2
          Source_Adv_SID: 1
          Broadcast_ID: 0x01653a
          PA_Sync_State: Synchronized to PA
          BIG_Encryption: Broadcast_Code required
          Num_Subgroups: 1
          Subgroup #0:
            BIS_Sync State: 0x00000000
            Metadata #0: len 0x03 type 0x02
            Metadata: 0400

> ACL Data RX: Handle 0 flags 0x02 dlen 7
      ATT: Read Request (0x0a) len 2
        Handle: 0x003d Type: Broadcast Receive State (0x2bc8)

< ACL Data TX: Handle 0 flags 0x00 dlen 5
      ATT: Read Response (0x0b) len 0
        Handle: 0x003d Type: Broadcast Receive State (0x2bc8)
        Value:
          Empty characteristic

> ACL Data RX: Handle 0 flags 0x02 dlen 8
      ATT: Write Request (0x12) len 3
        Handle: 0x0040 Type: Broadcast Audio Scan Control Point (0x2bc7)
          Data: 00
            Opcode: Remote Scan Stopped (0x00)

< ACL Data TX: Handle 0 flags 0x00 dlen 9
      ATT: Error Response (0x01) len 4
        Write Request (0x12)
        Handle: 0x0040
        Error: Reserved (0x80)

> ACL Data RX: Handle 0 flags 0x02 dlen 8
      ATT: Write Request (0x12) len 3
        Handle: 0x0040 Type: Broadcast Audio Scan Control Point (0x2bc7)
          Data: 01
            Opcode: Remote Scan Started (0x01)

< ACL Data TX: Handle 0 flags 0x00 dlen 9
      ATT: Error Response (0x01) len 4
        Write Request (0x12)
        Handle: 0x0040
        Error: Reserved (0x80)

> ACL Data RX: Handle 0 flags 0x01 dlen 5
      ATT: Write Request (0x12) len 27
        Handle: 0x0040 Type: Broadcast Audio Scan Control Point (0x2bc7)
          Data: 0200f2698be807c0013a650100ffff01000000000403020400
            Opcode: Add Source (0x02)
            Source_Address_Type: 0
            Source_Address: C0:07:E8:8B:69:F2
            Source_Adv_SID: 1
            Broadcast_ID: 0x01653a
            PA_Sync_State: Do not synchronize to PA
            PA_Interval: 0xffff
            Num_Subgroups: 1
            Subgroup #0:
              BIS_Sync State: 0x00000000
              Metadata #0: len 0x03 type 0x02
              Metadata: 0400

< ACL Data TX: Handle 0 flags 0x00 dlen 9
      ATT: Error Response (0x01) len 4
        Write Request (0x12)
        Handle: 0x0040
        Error: Reserved (0x80)

> ACL Data RX: Handle 0 flags 0x02 dlen 22
      ATT: Write Request (0x12) len 17
        Handle: 0x0040 Type: Broadcast Audio Scan Control Point (0x2bc7)
          Data: 030102780001000000000403040400
            Opcode: Modify Source (0x03)
            Source_ID: 1
            PA_Sync_State: Synchronize to PA - PAST not available
            PA_Interval: 0x0078
            Num_Subgroups: 1
            Subgroup #0:
              BIS_Sync State: 0x00000000
              Metadata #0: len 0x03 type 0x04
              Metadata: 0400

< ACL Data TX: Handle 0 flags 0x00 dlen 9
      ATT: Error Response (0x01) len 4
        Write Request (0x12)
        Handle: 0x0040
        Error: Reserved (0x80)

> ACL Data RX: Handle 0 flags 0x02 dlen 25
      ATT: Write Request (0x12) len 20
        Handle: 0x0040 Type: Broadcast Audio Scan Control Point (0x2bc7)
          Data: 0401b803eac6afbb65a25a41f15305680201
            Opcode: Set Broadcast_Code (0x04)
            Source_ID: 1
            Broadcast_Code: b803eac6afbb65a25a41f15305680201

< ACL Data TX: Handle 0 flags 0x00 dlen 5
      ATT: Write Response (0x13) len 0

< ACL Data TX: Handle 0 flags 0x00 dlen 33
      ATT: Handle Multiple Value Notification (0x23) len 28
        Length: 0x0018
        Handle: 0x003a Type: Broadcast Receive State (0x2bc8)
          Data: 0100f2698be807c0013a6501020201000000000403020400
          Source_ID: 1
          Source_Address_Type: 0
          Source_Address: C0:07:E8:8B:69:F2
          Source_Adv_SID: 1
          Broadcast_ID: 0x01653a
          PA_Sync_State: Synchronized to PA
          BIG_Encryption: Decrypting
          Num_Subgroups: 1
          Subgroup #0:
            BIS_Sync State: 0x00000000
            Metadata #0: len 0x03 type 0x02
            Metadata: 0400

> ACL Data RX: Handle 0 flags 0x02 dlen 9
      ATT: Write Request (0x12) len 4
        Handle: 0x0040 Type: Broadcast Audio Scan Control Point (0x2bc7)
          Data: 0501
            Opcode: Remove Source (0x05)
            Source_ID: 1

< ACL Data TX: Handle 0 flags 0x00 dlen 9
      ATT: Error Response (0x01) len 4
        Write Request (0x12)
        Handle: 0x0040
        Error: Reserved (0x80)
2023-04-05 12:38:40 -07:00
Luiz Augusto von Dentz
7aee0b67ba set: Fix not attempt to connect devices with RSI
If a device advertising with RSI is only found later after the set was
already create we shall still attempt to connect to it.
2023-04-03 13:32:22 -07:00
Inga Stotland
cffd5832a5 mesh: Tighten IO and fix out-of-bounds array access
This fixes the out-of-bounds array access in mesh-io-mgmt.c caught
by address sanitizer. Similar fixes were applied earlier to
generic and unit IOs. With this patch, the common code is factored
into a centralized location.
2023-04-03 13:29:00 -07:00
Hans de Goede
de8e7cfce2 adapter: Use regular discovery for filters which only have discoverable set
discovery_filter_to_mgmt_cp() does not add discovery_filter.discoverable
to the created mgmt_cp_start_service_discovery struct.

Instead update_discovery_filter() separately checks
client->discovery_filter->discoverable for all clients.

This means that for discovery-filters which only have the discoverable
flag set, to put the adapter in discoverable mode while discovering,
the created mgmt_cp_start_service_discovery struct is empty.

This empty mgmt_cp_start_service_discovery struct then gets sent
to the kernel as part of a MGMT_OP_START_SERVICE_DISCOVERY msg
by start_discovery_timeout().

This use of an empty filter with MGMT_OP_START_SERVICE_DISCOVERY
causes some bluetooth devices to not get seen with some (most?)
Broadcom bluetooth adapters. This problem has been observed with
the following Broadcom models: BCM4343A0, BCM43430A1, BCM43341B0 .

On these models the following 2 devices were not being discovered
when starting a scan with a filter with just discoverable set
in the filter (as gnome-bluetooth does):

Device 09:02:01:03:0F:87 (public)
        Name: Bluetooth 3.0 Keyboard
        Alias: Bluetooth 3.0 Keyboard
        Class: 0x00000540
        Icon: input-keyboard
        Paired: yes
        Bonded: yes
        Trusted: yes
        Blocked: no
        Connected: yes
        WakeAllowed: yes
        LegacyPairing: yes
        UUID: Service Discovery Serve.. (00001000-0000-1000-8000-00805f9b34fb)
        UUID: Human Interface Device... (00001124-0000-1000-8000-00805f9b34fb)
        UUID: PnP Information           (00001200-0000-1000-8000-00805f9b34fb)
        Modalias: bluetooth:v05ACp022Cd011B

Device 00:60:D1:00:00:34 (public)
        Name: Bluetooth Mouse
        Alias: Bluetooth Mouse
        Class: 0x00002580
        Icon: input-mouse
        Paired: yes
        Bonded: yes
        Trusted: yes
        Blocked: no
        Connected: yes
        WakeAllowed: yes
        LegacyPairing: no
        UUID: Human Interface Device... (00001124-0000-1000-8000-00805f9b34fb)
        UUID: PnP Information           (00001200-0000-1000-8000-00805f9b34fb)
        Modalias: usb:v0103p0204d001E

Since setting the discoverable flag on a filter only is a way to
automatically put the adapter in discoverable mode itself while
it is discovering; and since this does not any device filtering
at all; modify merge_discovery_filters() to treat discovery with
such filters as regular unfiltered discovery.

This results in start_discovery_timeout() starting regular
discovery through a MGMT_OP_START_DISCOVERY message and this
fixes these 2 example devices not getting discovered by the
mentioned Broadcom BT adapter models.

Link: https://gitlab.gnome.org/GNOME/gnome-bluetooth/-/merge_requests/163
Reviewed-by: Bastien Nocera <hadess@hadess.net>
2023-03-31 15:09:48 -07:00
Iulia Tanasescu
c4d9b99db5 Split bt_iso_qos into dedicated structures
Split bt_iso_qos into dedicated unicast and broadcast
structures and add additional broadcast parameters.
2023-03-31 14:33:28 -07:00
Luiz Augusto von Dentz
f54299a850 avrcp: Fix crash while handling unsupported events
The following crash can be observed if the remote peer send and
unsupported event:

ERROR: AddressSanitizer: heap-use-after-free on address 0x60b000148f11
 at pc 0x559644552088 bp 0x7ffe28b3c7b0 sp 0x7ffe28b3c7a0
 WRITE of size 1 at 0x60b000148f11 thread T0
     #0 0x559644552087 in avrcp_handle_event profiles/audio/avrcp.c:3907
     #1 0x559644536c22 in control_response profiles/audio/avctp.c:939
     #2 0x5596445379ab in session_cb profiles/audio/avctp.c:1108
     #3 0x7fbcb3e51c43 in g_main_context_dispatch (/lib/x86_64-linux-gnu/libglib-2.0.so.0+0x55c43)
     #4 0x7fbcb3ea66c7  (/lib/x86_64-linux-gnu/libglib-2.0.so.0+0xaa6c7)
     #5 0x7fbcb3e512b2 in g_main_loop_run (/lib/x86_64-linux-gnu/libglib-2.0.so.0+0x552b2)
     #6 0x559644754ab6 in mainloop_run src/shared/mainloop-glib.c:66
     #7 0x559644755606 in mainloop_run_with_signal src/shared/mainloop-notify.c:188
     #8 0x5596445bb963 in main src/main.c:1289
     #9 0x7fbcb3bafd8f in __libc_start_call_main ../sysdeps/nptl/libc_start_call_main.h:58
     #10 0x7fbcb3bafe3f in __libc_start_main_impl ../csu/libc-start.c:392
     #11 0x5596444e8224 in _start (/usr/local/libexec/bluetooth/bluetoothd+0xf0224)
2023-03-30 16:44:46 -07:00
Manish Mandlik
5106fe8c86 mgmt-tester: Add devcoredump tests
Add mgmt-tester tests for hci devcoredump. These testa trigger the
devcoredump with a test data and verifies the generated devcoredump
file for the test data and correct devcoredump header fields.
2023-03-30 10:52:14 -07:00
Manish Mandlik
8bd2f29617 vhci: Add support to trigger devcoredump and read the dump file
Add vhci support to trigger the hci devcoredump by writing to
force_devcoredump debugfs entry and read the generated devcoredump
file.
2023-03-30 10:46:21 -07:00
Luiz Augusto von Dentz
2b022fa529 device: Fix not setting initiator flag when auto-connecting
If the device is marked as auto-connect the kernel may initiate the
connection spontaneously causing new connections to not have set the
state->initiator flag properly.
2023-03-29 16:25:18 -07:00
Luiz Augusto von Dentz
ca07d198f9 bap: Mark devices to auto-connect
This makes devices with BAP support to auto-connect once they start
advertising.
2023-03-29 12:55:16 -07:00
Simon Mikuda
54601cbcf2 l2test: Fix setting mode for BR/EDR l2cap socket
BT_MODE_* enums are used only for socket SOL_BLUETOOTH, option BT_MODE
Otherwise we should use L2CAP_MODE_* enums.
2023-03-28 13:49:35 -07:00
Simon Mikuda
cedace72c3 l2test: Enable hex input for PSM 2023-03-28 13:44:35 -07:00
Luiz Augusto von Dentz
011e562a98 monitor: Cache IRK being parsed
This caches any IRK being parsed so they can be used to resolve
addresses later which fixes the problem of only being able to resolve
addresses if the monitor happens to be active while SMP exchange the
keys.
2023-03-27 13:56:49 -07:00
Luiz Augusto von Dentz
2719bb5aaf monitor/att: Fix not loading gatt_db for devices using RPA
Device using RPA have its storage using its identity address so this
uses keys_resolve_identity to attempt to resolve the destination
address instead of always using the connection address.
2023-03-27 13:56:48 -07:00
Luiz Augusto von Dentz
cf72428156 monitor/att: Print value when printing descriptors
This prints the value attribute information when print attribute
descriptors:

< ACL Data TX: Handle 3585 flags 0x00 dlen 9
      ATT: Write Request (0x12) len 4
        Handle: 0x002c Type: Client Characteristic Configuration (0x2902)
        Value Handle: 0x002b Type: Battery Level (0x2a19)
          Data: 0100
            Notification (0x01)
2023-03-27 13:56:48 -07:00
Luiz Augusto von Dentz
7610b92641 shared/gatt-db: Make gatt_db_attribute_get_value public
This makes gatt_db_attribute_get_value public so it can be used by the
likes of btmon.
2023-03-27 13:56:48 -07:00
Luiz Augusto von Dentz
fb1c694100 client: Add samples init scripts
This adds sample init scripts that can be passed to bluetoothctl for
testing.
2023-03-24 16:52:45 -07:00
Luiz Augusto von Dentz
f2f7c742ad shared/shell: Add support for -i/--init-script
This adds support for -i/--init-script which can be used to provide a
file with commands to be initialized, the commands are then run in
sequence after completing:

client/bluetoothctl -i client/power-on-off.bt
Agent registered
Changing power on succeeded
[CHG] Controller A8:7E:EA:56:87:D5 Pairable: yes
[CHG] Controller 98:8D:46:EE:6D:16 Pairable: yes
[CHG] Controller 98:8D:46:EE:6D:16 PowerState: on-disabling
AdvertisementMonitor path registered
2023-03-24 16:52:32 -07:00
Luiz Augusto von Dentz
1ee1fc8e38 bap: Fix not continue selecting if endpoint respond with an error
If the endpoint respond with an error we shall decrement selecting
counter and proceed to check if there is any stream that can be
configured.
2023-03-24 16:37:39 -07:00
Simon Mikuda
648b436252 monitor: Fix printing Signed Write Command
Data field were print twice (1 time incorrectly):
> ACL Data RX: Handle 64 flags 0x02 dlen 19
      ATT: Signed Write Command (0xd2) len 14
        Handle: 0x006f Type: Vendor specific (f7debc9a-7856-3412-7856-341278563412)
          Data: 0800000087f303c224516133
          Data:
          Signature: 0800000087f303c224516133
2023-03-23 13:48:08 -07:00
Simon Mikuda
446e13360d monitor: Fix crash when there is no write handler 2023-03-23 13:48:07 -07:00
Aaron_shen
338ba4352b obexd: reject to accept file when replying reject message
It will accept file when obex agent replied any message
event though the message is org.bluez.obex.Error.Rejected.
The patch helps to reject a Bluetooth object push request if
user replied "org.bluez.obex.Error.Rejected" message according
to the doc/obex-agent-api.txt.
2023-03-21 08:52:11 -07:00
Marijn Suijten
1de41786c1 audio/transport: Propagate errors from avrcp_set_volume to DBus
Any error while setting absolute volume on the peer, or notifying the
peer of changes was previously going completely unnoticed.  Propagate it
to the logs and back to the DBus "Volume" property setter so that they
aren't misled into thinking that the AVRCP command succeeded.

Note that an error is mostly harmless when the setter of the property is
an audio sink and the peer the audio source: in this case we're only
_notifying_ the peer of the change when it has already been applied on
the sink.

Also improve the other two error messages to more closely describe what
was "invalid" about the argument.
2023-03-21 08:52:11 -07:00
Inga Stotland
4a3f465a55 mesh: On exit free timer for filtering duplicates
This frees resources associated with duplicate filter timer
when destroying management IO.
2023-03-20 12:18:37 -07:00
Inga Stotland
551a0c80ab tools/mesh-cfgclient: Auto request own composition data
When attaching a local provisioner node, always request own
composition data to accommodate functional consolidation of
regular and remote provisioning mechanisms.
The knowledge of the own node composition is necessary for
provisioning initiation and self configuration.
2023-03-17 13:27:14 -07:00
Inga Stotland
bc961998a8 tools/mesh-cfgclient: Prevent storing duplicate models
This fixes the situation when subsequent requests to get a node
composition result in appending element's model list with duplicate models.
This adds a check for a presence of a model on an element when attempting
to add a new model ID to a model list on this element.
2023-03-17 13:27:14 -07:00
Pauli Virtanen
39260c3cfa doc: describe new ISO Transport properties
Document the currently undocumented transport QoS properties.
2023-03-17 09:36:01 -07:00
Pauli Virtanen
28422cd231 transport: add CIG/CIS/PHY properties, don't show unset QoS properties
Add CIG, CIS, and PHY properties to BAP transport.  The other QoS
properties are there, and these may also be useful to clients, e.g.  to
manage CIG/CIS allocation as client.

Hide transport QoS properties when they are not configured.
2023-03-17 09:36:01 -07:00
Luiz Augusto von Dentz
306a8083ad shared/gatt-client: Fix not creating a request for notifications
Notifications were using bt_att_send directly instead of
bt_gatt_client_write_value thus it wouldn't create a request which
causes the instance to not be able to track it which in turn may cause
the client to trigger its idle callback too early.

Fixes: https://github.com/bluez/bluez/issues/490
2023-03-17 09:36:01 -07:00
Brian Gix
806230e4fd mesh: Don't send Prov Failed on non-existant links
If remote device does not respond to a Prov Link Open request, then the
callbacks do not get established, and attempting to send Failure
messages on the non-existent link rersult in seg fault.
2023-03-15 18:12:38 -07:00
Brian Gix
c1f7aed635 mesh: Make MGMT mesh-io less noisy
Remove excessive logging traffic
2023-03-15 10:24:52 -07:00
Brian Gix
a5998b588c mesh: Filter originated Provisioning Data packets
The mesh daemon can process incoming mesh packets on more than one
controller, but if a Provisioning data packet that originated from the
local daemon is received by a different controller, it must be filtered
and disregarded, or it will break the provisioning protocol.
2023-03-15 10:16:35 -07:00
Brian Gix
7c0fb2fefb mesh: Loopback unprovisioned beacons
Because the daemon explicitly supports multiple nodes, we need
local Config Clients to be able to see local unprovisioned devices.

This loops the unprovisioned beacon, so that local Provisioning servers
can see it.

Fixes Issue: https://github.com/bluez/bluez/issues/341
2023-03-14 14:34:36 -07:00
Brian Gix
5934f133d4 mesh: Fix uninitialized memory usage
When attempting to cancel an unknown Scan request structure must be
NULL initialized.
2023-03-14 14:34:36 -07:00
Luiz Augusto von Dentz
857d9b96b3 shared/gatt-client: Fix crash on bt_gatt_client_idle_unregister
This fixes the following crash:

Invalid read of size 8
   at 0x1E1E0B: bt_gatt_client_idle_unregister (gatt-client.c:3812)
   by 0x1EB6BD: bt_bap_detach (bap.c:3821)
   by 0x1EB6BD: bt_bap_detach (bap.c:3808)
   by 0x1D5631: queue_foreach (queue.c:207)
   by 0x1DCAA3: disconnect_cb (att.c:713)
   by 0x1F4404: watch_callback (io-glib.c:157)
   by 0x48BBC7E: g_main_context_dispatch (in /usr/lib64/libglib-2.0.so.0.7400.6)
   by 0x4912117: ??? (in /usr/lib64/libglib-2.0.so.0.7400.6)
   by 0x48BB24E: g_main_loop_run (in /usr/lib64/libglib-2.0.so.0.7400.6)
   by 0x1F4A54: mainloop_run (mainloop-glib.c:66)
   by 0x1F4E21: mainloop_run_with_signal (mainloop-notify.c:188)
   by 0x1304B4: main (main.c:1428)
 Address 0x28 is not stack'd, malloc'd or (recently) free'd
2023-03-14 13:52:59 -07:00
Łukasz Rymanowski
6ae44c74aa btmon: Fix decoding truncated data
Some platforms use different filtering and for this purpose,
some of the ACL/SCO/ISO/SDP data is truncated.

In such a case, included length is smaller than the original size.
Without this fix, btmon stops working after first truncated packet.
2023-03-14 12:48:46 -07:00
Pauli Virtanen
7b654b16fb shared/bap: fix Locations, Context to be PACS not PAC properties
Audio Locations and Contexts are properties of the PACS service, not of
individual PAC, as these are device-wide bitmaps and a single
characteristic may exist on PACS server (PACS v1.0 Sec 3).

Move the attributes out from bt_bap_pac to bt_bap_pacs, and actually
keep track of the values.
2023-03-14 12:45:28 -07:00
Luiz Augusto von Dentz
2762129212 device: Fix crash attempting to read Sets property
The following set can be observed when a sirk is exists but it is
encrypted leading to info->set to not be set:

Invalid read of size 8
   at 0x1ACDF0: append_set (device.c:1662)
   by 0x1FFEFFF7DF: ???
   by 0x1D4461: queue_foreach (queue.c:207)
   by 0x1AC8DE: dev_property_get_set (device.c:1700)
   by 0x1CF3E2: append_property (object.c:498)
   by 0x1CFA91: append_properties (object.c:527)
   by 0x1CFAFD: append_interface (object.c:542)
   by 0x48D7CEF: g_slist_foreach (gslist.c:887)
   by 0x1CF5A7: append_interfaces (object.c:1104)
   by 0x1CF5A7: append_object (object.c:1119)
   by 0x48D7CEF: g_slist_foreach (gslist.c:887)
   by 0x1CF5D0: append_object (object.c:1122)
   by 0x48D7CEF: g_slist_foreach (gslist.c:887)
 Address 0x8 is not stack'd, malloc'd or (recently) free'd
2023-03-14 12:38:29 -07:00
Luiz Augusto von Dentz
e040109302 shared/csip: Fix crash on bt_csip_get_sirk
This fixes the following trace:

Invalid read of size 1
   at 0x1F4282: bt_csip_get_sirk (csip.c:812)
   by 0x176B21: csip_ready (csip.c:259)
   by 0x1F3C74: csip_notify_ready (csip.c:578)
   by 0x1F3C74: csip_idle (csip.c:659)
   by 0x1DCDCC: idle_notify (gatt-client.c:171)
   by 0x1D579A: queue_remove_if (queue.c:279)
   by 0x1D584F: queue_remove_all (queue.c:321)
   by 0x1E036F: notify_client_idle (gatt-client.c:180)
   by 0x1E036F: request_unref (gatt-client.c:199)
   by 0x1DC60D: destroy_att_send_op (att.c:211)
   by 0x1DC60D: handle_rsp (att.c:874)
   by 0x1DC60D: can_read_data (att.c:1064)
   by 0x1F43F4: watch_callback (io-glib.c:157)
   by 0x48BBC7E: g_main_context_dispatch (in /usr/lib64/libglib-2.0.so.0.7400.6)
   by 0x4912117: ??? (in /usr/lib64/libglib-2.0.so.0.7400.6)
   by 0x48BB24E: g_main_loop_run (in /usr/lib64/libglib-2.0.so.0.7400.6)
 Address 0x0 is not stack'd, malloc'd or (recently) free'd
2023-03-14 12:38:24 -07:00