| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
| |
If session owner disconnect from the bus while g_obex_connect is pending
it may lead to a crash since it is never canceled connected_cb may still
be called after callback_data is freed.
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
When client queries for the size of a phonebook we fall into a
indefinite loop as g_obex_apparam_encode always returns the same
number of items added to the buffer regardless how often it is
called. In former times where this code wasn't using GObexApparams
a array was reduced each time the headers where added and so we could
easily find out when we've added all headers. However today we need
to solve this a bit differently by also setting the firstpacket flag
when we receive the phonebook size result from the phonebook
implementation which then lets us correctly go through without
falling into a indefinite loop.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
If the owner disconnects the session should be destroyed even if the
connection is pending:
obexd/client/session.c:owner_disconnected()
obexd/client/session.c:obc_session_shutdown() 0x822abb8
obexd/client/session.c:obc_session_ref() 0x822abb8: ref=3
obexd/client/session.c:obc_session_unref() 0x822abb8: ref=2
obexd/client/bluetooth.c:transport_connect() port 19
obexd/client/bluetooth.c:transport_callback()
obexd/client/session.c:transport_func()
obexd/client/bluetooth.c:bluetooth_getpacketopt()
obexd/client/pbap.c:pbap_probe() /org/bluez/obex/client/session1
obexd/client/session.c:obc_session_ref() 0x822abb8: ref=3
obexd/client/session.c:obc_session_register() Session(0x822abb8) registered /org/bluez/obex/client/session1
obexd/client/session.c:obc_session_unref() 0x822abb8: ref=2
To fix this the code now checks if the connect callback is pending, in
that case destroy the callback releasing the reference it carrying.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
session_process_queue needs to be able to access the request .func in
case an error happen and it later calls pending_request_free so .process
shall not attempt to free the request otherwise it will cause crashes:
Invalid read of size 8
at 0x4349D2: session_process_queue (session.c:857)
by 0x434AC5: setpath_complete.isra.1 (session.c:1026)
by 0x434B29: setpath_cb (session.c:1077)
by 0x416448: handle_response (gobex.c:1128)
by 0x41739D: incoming_data (gobex.c:1402)
by 0x59747FA: g_main_context_dispatch (in /usr/lib64/libglib-2.0.so.0.4200.2)
by 0x5974B97: ??? (in /usr/lib64/libglib-2.0.so.0.4200.2)
by 0x5974EC1: g_main_loop_run (in /usr/lib64/libglib-2.0.so.0.4200.2)
by 0x40E23F: main (main.c:322)
Address 0x66e3d30 is 32 bytes inside a block of size 56 free'd
at 0x4C2ACE9: free (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
by 0x597A50E: g_free (in /usr/lib64/libglib-2.0.so.0.4200.2)
by 0x4345F5: pending_request_free (session.c:193)
by 0x4348DF: session_process_setpath (session.c:1131)
by 0x4349C9: session_process_queue (session.c:854)
by 0x434AC5: setpath_complete.isra.1 (session.c:1026)
by 0x434B29: setpath_cb (session.c:1077)
by 0x416448: handle_response (gobex.c:1128)
by 0x41739D: incoming_data (gobex.c:1402)
by 0x59747FA: g_main_context_dispatch (in /usr/lib64/libglib-2.0.so.0.4200.2)
by 0x5974B97: ??? (in /usr/lib64/libglib-2.0.so.0.4200.2)
by 0x5974EC1: g_main_loop_run (in /usr/lib64/libglib-2.0.so.0.4200.2)
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The default path is /etc/bluetooth/vcard.vcf which obexd
is not able to access.
obexd[11654]: obexd/src/obex.c:cmd_get() session 0x64edff0
obexd[11654]: GET(0x3), (null)(0xffffffff)
obexd[11654]: obexd/src/obex.c:parse_type() TYPE: text/x-vcard
obexd[11654]: open(/etc/bluetooth/vcard.vcf): Operation not permitted (1)
obexd[11654]: GET(0x3), NOT_FOUND(0x44)
After making this path as obex root folder,
it is able to succeed.
obexd[12246]: obexd/src/obex.c:cmd_get() session 0x64ed830
obexd[12246]: GET(0x3), (null)(0xffffffff)
obexd[12246]: obexd/src/obex.c:parse_type() TYPE: text/x-vcard
obexd[12246]: obexd/src/obex.c:driver_get_headers() name=(null) type=text/x-vcard object=0x8
obexd[12246]: GET(0x3), CONTINUE(0x10)
obexd[12246]: obexd/src/obex.c:send_data() name=(null) type=text/x-vcard file=0x8 size=3061
obexd[12246]: obexd/src/obex.c:driver_read() 73 read
obexd[12246]: obexd/src/obex.c:send_data() name=(null) type=text/x-vcard file=0x8 size=3066
obexd[12246]: obexd/src/obex.c:driver_read() 0 read
obexd[12246]: obexd/src/obex.c:transfer_complete()
|
| |
|
|
|
| |
This fix compilation error with musl due to missing (now not needed)
stdint.h include.
|
| |
|
|
| |
NULL pointer check for name is done before using the same.
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
|
|
| |
This adds a check for invalid paths in obc_session_setpath.
|
| |
|
|
| |
As described in coding style M10.
|
| |
|
|
| |
An array can never be NULL.
|
| |
|
|
|
| |
descs->data might be NULL while is descs not. Follow scheme in
src/profile.c (in get_profile_version() function).
|
| |
|
|
|
|
|
|
|
|
| |
This adds supported_features support to obc_driver so driver can
provide this information when connecting.
This is required by PBAP 1.2 (page 48):
'Mandatory if the PSE advertises a PbapSupportedFeatures attribute in
its SDP record, else excluded.'
|
| |
|
|
| |
This adds UpdateVersion method to PhonebookAccess interface.
|
| |
|
|
| |
This adds FixedImageSize property to PhonebookAccess interface.
|
| |
|
|
|
| |
This adds PrimaryCounter and SecondaryCounter properties to
PhonebookAccess interface.
|
| |
|
|
| |
This adds DatabaseIdentifier property to PhonebookAccess interface.
|
| |
|
|
| |
This adds Folder property to PhonebookAccess interface.
|
| |
|
|
|
| |
This add parsing to PBAP record to extract version and supported
features.
|
| |
|
|
|
| |
This adds support for reading profile version via
SDP_ATTR_PFILE_DESC_LIST
|
| |
|
|
|
| |
As per spec(5.3.4.4) when MaxListCount headser is missing then
PSE should assume MaxListCount value as MAX (65535)
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
g_str_equal has been used for the session path compare
which is not NULL-safe. Used the g_strcmp0() for the NULL-Safe
string comparision.
*#0 strcmp (p1=0x0, p2=0x7105c "/org/bluez/obex/client/session0")
* at strcmp.c:38
*#1 0xb6e0cd0a in g_str_equal (v1=<value optimized out>,
* v2=<value optimized out>) at ghash.c:1704
*#2 0x000264d8 in find_session (connection=<value optimized out>,
* message=0x55b38, user_data=<value optimized out>)
* at obexd/client/manager.c:162
*#3 remove_session (connection=<value optimized out>, message=0x55b38,
user_data=<value optimized out>) at obexd/client/manager.c:231
|
| |
|
|
|
| |
Changes made to emit transfer completed to .Transfer1 interface on
ftp reset.
|
| |
|
|
| |
This enables transfer management for FTP connections.
|
| |
|
|
| |
Changes made to handle method open for mime_notification_registration
|
| |
|
|
|
| |
Changes made to add support for MSE local time and timezone offset
parameter along with GetMessageListing response.
|
| |
|
|
|
| |
Handles MAP supported feature bits as per the
MAP 1.2 specs section 7.1.1.
|
| | |
|
| |
|
|
|
|
|
| |
Adds the following filter entries:
1) Speed-dial
2) Uniform Caller Identifier
3) Unique Identifier
|
| |
|
|
| |
Add support for the speed-dial and favorite folders.
|
| |
|
|
|
|
|
|
|
|
|
|
| |
CC obexd/plugins/obexd-filesystem.o
In file included from obexd/plugins/filesystem.c:40:0:
/usr/include/wait.h:1:2: error: #warning redirecting incorrect
#include <wait.h> to <sys/wait.h> [-Werror=cpp]
#warning redirecting incorrect #include <wait.h> to <sys/wait.h>
^
cc1: all warnings being treated as errors
Makefile:6447: recipe for target 'obexd/plugins/obexd-filesystem.o' failed
make[1]: *** [obexd/plugins/obexd-filesystem.o] Error 1
|
| |
|
|
| |
Removes the check for NULL agent.
|
| |
|
|
|
| |
This adds support for Event Report 1.1 of MAP 1.2 which includes the
following atributes: Subject, datetime, sender_name, priority.
|
| |
|
|
| |
Checks for NULL value before passing to the callback.
|
| |
|
|
| |
This adds a common check before passing the event value to the callback.
|
| |
|
|
|
| |
In case an event is received twice, due to remote side misbehaving or
not, it would leak the previous data.
|
| |
|
|
|
| |
outparams can be NULL meaning no application parameters should be added
to the response.
|
| |
|
|
|
| |
Some commands don't have any mandatory application parameter which means
inparams can be NULL which should not be treated as a bad request.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
In case the transport is disconnected while disconnect command is pending
the session is freed on disconnect_complete but disconnect callback is
still valid causing the following crash:
Invalid read of size 4
at 0x42682A: obc_session_ref (session.c:132)
by 0x42797B: obc_session_shutdown (session.c:580)
by 0x4139DA: incoming_data (gobex.c:1406)
by 0x59712A5: g_main_context_dispatch (in /usr/lib64/libglib-2.0.so.0.3800.2)
by 0x5971627: ??? (in /usr/lib64/libglib-2.0.so.0.3800.2)
by 0x5971A39: g_main_loop_run (in /usr/lib64/libglib-2.0.so.0.3800.2)
by 0x40D78C: main (main.c:320)
Address 0x728d814 is 4 bytes inside a block of size 120 free'd
at 0x4C28577: free (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
by 0x5976F7E: g_free (in /usr/lib64/libglib-2.0.so.0.3800.2)
by 0x4134B9: handle_response (gobex.c:1129)
by 0x4139BD: incoming_data (gobex.c:1403)
by 0x59712A5: g_main_context_dispatch (in /usr/lib64/libglib-2.0.so.0.3800.2)
by 0x5971627: ??? (in /usr/lib64/libglib-2.0.so.0.3800.2)
by 0x5971A39: g_main_loop_run (in /usr/lib64/libglib-2.0.so.0.3800.2)
by 0x40D78C: main (main.c:320)
|
| |
|
|
|
| |
If a transfer is suspended it should be resumed before cancelling
otherwise it will timeout.
|
| |
|
|
|
| |
Transfer may be created by different processes so it make sense to allow
them to be suspended even if they are not active.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Remove snprintf error check. Fixes clang warnings below:
...
obexd/client/map.c:471:9: warning: Access to field 'message' results in
a dereference of a null pointer (loaded from variable 'err')
err->message);
^~~~~~~~~~~~
obexd/client/map.c:772:9: warning: Access to field 'message' results in
a dereference of a null pointer (loaded from variable 'err')
err->message);
^~~~~~~~~~~~
...
|
| |
|
|
| |
Fixes memory leak for message_listing_cb()
|
| |
|
|
| |
Fixes memory leak for folder_listing_cb().
|
| |
|
|
|
|
|
|
|
|
|
| |
Requests have the size set to OBJECT_SIZE_DELETE but if the request has
a body header the size should be set to OBJECT_SIZE_UNKNOWN as it no
longer can be considered a delete request:
"3.4.3.6 Put-Delete and Create-Empty Methods
A PUT operation with NO Body or End-of-Body headers whatsoever should
be treated as a delete request."
|
