LinuxLists.cc - [PATCH BlueZ 1/2] hog: Fix potencial segfault when sending a output report

2012-11-23 19:08:28

Subject: [PATCH BlueZ 1/2] hog: Fix potencial segfault when sending a output report

As UHID is not notified when the device is disconnected, it may be
possible that an output report is forwarded when the device is not
connected, one example, would be when the caps lock key is pressed on
another keyboard.
---
profiles/input/hog_device.c | 3 +++
1 file changed, 3 insertions(+)

diff --git a/profiles/input/hog_device.c b/profiles/input/hog_device.c
index d231e00..994437f 100644
--- a/profiles/input/hog_device.c
+++ b/profiles/input/hog_device.c
@@ -573,6 +573,9 @@ static void forward_report(struct hog_device *hogdev,
DBG("Sending report type %d to device 0x%04X handle 0x%X", type,
hogdev->id, report->decl->value_handle);

+ if (hogdev->attrib == NULL)
+ return;
+
if (report->decl->properties & ATT_CHAR_PROPER_WRITE)
gatt_write_char(hogdev->attrib, report->decl->value_handle,
data, size, output_written_cb, hogdev);
--
1.8.0

2012-11-23 21:28:48

by Johan Hedberg

[permalink] [raw]

Subject: Re: [PATCH BlueZ 1/2] hog: Fix potencial segfault when sending a output report

Hi Vinicius,

On Fri, Nov 23, 2012, Vinicius Costa Gomes wrote:
> As UHID is not notified when the device is disconnected, it may be
> possible that an output report is forwarded when the device is not
> connected, one example, would be when the caps lock key is pressed on
> another keyboard.
> ---
> profiles/input/hog_device.c | 3 +++
> 1 file changed, 3 insertions(+)

Both patches have been applied. Thanks.

Johan

2012-11-23 19:08:29

by Vinicius Costa Gomes

[permalink] [raw]

Subject: [PATCH BlueZ 2/2] hog: Fix output report

Even if we receive the output report with the report id included, we
must send the output report without the report id, as the remote side
is able to infer it using the handle.
---
profiles/input/hog_device.c | 9 +++++++--
1 file changed, 7 insertions(+), 2 deletions(-)

diff --git a/profiles/input/hog_device.c b/profiles/input/hog_device.c
index 994437f..0a5fb58 100644
--- a/profiles/input/hog_device.c
+++ b/profiles/input/hog_device.c
@@ -549,8 +549,13 @@ static void forward_report(struct hog_device *hogdev,
int size;
guint type;

- data = ev->u.output.data;
- size = ev->u.output.size;
+ if (hogdev->prepend_id) {
+ data = ev->u.output.data + 1;
+ size = ev->u.output.size - 1;
+ } else {
+ data = ev->u.output.data;
+ size = ev->u.output.size;
+ }

switch (ev->type) {
case UHID_OUTPUT:
--
1.8.0