Added NULL checking for "name" and "path" parameters in pbap_open_*
functions. If this variables will be NULL, then setting -EBADR error
code and ending function. This fixes many obexd crashes.
---
plugins/pbap.c | 15 ++++++++++++++-
1 files changed, 14 insertions(+), 1 deletions(-)
diff --git a/plugins/pbap.c b/plugins/pbap.c
index af4b452..af4a1bc 100644
--- a/plugins/pbap.c
+++ b/plugins/pbap.c
@@ -594,6 +594,9 @@ static int pbap_get(struct obex_session *os, obex_object_t *obj,
} else
return -EBADR;
+ if (path == NULL)
+ return -EBADR;
+
pbap->params = params;
ret = obex_get_stream_start(os, path);
@@ -689,6 +692,11 @@ static void *vobject_pull_open(const char *name, int oflag, mode_t mode,
goto fail;
}
+ if (name == NULL) {
+ ret = -EBADR;
+ goto fail;
+ }
+
if (pbap->params->maxlistcount == 0)
cb = phonebook_size_result;
else
@@ -720,6 +728,11 @@ static void *vobject_list_open(const char *name, int oflag, mode_t mode,
goto fail;
}
+ if (name == NULL) {
+ ret = -EBADR;
+ goto fail;
+ }
+
/* PullvCardListing always get the contacts from the cache */
if (pbap->cache.valid) {
@@ -758,7 +771,7 @@ static void *vobject_vcard_open(const char *name, int oflag, mode_t mode,
goto fail;
}
- if (sscanf(name, "%u.vcf", &handle) != 1) {
+ if (name == NULL || sscanf(name, "%u.vcf", &handle) != 1) {
ret = -EBADR;
goto fail;
}
--
1.7.0.4
Hi Radek,
On Tue, Aug 03, 2010, Radoslaw Jablonski wrote:
> Added NULL checking for "name" and "path" parameters in pbap_open_*
> functions. If this variables will be NULL, then setting -EBADR error
> code and ending function. This fixes many obexd crashes.
> ---
> plugins/pbap.c | 15 ++++++++++++++-
> 1 files changed, 14 insertions(+), 1 deletions(-)
Please update your tree against latest upstream. Your patch doesn't
apply anymore (it seems like a new version of the previous one, but that
one got already pushed upstream). Also fix the commit message to explain
what issue in the previous patch this one fixes.
Johan