This patch set includes few fixes for bugs that was found by
Linux Verification Center (linuxtesting.org) with the SVACE static
analysis tool.
Changelog:
[v3] Removed trailing whitespace (style issue).
[v2] Some minor style changes after CI check.
[v1] Initial version.
Ildar Kamaletdinov (4):
tools: Fix memory leak in hciconfig
tools: Fix memory leaks in btgatt-server/client
tools: Fix handle leak in rfcomm
device: Fix uninitialized value usage
src/device.c | 3 ++-
tools/btgatt-client.c | 6 +++++-
tools/btgatt-server.c | 5 ++++-
tools/hciconfig.c | 6 +++++-
tools/rfcomm.c | 4 ++++
5 files changed, 20 insertions(+), 4 deletions(-)
--
2.35.3
printf() was using function that return dynamic allocated memory as
a parameter.
Found by Linux Verification Center (linuxtesting.org) with the SVACE
static analysis tool.
---
tools/hciconfig.c | 6 +++++-
1 file changed, 5 insertions(+), 1 deletion(-)
diff --git a/tools/hciconfig.c b/tools/hciconfig.c
index e4d521583..a1c615bfa 100644
--- a/tools/hciconfig.c
+++ b/tools/hciconfig.c
@@ -80,7 +80,11 @@ static void print_pkt_type(struct hci_dev_info *di)
static void print_link_policy(struct hci_dev_info *di)
{
- printf("\tLink policy: %s\n", hci_lptostr(di->link_policy));
+ char *str;
+
+ str = hci_lptostr(di->link_policy);
+ printf("\tLink policy: %s\n", str);
+ bt_free(str);
}
static void print_link_mode(struct hci_dev_info *di)
--
2.35.3
According to man buffer allocated by getline() should be freed by
the user program even if getline() failed.
Found by Linux Verification Center (linuxtesting.org) with the SVACE
static analysis tool.
---
tools/btgatt-client.c | 6 +++++-
tools/btgatt-server.c | 5 ++++-
2 files changed, 9 insertions(+), 2 deletions(-)
diff --git a/tools/btgatt-client.c b/tools/btgatt-client.c
index 8c9365aa2..58a03bd48 100644
--- a/tools/btgatt-client.c
+++ b/tools/btgatt-client.c
@@ -1355,12 +1355,16 @@ static void prompt_read_cb(int fd, uint32_t events, void *user_data)
return;
}
- if ((read = getline(&line, &len, stdin)) == -1)
+ read = getline(&line, &len, stdin);
+ if (read < 0) {
+ free(line);
return;
+ }
if (read <= 1) {
cmd_help(cli, NULL);
print_prompt();
+ free(line);
return;
}
diff --git a/tools/btgatt-server.c b/tools/btgatt-server.c
index 4a5d2b720..90a6c9b0a 100644
--- a/tools/btgatt-server.c
+++ b/tools/btgatt-server.c
@@ -1080,12 +1080,15 @@ static void prompt_read_cb(int fd, uint32_t events, void *user_data)
}
read = getline(&line, &len, stdin);
- if (read < 0)
+ if (read < 0) {
+ free(line);
return;
+ }
if (read <= 1) {
cmd_help(server, NULL);
print_prompt();
+ free(line);
return;
}
--
2.35.3
Some branches of execution can make handle (socket) leakage.
Found by Linux Verification Center (linuxtesting.org) with the SVACE
static analysis tool.
---
tools/rfcomm.c | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/tools/rfcomm.c b/tools/rfcomm.c
index cd520aa44..e013ff588 100644
--- a/tools/rfcomm.c
+++ b/tools/rfcomm.c
@@ -298,6 +298,7 @@ static void cmd_connect(int ctl, int dev, bdaddr_t *bdaddr, int argc, char **arg
if (setsockopt(sk, SOL_SOCKET, SO_LINGER, &l, sizeof(l)) < 0) {
perror("Can't set linger option");
+ close(sk);
return;
}
}
@@ -466,6 +467,7 @@ static void cmd_listen(int ctl, int dev, bdaddr_t *bdaddr, int argc, char **argv
if (getsockname(nsk, (struct sockaddr *)&laddr, &alen) < 0) {
perror("Can't get RFCOMM socket name");
close(nsk);
+ close(sk);
return;
}
@@ -475,6 +477,7 @@ static void cmd_listen(int ctl, int dev, bdaddr_t *bdaddr, int argc, char **argv
if (setsockopt(nsk, SOL_SOCKET, SO_LINGER, &l, sizeof(l)) < 0) {
perror("Can't set linger option");
close(nsk);
+ close(sk);
return;
}
}
@@ -490,6 +493,7 @@ static void cmd_listen(int ctl, int dev, bdaddr_t *bdaddr, int argc, char **argv
dev = ioctl(nsk, RFCOMMCREATEDEV, &req);
if (dev < 0) {
perror("Can't create RFCOMM TTY");
+ close(nsk);
close(sk);
return;
}
--
2.35.3
Hello:
This series was applied to bluetooth/bluez.git (master)
by Luiz Augusto von Dentz <[email protected]>:
On Sat, 7 May 2022 20:35:01 +0300 you wrote:
> This patch set includes few fixes for bugs that was found by
> Linux Verification Center (linuxtesting.org) with the SVACE static
> analysis tool.
>
> Changelog:
> [v3] Removed trailing whitespace (style issue).
> [v2] Some minor style changes after CI check.
> [v1] Initial version.
>
> [...]
Here is the summary with links:
- [BlueZ,1/4] tools: Fix memory leak in hciconfig
https://git.kernel.org/pub/scm/bluetooth/bluez.git/?id=efa90050937c
- [BlueZ,2/4] tools: Fix memory leaks in btgatt-server/client
https://git.kernel.org/pub/scm/bluetooth/bluez.git/?id=a4741ef4bf6c
- [BlueZ,3/4] tools: Fix handle leak in rfcomm
https://git.kernel.org/pub/scm/bluetooth/bluez.git/?id=e9ec1cf8715d
- [BlueZ,4/4] device: Fix uninitialized value usage
https://git.kernel.org/pub/scm/bluetooth/bluez.git/?id=42e9b8db92d5
You are awesome, thank you!
--
Deet-doot-dot, I am a bot.
https://korg.docs.kernel.org/patchwork/pwbot.html