Hello Maintainers
This patch fixes assertion in bluetoothctl client process
After pair command, if the user doesn't provide any input on bluetoothctl
CLI interface after receiving the prompt(yes/no), than subsequent CLI
command will trigger a call to DBUS library function
(dbus_message_get_no_reply) with a NULL message pointer which triggers
assertion in DBUS library causing the bluetoothctl process to crash.
The change is done in confirm_response callback to trigger a DBUS
API error call only if the pending_message pointer is not NULL so
as to avoid the assertion.
Thank you in advance for your review.
Warm Regards
Vinit Mehta
Vinit Mehta (1):
mgmt: Fix crash after pair command
client/agent.c | 15 +++++++++------
client/mgmt.c | 12 +++++++++---
2 files changed, 18 insertions(+), 9 deletions(-)
--
2.42.0.windows.2
After pair command, if the user doesn't provide any input on bluetoothctl
CLI interface after receiving the prompt(yes/no) below crash is observed:
dbus[782]: arguments to dbus_message_get_no_reply() were incorrect,
assertion "message != NULL" failed in file
/usr/src/debug/dbus/1.14.10-r0/dbus/dbus-message.c line 3250.
This is normally a bug in some application using the D-Bus library.
/usr/lib/libc.so.6(+0x27534) [0xffffa1b67534]
/usr/lib/libc.so.6(__libc_start_main+0x9c) [0xffffa1b6760c]
bluetoothctl(+0x188f0) [0xaaaac9c088f0]
Aborted (core dumped)
---
client/agent.c | 15 +++++++++------
client/mgmt.c | 12 +++++++++---
2 files changed, 18 insertions(+), 9 deletions(-)
diff --git a/client/agent.c b/client/agent.c
index 35b404114..ff5e57ff2 100644
--- a/client/agent.c
+++ b/client/agent.c
@@ -77,14 +77,17 @@ static void confirm_response(const char *input, void *user_data)
{
DBusConnection *conn = user_data;
- if (!strcmp(input, "yes"))
- g_dbus_send_reply(conn, pending_message, DBUS_TYPE_INVALID);
- else if (!strcmp(input, "no"))
- g_dbus_send_error(conn, pending_message,
+ if (pending_message != NULL) {
+ if (!strcmp(input, "yes"))
+ g_dbus_send_reply(conn, pending_message,
+ DBUS_TYPE_INVALID);
+ else if (!strcmp(input, "no"))
+ g_dbus_send_error(conn, pending_message,
"org.bluez.Error.Rejected", NULL);
- else
- g_dbus_send_error(conn, pending_message,
+ else
+ g_dbus_send_error(conn, pending_message,
"org.bluez.Error.Canceled", NULL);
+ }
}
static void agent_release(DBusConnection *conn)
diff --git a/client/mgmt.c b/client/mgmt.c
index c056d018a..2cc40a7e3 100644
--- a/client/mgmt.c
+++ b/client/mgmt.c
@@ -849,10 +849,16 @@ static void prompt_input(const char *input, void *user_data)
&prompt.addr);
break;
case MGMT_EV_USER_CONFIRM_REQUEST:
- if (input[0] == 'y' || input[0] == 'Y')
- mgmt_confirm_reply(prompt.index, &prompt.addr);
- else
+ if (len) {
+ if (input[0] == 'y' || input[0] == 'Y')
+ mgmt_confirm_reply(prompt.index, &prompt.addr);
+ else
+ mgmt_confirm_neg_reply(prompt.index,
+ &prompt.addr);
+ } else {
mgmt_confirm_neg_reply(prompt.index, &prompt.addr);
+ bt_shell_set_prompt(PROMPT_ON);
+ }
break;
}
}
--
2.42.0.windows.2
This is automated email and please do not reply to this email!
Dear submitter,
Thank you for submitting the patches to the linux bluetooth mailing list.
This is a CI test results with your patch series:
PW Link:https://patchwork.kernel.org/project/bluetooth/list/?series=811296
---Test result---
Test Summary:
CheckPatch PASS 0.30 seconds
GitLint PASS 0.21 seconds
BuildEll PASS 24.02 seconds
BluezMake PASS 751.07 seconds
MakeCheck PASS 11.61 seconds
MakeDistcheck PASS 162.18 seconds
CheckValgrind PASS 225.46 seconds
CheckSmatch PASS 326.35 seconds
bluezmakeextell PASS 106.28 seconds
IncrementalBuild PASS 699.09 seconds
ScanBuild PASS 941.41 seconds
---
Regards,
Linux Bluetooth
Hello:
This patch was applied to bluetooth/bluez.git (master)
by Luiz Augusto von Dentz <[email protected]>:
On Tue, 19 Dec 2023 11:58:00 +0530 you wrote:
> Hello Maintainers
>
> This patch fixes assertion in bluetoothctl client process
>
> After pair command, if the user doesn't provide any input on bluetoothctl
> CLI interface after receiving the prompt(yes/no), than subsequent CLI
> command will trigger a call to DBUS library function
> (dbus_message_get_no_reply) with a NULL message pointer which triggers
> assertion in DBUS library causing the bluetoothctl process to crash.
> The change is done in confirm_response callback to trigger a DBUS
> API error call only if the pending_message pointer is not NULL so
> as to avoid the assertion.
>
> [...]
Here is the summary with links:
- [BlueZ,v2,1/1] mgmt: Fix crash after pair command
https://git.kernel.org/pub/scm/bluetooth/bluez.git/?id=60d60166e4bf
You are awesome, thank you!
--
Deet-doot-dot, I am a bot.
https://korg.docs.kernel.org/patchwork/pwbot.html