Received: by 2002:a25:c205:0:0:0:0:0 with SMTP id s5csp2636801ybf; Mon, 2 Mar 2020 12:40:52 -0800 (PST) X-Google-Smtp-Source: ADFU+vuAxuNYibJ2PguAkNnREw+IvlK++0wb3S/NtWgRfu4N0nMLBU4QFtjixxGmu410fBNGG25v X-Received: by 2002:aca:5447:: with SMTP id i68mr176391oib.31.1583181652581; Mon, 02 Mar 2020 12:40:52 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1583181652; cv=none; d=google.com; s=arc-20160816; b=nPklROQDc0Pdx74nIiNlzbLXVVaq0P8PxZiJnDdXNJBjo+O4K2460lZY0sltwQlman Rrnucp0VYt0679PuNuXSdBXnwpp+WMh2m2VIArYX3aHC7hQ02E7/fQdZKMr1/gS2SSyu h6kwgzz2iqiVyQI/YpP6c3Dp6ibIxe1qLIXnmZ+pXEQ5zqw4zt9NZx/BMVSqYUBUtEUm C6EgK+AGiGtJ7u+FHZVPvTGeHfrMya16GlKDyxiSgRsUSDiOV2PNXSAx32xFRp3aHJUa zlO/0oAueXhyBgnBnRCeUTGb+HN4MxPn1ubybHQ9HrN2AmR2tR1+0RVXcfQLQ1l3/T9K utBQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :message-id:date:subject:cc:to:from; bh=eLLNrzOJ9mbb/Oh1xL8rYkQ2kDfeAqI6zYlx0cFaYyU=; b=WuO9vi/qugOI5YdtzZgoRg0dD+iBFqGEkXvSJgArwKOqkZ73PvCqOUUi8mqsNe7uqC 9nfRnSEAzk2qlSXlL4Eg3ee0DdmnYEeXoi1c5sANPZPROsDJBmi1eAHzkBtjHh5PzQiL 7RrCeoCbchyCTWM5hRM7fOzFuTeFsNsIiEjJH+nxj9VzTTYemErJGTGgkhS40SfwkF4D aeLcsSWZ2bCt0lGpg2CEZ4n1i5jBfVkARUTprJ+VCTQV1QkmsSNBx4fysuUKvtUQnBv8 OJ+/VAQETNeu1pDi9LfDr9psbIhvlO2XcwtEP9czyPHvil89EgKoadKN0nGKBBRnNkXY 8Oow== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-bluetooth-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-bluetooth-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id z62si6516321oiz.271.2020.03.02.12.40.33; Mon, 02 Mar 2020 12:40:52 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-bluetooth-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-bluetooth-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-bluetooth-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726536AbgCBUkc (ORCPT + 99 others); Mon, 2 Mar 2020 15:40:32 -0500 Received: from mga09.intel.com ([134.134.136.24]:54730 "EHLO mga09.intel.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1725883AbgCBUkc (ORCPT ); Mon, 2 Mar 2020 15:40:32 -0500 X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from fmsmga001.fm.intel.com ([10.253.24.23]) by orsmga102.jf.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 02 Mar 2020 12:40:31 -0800 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.70,508,1574150400"; d="scan'208";a="351630459" Received: from ingas-nuc1.sea.intel.com ([10.255.230.43]) by fmsmga001.fm.intel.com with ESMTP; 02 Mar 2020 12:40:31 -0800 From: Inga Stotland To: linux-bluetooth@vger.kernel.org Cc: brian.gix@intel.com, Inga Stotland Subject: [PATCH BlueZ] tools/mesh-cfgclient: Add address checks for pub/sub commands Date: Mon, 2 Mar 2020 12:40:29 -0800 Message-Id: <20200302204030.9150-1-inga.stotland@intel.com> X-Mailer: git-send-email 2.21.1 MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Sender: linux-bluetooth-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-bluetooth@vger.kernel.org This addrs verification of subscriptpion address value entered on the command line: unassigned address, unicast address, and all-nodes address are not allowed. Publication address check verifies that the entered value falls into mesh address space. Also, change the type of parameter count in comaand processing routines from int to uint32_t to match the retrun type of the parameter parsing routine. --- tools/mesh/cfgcli.c | 47 ++++++++++++++++++++++++++++----------------- 1 file changed, 29 insertions(+), 18 deletions(-) diff --git a/tools/mesh/cfgcli.c b/tools/mesh/cfgcli.c index 5c990d2e8..0aea7e553 100644 --- a/tools/mesh/cfgcli.c +++ b/tools/mesh/cfgcli.c @@ -802,7 +802,7 @@ static struct mesh_group *add_group(uint16_t addr) { struct mesh_group *grp; - if (!IS_GROUP(addr)) + if (!IS_GROUP(addr) || addr >= FIXED_GROUP_LOW) return NULL; grp = l_queue_find(groups, match_group_addr, L_UINT_TO_PTR(addr)); @@ -1064,7 +1064,7 @@ static void cmd_bind(uint32_t opcode, int argc, char *argv[]) { uint16_t n; uint8_t msg[32]; - int parm_cnt; + uint32_t parm_cnt; parm_cnt = read_input_parameters(argc, argv); if (parm_cnt != 3 && parm_cnt != 4) { @@ -1101,7 +1101,7 @@ static void cmd_beacon_set(int argc, char *argv[]) { uint16_t n; uint8_t msg[2 + 1]; - int parm_cnt; + uint32_t parm_cnt; n = mesh_opcode_set(OP_CONFIG_BEACON_SET, msg); @@ -1128,7 +1128,7 @@ static void cmd_ident_set(int argc, char *argv[]) { uint16_t n; uint8_t msg[2 + 3 + 4]; - int parm_cnt; + uint32_t parm_cnt; n = mesh_opcode_set(OP_NODE_IDENTITY_SET, msg); @@ -1152,7 +1152,7 @@ static void cmd_ident_get(int argc, char *argv[]) { uint16_t n; uint8_t msg[2 + 2 + 4]; - int parm_cnt; + uint32_t parm_cnt; n = mesh_opcode_set(OP_NODE_IDENTITY_GET, msg); @@ -1175,7 +1175,7 @@ static void cmd_proxy_set(int argc, char *argv[]) { uint16_t n; uint8_t msg[2 + 1]; - int parm_cnt; + uint32_t parm_cnt; n = mesh_opcode_set(OP_CONFIG_PROXY_SET, msg); @@ -1202,7 +1202,7 @@ static void cmd_relay_set(int argc, char *argv[]) { uint16_t n; uint8_t msg[2 + 2 + 4]; - int parm_cnt; + uint32_t parm_cnt; n = mesh_opcode_set(OP_CONFIG_RELAY_SET, msg); @@ -1230,7 +1230,7 @@ static void cmd_ttl_set(int argc, char *argv[]) { uint16_t n; uint8_t msg[32]; - int parm_cnt; + uint32_t parm_cnt; parm_cnt = read_input_parameters(argc, argv); if (!parm_cnt || parms[0] > TTL_MASK) { @@ -1251,7 +1251,7 @@ static void cmd_pub_set(int argc, char *argv[]) { uint16_t n; uint8_t msg[48]; - int parm_cnt; + uint32_t parm_cnt; struct mesh_group *grp; uint32_t opcode; uint16_t pub_addr; @@ -1263,6 +1263,11 @@ static void cmd_pub_set(int argc, char *argv[]) return bt_shell_noninteractive_quit(EXIT_FAILURE); } + if (parms[1] > ALL_NODES_ADDRESS) { + bt_shell_printf("Bad publication address %x\n", parms[1]); + return bt_shell_noninteractive_quit(EXIT_FAILURE); + } + pub_addr = parms[1]; grp = l_queue_find(groups, match_group_addr, L_UINT_TO_PTR(pub_addr)); @@ -1314,7 +1319,7 @@ static void cmd_pub_get(int argc, char *argv[]) { uint16_t n; uint8_t msg[32]; - int parm_cnt; + uint32_t parm_cnt; n = mesh_opcode_set(OP_CONFIG_MODEL_PUB_GET, msg); @@ -1341,7 +1346,7 @@ static void subscription_cmd(int argc, char *argv[], uint32_t opcode) { uint16_t n; uint8_t msg[32]; - int parm_cnt; + uint32_t parm_cnt; struct mesh_group *grp; uint16_t sub_addr; @@ -1351,6 +1356,12 @@ static void subscription_cmd(int argc, char *argv[], uint32_t opcode) return bt_shell_noninteractive_quit(EXIT_FAILURE); } + if ((!IS_GROUP(parms[1]) || IS_ALL_NODES(parms[1])) && + !IS_VIRTUAL(parms[1])) { + bt_shell_printf("Bad subscription address %x\n", parms[1]); + return bt_shell_noninteractive_quit(EXIT_FAILURE); + } + sub_addr = parms[1]; grp = l_queue_find(groups, match_group_addr, L_UINT_TO_PTR(sub_addr)); @@ -1416,7 +1427,7 @@ static void cmd_sub_del_all(int argc, char *argv[]) { uint16_t n; uint8_t msg[32]; - int parm_cnt; + uint32_t parm_cnt; n = mesh_opcode_set(OP_CONFIG_MODEL_SUB_DELETE_ALL, msg); @@ -1443,7 +1454,7 @@ static void cmd_sub_get(int argc, char *argv[]) { uint16_t n; uint8_t msg[32]; - int parm_cnt; + uint32_t parm_cnt; bool vendor; uint32_t opcode; @@ -1474,7 +1485,7 @@ static void cmd_mod_appidx_get(int argc, char *argv[]) { uint16_t n; uint8_t msg[32]; - int parm_cnt; + uint32_t parm_cnt; bool vendor; uint32_t opcode; @@ -1504,7 +1515,7 @@ static void cmd_hb_pub_set(int argc, char *argv[]) { uint16_t n; uint8_t msg[32]; - int parm_cnt; + uint32_t parm_cnt; n = mesh_opcode_set(OP_CONFIG_HEARTBEAT_PUB_SET, msg); @@ -1549,7 +1560,7 @@ static void cmd_hb_sub_set(int argc, char *argv[]) { uint16_t n; uint8_t msg[32]; - int parm_cnt; + uint32_t parm_cnt; n = mesh_opcode_set(OP_CONFIG_HEARTBEAT_SUB_SET, msg); @@ -1597,7 +1608,7 @@ static void cmd_network_transmit_set(int argc, char *argv[]) { uint16_t n; uint8_t msg[2 + 1]; - int parm_cnt; + uint32_t parm_cnt; n = mesh_opcode_set(OP_CONFIG_NETWORK_TRANSMIT_SET, msg); @@ -1619,7 +1630,7 @@ static void cmd_friend_set(int argc, char *argv[]) { uint16_t n; uint8_t msg[2 + 1]; - int parm_cnt; + uint32_t parm_cnt; n = mesh_opcode_set(OP_CONFIG_FRIEND_SET, msg); -- 2.21.1