Message-ID: <0b36af38-4069-0952-da99-4d384295a50e@systech.com>
Date:   Thu, 11 Nov 2021 07:38:48 -0800
User-Agent: Mozilla/5.0 (Windows NT 6.3; Win64; x64; rv:91.0) Gecko/20100101
 Thunderbird/91.3.0
Subject: Re: BlueZ hciconfig: Segmentation Fault
Content-Language: en-US
To:     Luiz Augusto von Dentz <luiz.dentz@gmail.com>
Cc:     "linux-bluetooth@vger.kernel.org" <linux-bluetooth@vger.kernel.org>
References: <f657c955-2a04-d6ae-cc10-3b0476a33fa3@systech.com>
 <CABBYNZLcCEPUuqrzeQRiOWh34Z+E6wAJB8u4tfwX3Pog9N5=tg@mail.gmail.com>
From:   Jay Foster <jay.foster@systech.com>
Organization: Systech Corporation
In-Reply-To: <CABBYNZLcCEPUuqrzeQRiOWh34Z+E6wAJB8u4tfwX3Pog9N5=tg@mail.gmail.com>
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 8bit
MIME-Version: 1.0
X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1
X-MS-Exchange-AntiSpam-MessageData-0: =?utf-8?B?N09sNndkVU9lTTc1TDBEU2FrR0tiSm1lUkFSSHBPS095ZGtmM1JDMXZUaHpW?=
 =?utf-8?B?WGRhTHNPWStPZVRCcVE3aEw5ZHV6UzYzNmFEQ21WRVdKa1hvYXlFbXJQY3lk?=
 =?utf-8?B?QnpwZFdpZHlETWVDMUpaQzV3ck1vbnBTeW5pTzRBSlFxeUF6NGQxaS9nMGcx?=
 =?utf-8?B?MkdqRXZQRklYVTJ1cXM4bDZTS0xtZ3pDb09LLzN2dlZjZU9uVmkyYkJzNjJn?=
 =?utf-8?B?Y0sydHptbzVYdTNVWEFHNkZOd2hiUlg3d3pPMlBmS09zb1IvdE9CS3htVG1q?=
 =?utf-8?B?bUFnSk5UM2VhOWNsUDFiSDhYSkNkdkxjOXJtRnRscmFpeXZZTzNiakxIQ2Jz?=
 =?utf-8?B?MTNoenZGUlA0V3lkZC9XWUFlS1BjMG8rSU5yeGtOdWRXeFo0T2JXQ0JVTFhW?=
 =?utf-8?B?Y2ZNdm1kZFZnZTRlU1dVNXl3TlVPamxtRzlpcWdrdk9UWGdGLzQwR0xHRXZt?=
 =?utf-8?B?eHNzelFza3llOVZ1OGZCS2JONmh2bmI3T3p5M2d6K3V3bTBsKzhNZ1ZaYVBU?=
 =?utf-8?B?S1l5WWlUZVFPbnNEUVJsM3VidnNMV0YwMHhqazEyRElwS2RLMXJVd2NxYlJy?=
 =?utf-8?B?dmJ0NmJTUHNjcWg0aEIyT0ROSWJvby9HQ20waTgzUUlpK3NManM4MFBrMkgv?=
 =?utf-8?B?Vm1vODRzbXJQR3l0TlE2NnVkSVpkMUZ5NWU4RXVZend6MzRPdVRPbmtnT1I5?=
 =?utf-8?B?eGNKNlRKUjdVaEt0bTF6U3ZTWFh5cnIxd0RqVzA5MVgrY09LcnZ6dEp1MWlv?=
 =?utf-8?B?Yk1aV0hHaHZlUmE0WG9LNi9kaW5RQWl4alRjcUJlWlBocitEdEw5YjBsNkRC?=
 =?utf-8?B?T3BKeC9KSHgxUXBvbmdOY2M4bkJvdEN5Zlo2aDlVZlBGYW13VnFjeUFrYWlx?=
 =?utf-8?B?NmZGTnJrbUptSUkydnpBTlJOOEg2K2lzMWtBQzdoSTZoQk5wYm0rWXlYaFd5?=
 =?utf-8?B?WmN4dWQzSnB3YzNlekdXV0laN3UvMUJ2bitxM25nTXF5TFRtcUFyck1JYkVF?=
 =?utf-8?B?MGRta2RBOU5Hb2QvaWhlL0tUWm9aek5TUW1URWZ0c2FLdHExbFRwVkM4M1Uy?=
 =?utf-8?B?ZENWNXhHTVZ4OThoSTRVUUlKRGkyRllNRGZESXRMNzhBNW45YjRmTHYrejhF?=
 =?utf-8?B?UkYwVU9mQUdYU1VkMTRWd0VBcjJ4NDhZMDZwY2tMeVl1UEVRN3JHTDZvazI2?=
 =?utf-8?B?aUVwdE1rUVpPL1FlRXdQVWZxK2IyWTcwV2dqQ3c4dUprbC9UN2xKZGIvWjNw?=
 =?utf-8?B?QThOSTMvOU0wTzhFdFpnSGZEV0VUblRrcTBTZTZYYnhsWFhuZm1lM2dLa09z?=
 =?utf-8?B?eWZTeFQ3NksvSE44VWNFSVM5bVFDV3JQckVPRFBBblpBNVBOc05pZldGYVJk?=
 =?utf-8?B?MmxlcklnM3lraGxaaW45bzFUMHNGclM1eWNFODJpU3FxcFJteWJiTTNEK3lh?=
 =?utf-8?B?TWJ1cW9VMTd6NzhCVHlNdkFmKzBFaVBqNDBMSGx4Q0pidDdsNmM5RjNpNkE2?=
 =?utf-8?B?TG5SbGJ0cVhDaEZyN1VZMm1BMGhRUG9RS2JBZkZyMGcxN0RDZWJIMUZMVC90?=
 =?utf-8?B?bndFVVRjQ3crSXBpQlZaUSthU3VPakJaeEtaVjRNNTMzOXNpTWRBMjM5WFox?=
 =?utf-8?B?Z2xXL2dJSUJBMUkyRjdXUzE2SFpXQlZiTUROcjZBQWJ1ZUZHbG82S2hMRmN5?=
 =?utf-8?B?ZUtQWlBIc2lldjNYTFFVazZJRjZTcXNodFowNWFoeXRpeTA4OU1HVmtzM3lp?=
 =?utf-8?B?VGtSTEs1endVcHBjSE5WYWEyTEdLcTlSOHNsRlU4MERLc0FRK0d4d1YyaUlK?=
 =?utf-8?B?Yk9XNnNDbk9pVURoSnQyaFk4bjJYc1d2dHdwY3JVQWI5VlRJVG1INkxUYThx?=
 =?utf-8?B?enhXSlArNy9tcTN2VnBPTUluenVia3JMdW1DKy84ZHJxL0NKa3VzUXFoM1Bq?=
 =?utf-8?B?d3BYMFlCMGFHVkY2emEyVFhSaGlwY3NOamRsTUVBQkwrWmNBZVVMQk9MT1JF?=
 =?utf-8?B?WVdTNFU5RmdSandHcVlXT2N5OXpLVkhSRkJQWnhVQkhJVnM1UE5FSmFqbXRa?=
 =?utf-8?B?MDkyM3NvNjZLVkxCOTVNbVE4TFBhMXpPc1l0R24zTm9DcFJKc0c1dGUvV3BD?=
 =?utf-8?B?QzhudG03aE9qbXh0akU0Z0RzMmQwTmRKN05QcHNxMkRzd1d5dEVjRm9qYjhn?=
 =?utf-8?Q?UiJADItvQ9nAphJrwJr9N+I=3D?=
X-OriginatorOrg: systech.com
X-MS-Exchange-CrossTenant-Network-Message-Id: fffe3dca-15cb-4856-2676-08d9a5296073
X-MS-Exchange-CrossTenant-AuthSource: BYAPR20MB2664.namprd20.prod.outlook.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 11 Nov 2021 15:38:58.8362
 (UTC)
X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted
X-MS-Exchange-CrossTenant-Id: 47224f68-59f8-42cf-9b0c-62ae261b2df6
X-MS-Exchange-CrossTenant-MailboxType: HOSTED
X-MS-Exchange-CrossTenant-UserPrincipalName: 7L0UuxhmWtMgL2UTnM3y0Ng9t0SNGtRYSHsPIm3F2GAEwyCFjEb9/3EPln8bq/3yQlCKX+sHt2lz0550RbSypw==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BY5PR20MB2932
Precedence: bulk
List-ID: <linux-bluetooth.vger.kernel.org>
X-Mailing-List: linux-bluetooth@vger.kernel.org

On 11/10/2021 4:29 PM, Luiz Augusto von Dentz wrote:
> Hi Jay,
>
> On Wed, Nov 10, 2021 at 7:47 AM Jay Foster <jay.foster@systech.com> wrote:
>> From: Jay Foster <jay.foster@systech.com>
>>
>> hciconfig segfaults in the Bluez 5.62 release.
>>
>> The 'hciconfig lm' command, used to show the current link mode settings,
>> de-references a NULL pointer when calling strcasestr().  This results in
>> a segmentation fault.  This is a regression in release 5.62 from the updates
>> to implement the appropriate language changes.
>>
>> The hci_str2bit() function handles a NULL str value, but strcasestr()
>> does not.
>>
>> Signed-off-by: Jay Foster <jay.foster@systech.com>
>>
>> --- a/lib/hci.c    2021-10-13 11:38:34.000000000 -0700
>> +++ b/lib/hci.c    2021-11-08 09:19:59.880207913 -0800
>> @@ -323,7 +323,7 @@ int hci_strtolm(char *str, unsigned int
>>        int ret = hci_str2bit(link_mode_map, str, val);
>>
>>        /* Deprecated name. Kept for compatibility. */
>> -    if (strcasestr(str, "MASTER")) {
>> +    if (str && strcasestr(str, "MASTER")) {
>>            ret = 1;
>>            *val |= HCI_LM_MASTER;
>>        }
> You will probably need to rebase:
>
> Applying: BlueZ hciconfig: Segmentation Fault
> error: lib/hci.c    2021-11-08 09:19:59.880207913 -0800: does not exist in index
> Patch failed at 0001 BlueZ hciconfig: Segmentation Fault
>
>
Regenerated patch using git.
From: Jay Foster <jay.foster@systech.com>

hciconfig segfaults in the Bluez 5.62 release.

The 'hciconfig lm' command, used to show the current link mode settings,
de-references a NULL pointer when calling strcasestr().  This results in
a segmentation fault.  This is a regression in release 5.62 from the updates
to implement the appropriate language changes.

The hci_str2bit() function handles a NULL str value, but strcasestr()
does not.

Signed-off-by: Jay Foster <jay.foster@systech.com>

diff --git a/lib/hci.c b/lib/hci.c
index 5141f20..0436759 100644
--- a/lib/hci.c
+++ b/lib/hci.c
@@ -323,7 +323,7 @@ int hci_strtolm(char *str, unsigned int *val)
      int ret = hci_str2bit(link_mode_map, str, val);

      /* Deprecated name. Kept for compatibility. */
-    if (strcasestr(str, "MASTER")) {
+    if (str && strcasestr(str, "MASTER")) {
          ret = 1;
          *val |= HCI_LM_MASTER;
      }