Received: by 2002:ab2:6816:0:b0:1f9:5764:f03e with SMTP id t22csp151938lqo; Thu, 16 May 2024 02:04:41 -0700 (PDT) X-Forwarded-Encrypted: i=3; AJvYcCWVczXI8N8t/uvo6+GEoCTayMlTKEZirnDcranGXC+AS+DWElkkvHzzl+JGfL+fO8483n75ZdmmT9lGYFED3tjNqjIcmrgrDr0Cid5ZIw== X-Google-Smtp-Source: AGHT+IGlmmwuU3HnopLlnl9J1ldvQK3M1PbhAKyESez1u77rq1xDKUYq5lirKNymRtb8Lyw2hJJd X-Received: by 2002:a9d:63d3:0:b0:6f1:228d:d2 with SMTP id 46e09a7af769-6f1228d0234mr4850168a34.37.1715850280939; Thu, 16 May 2024 02:04:40 -0700 (PDT) ARC-Seal: i=2; a=rsa-sha256; t=1715850280; cv=pass; d=google.com; s=arc-20160816; b=IJwVdLb1sQJU/2s6T+ROks2rdGa6EoIuAlQTXkqJnfY9qgPn3aT2i1dCLgdi76iMFq /jq4IAMu3x0JquQqfJCc1lVZPNcJjrpETjEKltw7KIyPSHd+DctLVVcXlLBbYVQRnf+z iy2PqoKrsb4GAob/+JsClCZsjaGCHzOpXTpfp6vnLf/wYn4IXR3c5PXqVJi8wi/SLRRq g1Bg72GycTQor/9V9T939zutYE/E+6SsCiGt95im4/YUMl8YrVstSVxGZL62pkBWmnVa msdCc4q7h17yqvHMCXSTrCU2k7jdJNKFAnPU1d3IPLytUBBk4PZrQvwOM1BPBzqyqrUo 1CDA== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:mime-version:list-unsubscribe :list-subscribe:list-id:precedence:references:in-reply-to:message-id :date:subject:cc:to:from; bh=FRyDfxtqBkgMJ9zYEcdjB8Tv6bWwsw3xrarHDLMcYIw=; fh=uo5u2TQK/HQlhydMwGLjBAnuDwaLxndJ/cgWTjIagS8=; b=P5UbXTKZhHoR2HjheCAljp38Yw6uSfKBO04zECKC4/nHnEKO5JWBLM1T+nbUpXxq2C bE21RU7HvyvCd40OOUBbifZiY536Pw1yC0zz2oyZDHK4/i3nyP5e+FddIfZO20L94eY5 u1xAybV32Ihh75pBj9fRQRYbSRozbAg8OvP1Wpi+ECT0Mrc5nySYyAO+ARdv6C5vQ86o IK++56TsegOUfpKliB5JdiQ8Dahe6YPgWPgvZ2CoA+ZEPqIDX9jg2vdvGbiNyRUn0DHh t3jV/IPeTk8Xy89UnvItsiNlWVei38/66b2Ams3ZDywCX/RqSeOq100dYuxBnUK+OsPC lVkQ==; dara=google.com ARC-Authentication-Results: i=2; mx.google.com; arc=pass (i=1 spf=pass spfdomain=hadess.net); spf=pass (google.com: domain of linux-bluetooth+bounces-4700-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:45e3:2400::1 as permitted sender) smtp.mailfrom="linux-bluetooth+bounces-4700-linux.lists.archive=gmail.com@vger.kernel.org" Return-Path: Received: from sv.mirrors.kernel.org (sv.mirrors.kernel.org. [2604:1380:45e3:2400::1]) by mx.google.com with ESMTPS id 41be03b00d2f7-63411530b3dsi13277675a12.472.2024.05.16.02.04.40 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 16 May 2024 02:04:40 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-bluetooth+bounces-4700-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:45e3:2400::1 as permitted sender) client-ip=2604:1380:45e3:2400::1; Authentication-Results: mx.google.com; arc=pass (i=1 spf=pass spfdomain=hadess.net); spf=pass (google.com: domain of linux-bluetooth+bounces-4700-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:45e3:2400::1 as permitted sender) smtp.mailfrom="linux-bluetooth+bounces-4700-linux.lists.archive=gmail.com@vger.kernel.org" Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by sv.mirrors.kernel.org (Postfix) with ESMTPS id 8B263281560 for ; Thu, 16 May 2024 09:04:40 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id A2B63143880; Thu, 16 May 2024 09:03:54 +0000 (UTC) X-Original-To: linux-bluetooth@vger.kernel.org Received: from relay5-d.mail.gandi.net (relay5-d.mail.gandi.net [217.70.183.197]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id A84D3143758 for ; Thu, 16 May 2024 09:03:51 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=217.70.183.197 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1715850234; cv=none; b=Z0FCagpti9Bz3w3EKJXeHR1DZthRHbTs4EFYSyRbRmGeErfmHicf96YTRoZXq9uF7r7Bh4GDBtwh+Ts4DbE+qRw93nvjk1bH4Y1XfPOQPFupJt0VwIBEq3mxbtDIwAirP16m1Xp2GiRN3nZrJIhfOUb+ffQngRLnQT0EVVeWcDs= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1715850234; c=relaxed/simple; bh=6z2Ai1Je6gdzEgUhoN0CkfwGrcsjJ2hvvIPwUXANVB8=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=XoRd3ILQzWfI0uA69QTEG8HdLzGsbDCvIKxhHbNgs48NkJNaaAayiQLJgA/KXuxSqREz9SCeM9JcWatJyYfiiMBZFsDMRo7DSVj7gaSb2AUrqwXfdv7nEcIxXXGELbTVF0paGfY2c5uVqLnPlusjPvlzYb3R4kLvvYXkCR1Uk0s= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=hadess.net; spf=pass smtp.mailfrom=hadess.net; arc=none smtp.client-ip=217.70.183.197 Authentication-Results: smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=hadess.net Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=hadess.net Received: by mail.gandi.net (Postfix) with ESMTPSA id 49C3A1C0002; Thu, 16 May 2024 09:03:44 +0000 (UTC) From: Bastien Nocera To: linux-bluetooth@vger.kernel.org Cc: Bastien Nocera Subject: [BlueZ 11/15] isotest: Fix string size expectations Date: Thu, 16 May 2024 11:03:15 +0200 Message-ID: <20240516090340.61417-12-hadess@hadess.net> X-Mailer: git-send-email 2.44.0 In-Reply-To: <20240516090340.61417-1-hadess@hadess.net> References: <20240516090340.61417-1-hadess@hadess.net> Precedence: bulk X-Mailing-List: linux-bluetooth@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-GND-Sasl: hadess@hadess.net Verify that the peer is a valid bdaddr (and so has the correct length) before using it. Error: STRING_SIZE (CWE-120): [#def54] [important] bluez-5.75/tools/isotest.c:1198:26: string_size_argv: "argv" contains strings with unknown size. bluez-5.75/tools/isotest.c:1459:4: string_size: Passing string "argv[optind + i]" of unknown size to "send_mode", which expects a string of a particular size. Error: STRING_SIZE (CWE-120): [#def55] [important] bluez-5.75/tools/isotest.c:1198:26: string_size_argv: "argv" contains strings with unknown size. bluez-5.75/tools/isotest.c:1476:4: var_assign_var: Assigning: "peer" = "argv[optind + i]". Both are now tainted. bluez-5.75/tools/isotest.c:1484:5: string_size: Passing string "peer" of unknown size to "bcast_do_connect_mbis", which expects a string of a particular size. Error: STRING_SIZE (CWE-120): [#def56] [important] bluez-5.75/tools/isotest.c:1198:26: string_size_argv: "argv" contains strings with unknown size. bluez-5.75/tools/isotest.c:1476:4: var_assign_var: Assigning: "peer" = "argv[optind + i]". Both are now tainted. bluez-5.75/tools/isotest.c:1514:5: string_size: Passing string "argv[optind + i]" of unknown size to "do_connect", which expects a string of a particular size. --- tools/isotest.c | 13 +++++++++++-- 1 file changed, 11 insertions(+), 2 deletions(-) diff --git a/tools/isotest.c b/tools/isotest.c index fc1c26b23c3b..f98f25497b85 100644 --- a/tools/isotest.c +++ b/tools/isotest.c @@ -1456,7 +1456,12 @@ int main(int argc, char *argv[]) switch (mode) { case SEND: - send_mode(filename, argv[optind + i], i, repeat); + peer = argv[optind + i]; + if (bachk(peer) < 0) { + fprintf(stderr, "Invalid peer address '%s'\n", peer); + exit(1); + } + send_mode(filename, peer, i, repeat); if (filename && strchr(filename, ',')) { char *tmp = filename; filename = strdup(strchr(filename, ',') + 1); @@ -1474,6 +1479,10 @@ int main(int argc, char *argv[]) case CONNECT: peer = argv[optind + i]; + if (bachk(peer) < 0) { + fprintf(stderr, "Invalid peer address '%s'\n", peer); + exit(1); + } mgmt_set_experimental(); @@ -1511,7 +1520,7 @@ int main(int argc, char *argv[]) free(sk_arr); } else { - sk = do_connect(argv[optind + i]); + sk = do_connect(peer); if (sk < 0) exit(1); -- 2.44.0