packages/bluez
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

mgmt: Fix crash after pair command

Browse Source 
(cherry picked from commit e941bb419c7cfaa0c08debc1d6b750401b88b6b2)
This commit is contained in:
xuchenchen 2024-06-04 14:27:13 +08:00 committed by openeuler-sync-bot
parent b491d90dc6
commit 8459d4abda
2 changed files with 81 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

76
Fix-crash-after-pair-command.patch Normal file
View File

@ -0,0 +1,76 @@
From: Vinit Mehta <vinit.mehta@nxp.com>
Date: 2023-12-19 11:58:01 +0530
Subject: [PATCH] Fix crash after pair command
After pair command, if the user doesn't provide any input on bluetoothctl
CLI interface after receiving the prompt(yes/no) below crash is observed:
dbus[782]: arguments to dbus_message_get_no_reply() were incorrect,
assertion "message != NULL" failed in file
/usr/src/debug/dbus/1.14.10-r0/dbus/dbus-message.c line 3250.
This is normally a bug in some application using the D-Bus library.
/usr/lib/libc.so.6(+0x27534) [0xffffa1b67534]
/usr/lib/libc.so.6(__libc_start_main+0x9c) [0xffffa1b6760c]
bluetoothctl(+0x188f0) [0xaaaac9c088f0]
Aborted (core dumped)
---
client/agent.c | 15 +++++++++------
tools/btmgmt.c | 12 +++++++++---
2 files changed, 18 insertions(+), 9 deletions(-)
diff --git a/client/agent.c b/client/agent.c
index 4def1b4..77aa565 100644
--- a/client/agent.c
+++ b/client/agent.c
@@ -90,14 +90,17 @@ static void confirm_response(const char *input, void *user_data)
{
DBusConnection *conn = user_data;
- if (!strcmp(input, "yes"))
- g_dbus_send_reply(conn, pending_message, DBUS_TYPE_INVALID);
- else if (!strcmp(input, "no"))
- g_dbus_send_error(conn, pending_message,
+ if (pending_message != NULL) {
+ if (!strcmp(input, "yes"))
+ g_dbus_send_reply(conn, pending_message,
+ DBUS_TYPE_INVALID);
+ else if (!strcmp(input, "no"))
+ g_dbus_send_error(conn, pending_message,
"org.bluez.Error.Rejected", NULL);
- else
- g_dbus_send_error(conn, pending_message,
+ else
+ g_dbus_send_error(conn, pending_message,
"org.bluez.Error.Canceled", NULL);
+ }
}
static void agent_release(DBusConnection *conn)
diff --git a/tools/btmgmt.c b/tools/btmgmt.c
index f631de4..de7d17d 100644
--- a/tools/btmgmt.c
+++ b/tools/btmgmt.c
@@ -843,10 +843,16 @@ static void prompt_input(const char *input, void *user_data)
&prompt.addr);
break;
case MGMT_EV_USER_CONFIRM_REQUEST:
- if (input[0] == 'y' || input[0] == 'Y')
- mgmt_confirm_reply(prompt.index, &prompt.addr);
- else
+ if (len) {
+ if (input[0] == 'y' || input[0] == 'Y')
+ mgmt_confirm_reply(prompt.index, &prompt.addr);
+ else
+ mgmt_confirm_neg_reply(prompt.index,
+ &prompt.addr);
+ } else {
mgmt_confirm_neg_reply(prompt.index, &prompt.addr);
+ bt_shell_set_prompt(PROMPT_ON);
+ }
break;
}
}
--
2.27.0

6
bluez.spec
View File

@ -1,7 +1,7 @@
Name: bluez
Summary: Bluetooth utilities
Version: 5.54
Release: 19
Release: 20
License: GPLv2+
URL: http://www.bluez.org/
Source0: http://www.kernel.org/pub/linux/bluetooth/bluez-%{version}.tar.xz
@ -40,6 +40,7 @@ Patch6013: bluez-5.54-sw.patch
Patch6014: backport-CVE-2023-27349.patch
Patch6015: backport-CVE-2023-45866.patch
Patch6016: backport-CVE-2023-50229-CVE-2023-50230.patch
Patch6017: Fix-crash-after-pair-command.patch
BuildRequires: dbus-devel >= 1.6 libell-devel >= 0.28 autoconf
BuildRequires: glib2-devel libical-devel readline-devel
@ -196,6 +197,9 @@ make check
%{_mandir}/man8/*
%changelog
* Tue Jun 4 2024 xuchenchen <xuchenchen@kylinos.cn> - 5.54-20
- mgmt: Fix crash after pair command
* Fri Dec 22 2023 zhouwenpei <zhouwenpei1@h-partners.com> - 5.54-19
- fix CVE-2023-50229,CVE-2023-50230