* [PATCH BlueZ 1/3] mesh: Fix using uninitialized bytes
2020-05-22 20:57 [PATCH BlueZ 0/3] mesh: Static Analysis clean-up Brian Gix
@ 2020-05-22 20:57 ` Brian Gix
2020-05-22 20:57 ` [PATCH BlueZ 2/3] mesh: Fix leaked mesh_net allocation Brian Gix
2020-05-22 20:57 ` [PATCH BlueZ 3/3] mesh: Fix leaked message reference Brian Gix
2 siblings, 0 replies; 6+ messages in thread
From: Brian Gix @ 2020-05-22 20:57 UTC (permalink / raw)
To: linux-bluetooth; +Cc: inga.stotland, brian.gix
Fixes two problems found with static analysis
---
mesh/crypto.c | 1 +
mesh/node.c | 2 ++
2 files changed, 3 insertions(+)
diff --git a/mesh/crypto.c b/mesh/crypto.c
index 99536594b..70b96c51b 100644
--- a/mesh/crypto.c
+++ b/mesh/crypto.c
@@ -553,6 +553,7 @@ bool mesh_crypto_packet_build(bool ctl, uint8_t ttl,
if (seq > SEQ_MASK)
return false;
+ packet[0] = 0;
l_put_be32(seq, packet + 1);
packet[1] = (ctl ? CTL : 0) | (ttl & TTL_MASK);
diff --git a/mesh/node.c b/mesh/node.c
index dd28dfd77..49ba7c885 100644
--- a/mesh/node.c
+++ b/mesh/node.c
@@ -1596,6 +1596,8 @@ static void get_managed_objects_cb(struct l_dbus_message *msg, void *user_data)
/* Generate device and primary network keys */
l_getrandom(dev_key, sizeof(dev_key));
l_getrandom(net_key.old_key, sizeof(net_key.old_key));
+ memcpy(net_key.new_key, net_key.old_key,
+ sizeof(net_key.old_key));
net_key.net_idx = PRIMARY_NET_IDX;
net_key.phase = KEY_REFRESH_PHASE_NONE;
--
2.25.4
^ permalink raw reply related [flat|nested] 6+ messages in thread
* [PATCH BlueZ 2/3] mesh: Fix leaked mesh_net allocation
2020-05-22 20:57 [PATCH BlueZ 0/3] mesh: Static Analysis clean-up Brian Gix
2020-05-22 20:57 ` [PATCH BlueZ 1/3] mesh: Fix using uninitialized bytes Brian Gix
@ 2020-05-22 20:57 ` Brian Gix
2020-05-22 23:36 ` [BlueZ,2/3] " bluez.test.bot
2020-05-22 20:57 ` [PATCH BlueZ 3/3] mesh: Fix leaked message reference Brian Gix
2 siblings, 1 reply; 6+ messages in thread
From: Brian Gix @ 2020-05-22 20:57 UTC (permalink / raw)
To: linux-bluetooth; +Cc: inga.stotland, brian.gix
---
mesh/node.c | 2 --
1 file changed, 2 deletions(-)
diff --git a/mesh/node.c b/mesh/node.c
index 49ba7c885..db888d27c 100644
--- a/mesh/node.c
+++ b/mesh/node.c
@@ -1313,8 +1313,6 @@ static bool add_local_node(struct mesh_node *node, uint16_t unicast, bool kr,
bool ivu, uint32_t iv_idx, uint8_t dev_key[16],
uint16_t net_key_idx, uint8_t net_key[16])
{
- node->net = mesh_net_new(node);
-
if (!nodes)
nodes = l_queue_new();
--
2.25.4
^ permalink raw reply related [flat|nested] 6+ messages in thread
* [PATCH BlueZ 3/3] mesh: Fix leaked message reference
2020-05-22 20:57 [PATCH BlueZ 0/3] mesh: Static Analysis clean-up Brian Gix
2020-05-22 20:57 ` [PATCH BlueZ 1/3] mesh: Fix using uninitialized bytes Brian Gix
2020-05-22 20:57 ` [PATCH BlueZ 2/3] mesh: Fix leaked mesh_net allocation Brian Gix
@ 2020-05-22 20:57 ` Brian Gix
2020-05-22 23:36 ` [BlueZ,3/3] " bluez.test.bot
2 siblings, 1 reply; 6+ messages in thread
From: Brian Gix @ 2020-05-22 20:57 UTC (permalink / raw)
To: linux-bluetooth; +Cc: inga.stotland, brian.gix
---
mesh/manager.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/mesh/manager.c b/mesh/manager.c
index 0242bb9e9..a7383e4d5 100644
--- a/mesh/manager.c
+++ b/mesh/manager.c
@@ -228,6 +228,7 @@ static void add_start(void *user_data, int err)
"Failed to start provisioning initiator");
l_dbus_send(dbus_get_bus(), reply);
+ l_dbus_message_unref(add_pending->msg);
add_pending->msg = NULL;
}
@@ -264,7 +265,6 @@ static struct l_dbus_message *add_node_call(struct l_dbus *dbus,
/* Invoke Prov Initiator */
add_pending = l_new(struct add_data, 1);
- add_pending->msg = l_dbus_message_ref(msg);
memcpy(add_pending->uuid, uuid, 16);
add_pending->node = node;
add_pending->agent = node_get_agent(node);
@@ -277,6 +277,7 @@ static struct l_dbus_message *add_node_call(struct l_dbus *dbus,
goto fail;
}
+ add_pending->msg = l_dbus_message_ref(msg);
initiator_start(PB_ADV, uuid, 99, 60, add_pending->agent, add_start,
add_data_get, add_cmplt, node, add_pending);
--
2.25.4
^ permalink raw reply related [flat|nested] 6+ messages in thread