[Bluez PATCH v1] core: fix a possible crash when removing devices

[Bluez PATCH v1] core: fix a possible crash when removing devices

[Howard Chung]

From: Yun-Hao Chung <howardchung@chromium.org>

In probe_service, if the service already exists in device->services, it
returns the service. This might cause dev_probe and device_probe_profile
to add a duplicate service into device->services. When removing the
device, a double-free error might occur.

This patch changes the logic of probe_service so that the same service
will not be added to a device.

---
Hi maintainers,

This was originally found by removing/reprobing profiles in admin_policy
plugin. Since we are going to adopt the other way to block incoming
connection, this patch is no longer causing any issue, but I think it
is still nice to have to prevent potential crashes.

Thanks,
Howard

 src/device.c | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/src/device.c b/src/device.c
index faf07ba22270..b29aa195d19b 100644
--- a/src/device.c
+++ b/src/device.c
@@ -4624,8 +4624,11 @@ static struct btd_service *probe_service(struct btd_device *device,
 		return NULL;
 
 	l = find_service_with_profile(device->services, profile);
+	/* If the service already exists, return NULL so that it won't be added
+	 * to the device->services.
+	 */
 	if (l)
-		return l->data;
+		return NULL;
 
 	service = service_create(device, profile);
 
-- 
2.32.0.402.g57bb445576-goog

RE: [Bluez,v1] core: fix a possible crash when removing devices

[bluez.test.bot]

[-- Attachment #1: Type: text/plain, Size: 1953 bytes --]

This is automated email and please do not reply to this email!

Dear submitter,

Thank you for submitting the patches to the linux bluetooth mailing list.
This is a CI test results with your patch series:
PW Link:https://patchwork.kernel.org/project/bluetooth/list/?series=518263

---Test result---

Test Summary:
CheckPatch                    PASS      0.37 seconds
GitLint                       PASS      0.10 seconds
Prep - Setup ELL              PASS      38.35 seconds
Build - Prep                  PASS      0.08 seconds
Build - Configure             PASS      6.70 seconds
Build - Make                  PASS      168.29 seconds
Make Check                    PASS      8.36 seconds
Make Distcheck                PASS      195.34 seconds
Build w/ext ELL - Configure   PASS      6.65 seconds
Build w/ext ELL - Make        PASS      157.00 seconds

Details
##############################
Test: CheckPatch - PASS
Desc: Run checkpatch.pl script with rule in .checkpatch.conf

##############################
Test: GitLint - PASS
Desc: Run gitlint with rule in .gitlint

##############################
Test: Prep - Setup ELL - PASS
Desc: Clone, build, and install ELL

##############################
Test: Build - Prep - PASS
Desc: Prepare environment for build

##############################
Test: Build - Configure - PASS
Desc: Configure the BlueZ source tree

##############################
Test: Build - Make - PASS
Desc: Build the BlueZ source tree

##############################
Test: Make Check - PASS
Desc: Run 'make check'

##############################
Test: Make Distcheck - PASS
Desc: Run distcheck to check the distribution

##############################
Test: Build w/ext ELL - Configure - PASS
Desc: Configure BlueZ source with '--enable-external-ell' configuration

##############################
Test: Build w/ext ELL - Make - PASS
Desc: Build BlueZ source with '--enable-external-ell' configuration



---
Regards,
Linux Bluetooth

Re: [Bluez,v1] core: fix a possible crash when removing devices

[Luiz Augusto von Dentz]

Hi,

On Tue, Jul 20, 2021 at 5:52 AM <bluez.test.bot@gmail.com> wrote:
>
> This is automated email and please do not reply to this email!
>
> Dear submitter,
>
> Thank you for submitting the patches to the linux bluetooth mailing list.
> This is a CI test results with your patch series:
> PW Link:https://patchwork.kernel.org/project/bluetooth/list/?series=518263
>
> ---Test result---
>
> Test Summary:
> CheckPatch                    PASS      0.37 seconds
> GitLint                       PASS      0.10 seconds
> Prep - Setup ELL              PASS      38.35 seconds
> Build - Prep                  PASS      0.08 seconds
> Build - Configure             PASS      6.70 seconds
> Build - Make                  PASS      168.29 seconds
> Make Check                    PASS      8.36 seconds
> Make Distcheck                PASS      195.34 seconds
> Build w/ext ELL - Configure   PASS      6.65 seconds
> Build w/ext ELL - Make        PASS      157.00 seconds
>
> Details
> ##############################
> Test: CheckPatch - PASS
> Desc: Run checkpatch.pl script with rule in .checkpatch.conf
>
> ##############################
> Test: GitLint - PASS
> Desc: Run gitlint with rule in .gitlint
>
> ##############################
> Test: Prep - Setup ELL - PASS
> Desc: Clone, build, and install ELL
>
> ##############################
> Test: Build - Prep - PASS
> Desc: Prepare environment for build
>
> ##############################
> Test: Build - Configure - PASS
> Desc: Configure the BlueZ source tree
>
> ##############################
> Test: Build - Make - PASS
> Desc: Build the BlueZ source tree
>
> ##############################
> Test: Make Check - PASS
> Desc: Run 'make check'
>
> ##############################
> Test: Make Distcheck - PASS
> Desc: Run distcheck to check the distribution
>
> ##############################
> Test: Build w/ext ELL - Configure - PASS
> Desc: Configure BlueZ source with '--enable-external-ell' configuration
>
> ##############################
> Test: Build w/ext ELL - Make - PASS
> Desc: Build BlueZ source with '--enable-external-ell' configuration
>
>
>
> ---
> Regards,
> Linux Bluetooth

Applied, thanks.

-- 
Luiz Augusto von Dentz