All of lore.kernel.org
 help / color / mirror / Atom feed
* [PATCH] core: Fix wrong expectations for the return of recv()
@ 2016-08-10 22:14 Vinicius Costa Gomes
  2016-08-12  7:57 ` Luiz Augusto von Dentz
  0 siblings, 1 reply; 2+ messages in thread
From: Vinicius Costa Gomes @ 2016-08-10 22:14 UTC (permalink / raw)
  To: linux-bluetooth; +Cc: Vinicius Costa Gomes

Since commit b5f34f9420b50 "Bluetooth: Fix bt_sock_recvmsg return value"
in the kernel, Bluetooth sockets of type SOCK_SEQPACKET, when read()
will return the size of the packet received, which can be larger than
the the buffer passed by user space.

In this case the problem was causing a disconnection soon after
the reception of an SDP request.

Reported by: Alban Browaeys <prahal@yahoo.com>
---
 src/sdpd-server.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/sdpd-server.c b/src/sdpd-server.c
index c863508..b8190da 100644
--- a/src/sdpd-server.c
+++ b/src/sdpd-server.c
@@ -164,7 +164,7 @@ static gboolean io_session_event(GIOChannel *chan, GIOCondition cond, gpointer d
 	}
 
 	len = recv(sk, &hdr, sizeof(sdp_pdu_hdr_t), MSG_PEEK);
-	if (len != sizeof(sdp_pdu_hdr_t)) {
+	if (len < sizeof(sdp_pdu_hdr_t)) {
 		sdp_svcdb_collect_all(sk);
 		return FALSE;
 	}
-- 
2.9.2


^ permalink raw reply related	[flat|nested] 2+ messages in thread
* Re: [PATCH] core: Fix wrong expectations for the return of recv()
  2016-08-10 22:14 [PATCH] core: Fix wrong expectations for the return of recv() Vinicius Costa Gomes
@ 2016-08-12  7:57 ` Luiz Augusto von Dentz
  0 siblings, 0 replies; 2+ messages in thread
From: Luiz Augusto von Dentz @ 2016-08-12  7:57 UTC (permalink / raw)
  To: Vinicius Costa Gomes; +Cc: linux-bluetooth

Hi Vinicius,

On Thu, Aug 11, 2016 at 1:14 AM, Vinicius Costa Gomes <vcgomes@gmail.com> wrote:
> Since commit b5f34f9420b50 "Bluetooth: Fix bt_sock_recvmsg return value"
> in the kernel, Bluetooth sockets of type SOCK_SEQPACKET, when read()
> will return the size of the packet received, which can be larger than
> the the buffer passed by user space.
>
> In this case the problem was causing a disconnection soon after
> the reception of an SDP request.
>
> Reported by: Alban Browaeys <prahal@yahoo.com>
> ---
>  src/sdpd-server.c | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/src/sdpd-server.c b/src/sdpd-server.c
> index c863508..b8190da 100644
> --- a/src/sdpd-server.c
> +++ b/src/sdpd-server.c
> @@ -164,7 +164,7 @@ static gboolean io_session_event(GIOChannel *chan, GIOCondition cond, gpointer d
>         }
>
>         len = recv(sk, &hdr, sizeof(sdp_pdu_hdr_t), MSG_PEEK);
> -       if (len != sizeof(sdp_pdu_hdr_t)) {
> +       if (len < sizeof(sdp_pdu_hdr_t)) {
>                 sdp_svcdb_collect_all(sk);
>                 return FALSE;
>         }
> --
> 2.9.2

Applied, note that I did have to include a cast since it was causing
and signess comparison error.

-- 
Luiz Augusto von Dentz

^ permalink raw reply	[flat|nested] 2+ messages in thread
end of thread, other threads:[~2016-08-12  7:57 UTC | newest]

Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2016-08-10 22:14 [PATCH] core: Fix wrong expectations for the return of recv() Vinicius Costa Gomes
2016-08-12  7:57 ` Luiz Augusto von Dentz

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.