rpms/bluez
7
0
Fork 0
Code Issues Pull Requests Releases Activity

5.64

Browse Source
This commit is contained in:
Peter Robinson 2022-03-21 21:31:23 +00:00
parent e31d5b8ecf
commit 1b8fd108c7
8 changed files with 6 additions and 1762 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

35
0001-build-Always-define-confdir-and-statedir.patch
View File

@ -1,35 +0,0 @@
From 5744f79d84ecee3929a682166034c5bbc36c0ef5 Mon Sep 17 00:00:00 2001
From: Bastien Nocera <hadess@hadess.net>
Date: Wed, 20 Sep 2017 12:49:10 +0200
Subject: [PATCH 1/4] build: Always define confdir and statedir
As we will need those paths to lock down on them.
---
Makefile.am | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/Makefile.am b/Makefile.am
index 9d25a815b..ac88c12e0 100644
--- a/Makefile.am
+++ b/Makefile.am
@@ -28,14 +28,14 @@
$(LIBEDATASERVER_CFLAGS) $(ell_cflags)
AM_LDFLAGS = $(MISC_LDFLAGS)
+confdir = $(sysconfdir)/bluetooth
+statedir = $(localstatedir)/lib/bluetooth
+
if DATAFILES
dbusdir = $(DBUS_CONFDIR)/dbus-1/system.d
dbus_DATA = src/bluetooth.conf
-confdir = $(sysconfdir)/bluetooth
conf_DATA =
-
-statedir = $(localstatedir)/lib/bluetooth
state_DATA =
endif
--
2.21.0

542
0001-hog-Fix-read-order-of-attributes-rediffed.patch
View File

@ -1,542 +0,0 @@
From 7fe38a17f6bee713fde587487fc224b0ae390e8f Mon Sep 17 00:00:00 2001
From: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
Date: Mon, 10 Jan 2022 17:35:15 -0800
Subject: [PATCH 1/2] hog: Fix read order of attributes
The Report Map must be read after all other attributes otherwise the
Kernel driver may start using UHID_SET_REPORT which requires the
report->id to be known in order to resolve the attribute to send to.
Fixes: https://github.com/bluez/bluez/issues/220
---
profiles/input/hog-lib.c | 191 ++++++++++++++++++++++++---------------
1 file changed, 119 insertions(+), 72 deletions(-)
diff --git a/profiles/input/hog-lib.c b/profiles/input/hog-lib.c
index d37caa1f1..beb19af70 100644
--- a/profiles/input/hog-lib.c
+++ b/profiles/input/hog-lib.c
@@ -90,6 +90,7 @@ struct bt_hog {
uint16_t getrep_id;
unsigned int setrep_att;
uint16_t setrep_id;
+ unsigned int report_map_id;
struct bt_scpp *scpp;
struct bt_dis *dis;
struct queue *bas;
@@ -146,13 +147,34 @@ static bool set_and_store_gatt_req(struct bt_hog *hog,
return queue_push_head(hog->gatt_op, req);
}
-static void destroy_gatt_req(struct gatt_request *req)
+static void destroy_gatt_req(void *data)
{
- queue_remove(req->hog->gatt_op, req);
+ struct gatt_request *req = data;
+
bt_hog_unref(req->hog);
free(req);
}
+static void read_report_map(struct bt_hog *hog);
+
+static void remove_gatt_req(struct gatt_request *req, uint8_t status)
+{
+ struct bt_hog *hog = req->hog;
+
+ queue_remove(hog->gatt_op, req);
+
+ if (!status && queue_isempty(hog->gatt_op)) {
+ /* Report Map must be read last since that can result
+ * in uhid being created and the driver may start to
+ * use UHID_SET_REPORT which requires the report->id to
+ * be known what attribute to send to.
+ */
+ read_report_map(hog);
+ }
+
+ destroy_gatt_req(req);
+}
+
static void write_char(struct bt_hog *hog, GAttrib *attrib, uint16_t handle,
const uint8_t *value, size_t vlen,
GAttribResultFunc func,
@@ -178,27 +200,31 @@ static void write_char(struct bt_hog *hog, GAttrib *attrib, uint16_t handle,
}
}
-static void read_char(struct bt_hog *hog, GAttrib *attrib, uint16_t handle,
- GAttribResultFunc func, gpointer user_data)
+static unsigned int read_char(struct bt_hog *hog, GAttrib *attrib,
+ uint16_t handle, GAttribResultFunc func,
+ gpointer user_data)
{
struct gatt_request *req;
unsigned int id;
req = create_request(hog, user_data);
if (!req)
- return;
+ return 0;
id = gatt_read_char(attrib, handle, func, req);
if (!id) {
error("hog: Could not read char");
- return;
+ return 0;
}
if (!set_and_store_gatt_req(hog, req, id)) {
error("hog: Failed to queue read char req");
g_attrib_cancel(attrib, id);
free(req);
+ return 0;
}
+
+ return id;
}
static void discover_desc(struct bt_hog *hog, GAttrib *attrib,
@@ -343,16 +369,14 @@ static void report_ccc_written_cb(guint8 status, const guint8 *pdu,
struct report *report = req->user_data;
struct bt_hog *hog = report->hog;
- destroy_gatt_req(req);
-
if (status != 0) {
error("Write report characteristic descriptor failed: %s",
att_ecode2str(status));
- return;
+ goto remove;
}
if (report->notifyid)
- return;
+ goto remove;
report->notifyid = g_attrib_register(hog->attrib,
ATT_OP_HANDLE_NOTIFY,
@@ -360,6 +384,9 @@ static void report_ccc_written_cb(guint8 status, const guint8 *pdu,
report_value_cb, report, NULL);
DBG("Report characteristic descriptor written: notifications enabled");
+
+remove:
+ remove_gatt_req(req, status);
}
static void write_ccc(struct bt_hog *hog, GAttrib *attrib, uint16_t handle,
@@ -379,14 +406,15 @@ static void ccc_read_cb(guint8 status, const guint8 *pdu, guint16 len,
struct gatt_request *req = user_data;
struct report *report = req->user_data;
- destroy_gatt_req(req);
-
if (status != 0) {
error("Error reading CCC value: %s", att_ecode2str(status));
- return;
+ goto remove;
}
write_ccc(report->hog, report->hog->attrib, report->ccc_handle, report);
+
+remove:
+ remove_gatt_req(req, status);
}
static const char *type_to_string(uint8_t type)
@@ -409,17 +437,15 @@ static void report_reference_cb(guint8 status, const guint8 *pdu,
struct gatt_request *req = user_data;
struct report *report = req->user_data;
- destroy_gatt_req(req);
-
if (status != 0) {
error("Read Report Reference descriptor failed: %s",
att_ecode2str(status));
- return;
+ goto remove;
}
if (plen != 3) {
error("Malformed ATT read response");
- return;
+ goto remove;
}
report->id = pdu[1];
@@ -432,6 +458,9 @@ static void report_reference_cb(guint8 status, const guint8 *pdu,
if (report->type == HOG_REPORT_TYPE_INPUT)
read_char(report->hog, report->hog->attrib, report->ccc_handle,
ccc_read_cb, report);
+
+remove:
+ remove_gatt_req(req, status);
}
static void external_report_reference_cb(guint8 status, const guint8 *pdu,
@@ -442,12 +471,10 @@ static void discover_external_cb(uint8_t status, GSList *descs, void *user_data)
struct gatt_request *req = user_data;
struct bt_hog *hog = req->user_data;
- destroy_gatt_req(req);
-
if (status != 0) {
error("Discover external descriptors failed: %s",
att_ecode2str(status));
- return;
+ goto remove;
}
for ( ; descs; descs = descs->next) {
@@ -457,6 +484,9 @@ static void discover_external_cb(uint8_t status, GSList *descs, void *user_data)
external_report_reference_cb,
hog);
}
+
+remove:
+ remove_gatt_req(req, status);
}
static void discover_external(struct bt_hog *hog, GAttrib *attrib,
@@ -480,12 +510,10 @@ static void discover_report_cb(uint8_t status, GSList *descs, void *user_data)
struct report *report = req->user_data;
struct bt_hog *hog = report->hog;
- destroy_gatt_req(req);
-
if (status != 0) {
error("Discover report descriptors failed: %s",
att_ecode2str(status));
- return;
+ goto remove;
}
for ( ; descs; descs = descs->next) {
@@ -501,6 +529,9 @@ static void discover_report_cb(uint8_t status, GSList *descs, void *user_data)
break;
}
}
+
+remove:
+ remove_gatt_req(req, status);
}
static void discover_report(struct bt_hog *hog, GAttrib *attrib,
@@ -519,11 +550,9 @@ static void report_read_cb(guint8 status, const guint8 *pdu, guint16 len,
struct gatt_request *req = user_data;
struct report *report = req->user_data;
- destroy_gatt_req(req);
-
if (status != 0) {
error("Error reading Report value: %s", att_ecode2str(status));
- return;
+ goto remove;
}
if (report->value)
@@ -531,6 +560,9 @@ static void report_read_cb(guint8 status, const guint8 *pdu, guint16 len,
report->value = g_memdup2(pdu, len);
report->len = len;
+
+remove:
+ remove_gatt_req(req, status);
}
static int report_chrc_cmp(const void *data, const void *user_data)
@@ -572,12 +604,11 @@ static void external_service_char_cb(uint8_t status, GSList *chars,
struct report *report;
GSList *l;
- destroy_gatt_req(req);
-
if (status != 0) {
const char *str = att_ecode2str(status);
+
DBG("Discover external service characteristic failed: %s", str);
- return;
+ goto remove;
}
for (l = chars; l; l = g_slist_next(l)) {
@@ -595,6 +626,9 @@ static void external_service_char_cb(uint8_t status, GSList *chars,
end = (next ? next->handle - 1 : primary->range.end);
discover_report(hog, hog->attrib, start, end, report);
}
+
+remove:
+ remove_gatt_req(req, status);
}
static void external_report_reference_cb(guint8 status, const guint8 *pdu,
@@ -605,17 +639,15 @@ static void external_report_reference_cb(guint8 status, const guint8 *pdu,
uint16_t uuid16;
bt_uuid_t uuid;
- destroy_gatt_req(req);
-
if (status != 0) {
error("Read External Report Reference descriptor failed: %s",
att_ecode2str(status));
- return;
+ goto remove;
}
if (plen != 3) {
error("Malformed ATT read response");
- return;
+ goto remove;
}
uuid16 = get_le16(&pdu[1]);
@@ -624,11 +656,14 @@ static void external_report_reference_cb(guint8 status, const guint8 *pdu,
/* Do not discover if is not a Report */
if (uuid16 != HOG_REPORT_UUID)
- return;
+ goto remove;
bt_uuid16_create(&uuid, uuid16);
discover_char(hog, hog->attrib, 0x0001, 0xffff, &uuid,
external_service_char_cb, hog);
+
+remove:
+ remove_gatt_req(req, status);
}
static int report_cmp(gconstpointer a, gconstpointer b)
@@ -687,12 +722,10 @@ static void output_written_cb(guint8 status, const guint8 *pdu,
{
struct gatt_request *req = user_data;
- destroy_gatt_req(req);
-
- if (status != 0) {
+ if (status != 0)
error("Write output report failed: %s", att_ecode2str(status));
- return;
- }
+
+ remove_gatt_req(req, status);
}
static void forward_report(struct uhid_event *ev, void *user_data)
@@ -1056,7 +1089,7 @@ static void report_map_read_cb(guint8 status, const guint8 *pdu, guint16 plen,
uint8_t value[HOG_REPORT_MAP_MAX_SIZE];
ssize_t vlen;
- destroy_gatt_req(req);
+ remove_gatt_req(req, status);
DBG("HoG inspecting report map");
@@ -1081,6 +1114,19 @@ static void report_map_read_cb(guint8 status, const guint8 *pdu, guint16 plen,
}
}
+static void read_report_map(struct bt_hog *hog)
+{
+ uint16_t handle;
+
+ if (!hog->report_map_attr || hog->uhid_created || hog->report_map_id)
+ return;
+
+ handle = gatt_db_attribute_get_handle(hog->report_map_attr);
+
+ hog->report_map_id = read_char(hog, hog->attrib, handle,
+ report_map_read_cb, hog);
+}
+
static void info_read_cb(guint8 status, const guint8 *pdu, guint16 plen,
gpointer user_data)
{
@@ -1089,18 +1135,16 @@ static void info_read_cb(guint8 status, const guint8 *pdu, guint16 plen,
uint8_t value[HID_INFO_SIZE];
ssize_t vlen;
- destroy_gatt_req(req);
-
if (status != 0) {
error("HID Information read failed: %s",
att_ecode2str(status));
- return;
+ goto remove;
}
vlen = dec_read_resp(pdu, plen, value, sizeof(value));
if (vlen != 4) {
error("ATT protocol error");
- return;
+ goto remove;
}
hog->bcdhid = get_le16(&value[0]);
@@ -1109,6 +1153,9 @@ static void info_read_cb(guint8 status, const guint8 *pdu, guint16 plen,
DBG("bcdHID: 0x%04X bCountryCode: 0x%02X Flags: 0x%02X",
hog->bcdhid, hog->bcountrycode, hog->flags);
+
+remove:
+ remove_gatt_req(req, status);
}
static void proto_mode_read_cb(guint8 status, const guint8 *pdu, guint16 plen,
@@ -1119,18 +1166,16 @@ static void proto_mode_read_cb(guint8 status, const guint8 *pdu, guint16 plen,
uint8_t value;
ssize_t vlen;
- destroy_gatt_req(req);
-
if (status != 0) {
error("Protocol Mode characteristic read failed: %s",
att_ecode2str(status));
- return;
+ goto remove;
}
vlen = dec_read_resp(pdu, plen, &value, sizeof(value));
if (vlen < 0) {
error("ATT protocol error");
- return;
+ goto remove;
}
if (value == HOG_PROTO_MODE_BOOT) {
@@ -1142,6 +1187,9 @@ static void proto_mode_read_cb(guint8 status, const guint8 *pdu, guint16 plen,
sizeof(nval), NULL, NULL);
} else if (value == HOG_PROTO_MODE_REPORT)
DBG("HoG is operating in Report Protocol Mode");
+
+remove:
+ remove_gatt_req(req, status);
}
static void char_discovered_cb(uint8_t status, GSList *chars, void *user_data)
@@ -1155,14 +1203,12 @@ static void char_discovered_cb(uint8_t status, GSList *chars, void *user_data)
GSList *l;
uint16_t info_handle = 0, proto_mode_handle = 0;
- destroy_gatt_req(req);
-
DBG("HoG inspecting characteristics");
if (status != 0) {
- const char *str = att_ecode2str(status);
- DBG("Discover all characteristics failed: %s", str);
- return;
+ DBG("Discover all characteristics failed: %s",
+ att_ecode2str(status));
+ goto remove;
}
bt_uuid16_create(&report_uuid, HOG_REPORT_UUID);
@@ -1211,6 +1257,9 @@ static void char_discovered_cb(uint8_t status, GSList *chars, void *user_data)
if (info_handle)
read_char(hog, hog->attrib, info_handle, info_read_cb, hog);
+
+remove:
+ remove_gatt_req(req, status);
}
static void report_free(void *data)
@@ -1221,10 +1270,12 @@ static void report_free(void *data)
g_free(report);
}
-static void cancel_gatt_req(struct gatt_request *req)
+static bool cancel_gatt_req(const void *data, const void *user_data)
{
- if (g_attrib_cancel(req->hog->attrib, req->id))
- destroy_gatt_req(req);
+ struct gatt_request *req = (void *) data;
+ const struct bt_hog *hog = user_data;
+
+ return g_attrib_cancel(hog->attrib, req->id);
}
static void hog_free(void *data)
@@ -1386,13 +1437,9 @@ static void foreach_hog_chrc(struct gatt_db_attribute *attr, void *user_data)
* UHID to optimize reconnection.
*/
uhid_create(hog, report_map.value, report_map.length);
- } else {
- read_char(hog, hog->attrib, value_handle,
- report_map_read_cb, hog);
}
gatt_db_service_foreach_desc(attr, foreach_hog_external, hog);
- return;
}
bt_uuid16_create(&info_uuid, HOG_INFO_UUID);
@@ -1552,12 +1599,9 @@ static void find_included_cb(uint8_t status, GSList *services, void *user_data)
DBG("");
- destroy_gatt_req(req);
-
if (status) {
- const char *str = att_ecode2str(status);
- DBG("Find included failed: %s", str);
- return;
+ DBG("Find included failed: %s", att_ecode2str(status));
+ goto remove;
}
for (l = services; l; l = l->next) {
@@ -1566,6 +1610,9 @@ static void find_included_cb(uint8_t status, GSList *services, void *user_data)
DBG("included: handle %x, uuid %s",
include->handle, include->uuid);
}
+
+remove:
+ remove_gatt_req(req, status);
}
static void hog_attach_scpp(struct bt_hog *hog, struct gatt_primary *primary)
@@ -1640,17 +1687,14 @@ static void primary_cb(uint8_t status, GSList *services, void *user_data)
DBG("");
- destroy_gatt_req(req);
-
if (status) {
- const char *str = att_ecode2str(status);
- DBG("Discover primary failed: %s", str);
- return;
+ DBG("Discover primary failed: %s", att_ecode2str(status));
+ goto remove;
}
if (!services) {
DBG("No primary service found");
- return;
+ goto remove;
}
for (l = services; l; l = l->next) {
@@ -1674,6 +1718,9 @@ static void primary_cb(uint8_t status, GSList *services, void *user_data)
if (strcmp(primary->uuid, HOG_UUID) == 0)
hog_attach_hog(hog, primary);
}
+
+remove:
+ remove_gatt_req(req, status);
}
bool bt_hog_attach(struct bt_hog *hog, void *gatt)
@@ -1790,7 +1837,7 @@ void bt_hog_detach(struct bt_hog *hog)
if (hog->dis)
bt_dis_detach(hog->dis);
- queue_foreach(hog->gatt_op, (void *) cancel_gatt_req, NULL);
+ queue_remove_all(hog->gatt_op, cancel_gatt_req, hog, destroy_gatt_req);
g_attrib_unref(hog->attrib);
hog->attrib = NULL;
uhid_destroy(hog);
--
2.34.1

997
0002-Use-g_memdup2-everywhere.patch
View File

@ -1,997 +0,0 @@
From 393a58bbe5174123ee9d52c03a75b08219642024 Mon Sep 17 00:00:00 2001
From: Benjamin Berg <bberg@redhat.com>
Date: Mon, 3 May 2021 15:06:36 +0200
Subject: [PATCH] Use g_memdup2 everywhere
---
android/a2dp.c | 8 ++---
android/avctp.c | 4 +--
android/avrcp-lib.c | 2 +-
android/gatt.c | 4 +--
android/hidhost.c | 2 +-
android/tester-main.c | 70 +++++++++++++++++++-------------------
attrib/gatt.c | 6 ++--
client/gatt.c | 2 +-
gobex/gobex-header.c | 4 +--
gobex/gobex-packet.c | 2 +-
obexd/src/obex.c | 2 +-
plugins/neard.c | 6 ++--
plugins/policy.c | 4 +--
profiles/audio/avctp.c | 4 +--
profiles/audio/avrcp.c | 6 ++--
profiles/battery/bas.c | 2 +-
profiles/battery/battery.c | 2 +-
profiles/deviceinfo/dis.c | 2 +-
profiles/input/hog-lib.c | 6 ++--
profiles/scanparam/scpp.c | 2 +-
src/attrib-server.c | 2 +-
src/eir.c | 4 +--
tools/gatt-service.c | 6 ++--
tools/mesh-gatt/gatt.c | 2 +-
unit/test-avctp.c | 4 +--
unit/test-avdtp.c | 6 ++--
unit/test-avrcp.c | 10 +++---
unit/test-gatt.c | 4 +--
unit/test-hfp.c | 10 +++---
unit/test-hog.c | 4 +--
unit/test-sdp.c | 8 ++---
unit/test-uhid.c | 2 +-
32 files changed, 101 insertions(+), 101 deletions(-)
diff --git a/android/a2dp.c b/android/a2dp.c
index e24f793..1d9538a 100644
--- a/android/a2dp.c
+++ b/android/a2dp.c
@@ -428,7 +428,7 @@ static struct a2dp_preset *sbc_select_range(void *caps, uint8_t caps_len,
p = g_new0(struct a2dp_preset, 1);
p->len = conf_len;
- p->data = g_memdup(conf, p->len);
+ p->data = g_memdup2(conf, p->len);
return p;
}
@@ -448,7 +448,7 @@ static struct a2dp_preset *aac_select_range(void *caps, uint8_t caps_len,
p = g_new0(struct a2dp_preset, 1);
p->len = conf_len;
- p->data = g_memdup(conf, p->len);
+ p->data = g_memdup2(conf, p->len);
return p;
}
@@ -1036,7 +1036,7 @@ static gboolean sep_setconf_ind(struct avdtp *session,
preset = g_new0(struct a2dp_preset, 1);
preset->len = cap->length - sizeof(*codec);
- preset->data = g_memdup(codec->data, preset->len);
+ preset->data = g_memdup2(codec->data, preset->len);
if (check_config(endpoint, preset) < 0) {
preset_free(preset);
@@ -1365,7 +1365,7 @@ static GSList *parse_presets(const struct audio_preset *p, uint8_t count,
preset = g_new0(struct a2dp_preset, 1);
preset->len = p->len;
- preset->data = g_memdup(p->data, preset->len);
+ preset->data = g_memdup2(p->data, preset->len);
l = g_slist_append(l, preset);
len -= preset->len;
diff --git a/android/avctp.c b/android/avctp.c
index c2ea5f4..d1b8fe3 100644
--- a/android/avctp.c
+++ b/android/avctp.c
@@ -1179,7 +1179,7 @@ static int avctp_send_req(struct avctp *session, uint8_t code, uint8_t subunit,
for (i = 0; i < iov_cnt; i++) {
pdu[i].iov_len = iov[i].iov_len;
- pdu[i].iov_base = g_memdup(iov[i].iov_base, iov[i].iov_len);
+ pdu[i].iov_base = g_memdup2(iov[i].iov_base, iov[i].iov_len);
}
req = g_new0(struct avctp_control_req, 1);
@@ -1220,7 +1220,7 @@ int avctp_send_browsing_req(struct avctp *session,
for (i = 0; i < iov_cnt; i++) {
pdu[i].iov_len = iov[i].iov_len;
- pdu[i].iov_base = g_memdup(iov[i].iov_base, iov[i].iov_len);
+ pdu[i].iov_base = g_memdup2(iov[i].iov_base, iov[i].iov_len);
}
req = g_new0(struct avctp_browsing_req, 1);
diff --git a/android/avrcp-lib.c b/android/avrcp-lib.c
index 2007d09..ededdcf 100644
--- a/android/avrcp-lib.c
+++ b/android/avrcp-lib.c
@@ -2620,7 +2620,7 @@ static char *parse_folder_list(uint8_t *params, uint16_t params_len,
return NULL;
}
- folders[count] = g_memdup(&params[i], len);
+ folders[count] = g_memdup2(&params[i], len);
i += len;
}
diff --git a/android/gatt.c b/android/gatt.c
index a8a0c48..6e8c431 100644
--- a/android/gatt.c
+++ b/android/gatt.c
@@ -1338,7 +1338,7 @@ static void discover_primary_cb(uint8_t status, GSList *services,
}
bt_uuid_to_uuid128(&uuid, &u128);
- new_uuid = g_memdup(&u128.value.u128, sizeof(u128.value.u128));
+ new_uuid = g_memdup2(&u128.value.u128, sizeof(u128.value.u128));
uuids = g_slist_prepend(uuids, new_uuid);
}
@@ -6633,7 +6633,7 @@ static uint8_t write_prep_request(const uint8_t *cmd, uint16_t cmd_len,
queue_push_tail(dev->pending_requests, data);
- data->value = g_memdup(value, vlen);
+ data->value = g_memdup2(value, vlen);
data->length = vlen;
if (!gatt_db_attribute_write(attrib, offset, value, vlen, cmd[0],
diff --git a/android/hidhost.c b/android/hidhost.c
index 016382e..6f0ec85 100644
--- a/android/hidhost.c
+++ b/android/hidhost.c
@@ -689,7 +689,7 @@ static void hid_sdp_search_cb(sdp_list_t *recs, int err, gpointer data)
goto fail;
dev->rd_size = data->unitSize;
- dev->rd_data = g_memdup(data->val.str, data->unitSize);
+ dev->rd_data = g_memdup2(data->val.str, data->unitSize);
}
}
diff --git a/android/tester-main.c b/android/tester-main.c
index 2bfa770..c09bc0a 100644
--- a/android/tester-main.c
+++ b/android/tester-main.c
@@ -1253,7 +1253,7 @@ static bt_property_t *copy_properties(int num_properties,
for (i = 0; i < num_properties; i++) {
props[i].type = properties[i].type;
props[i].len = properties[i].len;
- props[i].val = g_memdup(properties[i].val, properties[i].len);
+ props[i].val = g_memdup2(properties[i].val, properties[i].len);
}
return props;
@@ -1268,7 +1268,7 @@ static bt_property_t *repack_properties(int num_properties,
for (i = 0; i < num_properties; i++) {
props[i].type = properties[i]->type;
props[i].len = properties[i]->len;
- props[i].val = g_memdup(properties[i]->val, properties[i]->len);
+ props[i].val = g_memdup2(properties[i]->val, properties[i]->len);
}
return props;
@@ -1281,7 +1281,7 @@ static bt_property_t *create_property(bt_property_type_t type, void *val,
prop->type = type;
prop->len = len;
- prop->val = g_memdup(val, len);
+ prop->val = g_memdup2(val, len);
return prop;
}
@@ -1615,7 +1615,7 @@ static void gattc_search_result_cb(int conn_id, btgatt_srvc_id_t *srvc_id)
step->callback = CB_GATTC_SEARCH_RESULT;
step->callback_result.conn_id = conn_id;
- step->callback_result.service = g_memdup(srvc_id, sizeof(*srvc_id));
+ step->callback_result.service = g_memdup2(srvc_id, sizeof(*srvc_id));
schedule_callback_verification(step);
}
@@ -1639,8 +1639,8 @@ static void gattc_get_characteristic_cb(int conn_id, int status,
step->callback = CB_GATTC_GET_CHARACTERISTIC;
step->callback_result.status = status;
step->callback_result.conn_id = conn_id;
- step->callback_result.service = g_memdup(srvc_id, sizeof(*srvc_id));
- step->callback_result.characteristic = g_memdup(char_id,
+ step->callback_result.service = g_memdup2(srvc_id, sizeof(*srvc_id));
+ step->callback_result.characteristic = g_memdup2(char_id,
sizeof(*char_id));
step->callback_result.char_prop = char_prop;
@@ -1656,10 +1656,10 @@ static void gattc_get_descriptor_cb(int conn_id, int status,
step->callback = CB_GATTC_GET_DESCRIPTOR;
step->callback_result.status = status;
step->callback_result.conn_id = conn_id;
- step->callback_result.service = g_memdup(srvc_id, sizeof(*srvc_id));
- step->callback_result.characteristic = g_memdup(char_id,
+ step->callback_result.service = g_memdup2(srvc_id, sizeof(*srvc_id));
+ step->callback_result.characteristic = g_memdup2(char_id,
sizeof(*char_id));
- step->callback_result.descriptor = g_memdup(descr_id,
+ step->callback_result.descriptor = g_memdup2(descr_id,
sizeof(*descr_id));
schedule_callback_verification(step);
@@ -1673,8 +1673,8 @@ static void gattc_get_included_service_cb(int conn_id, int status,
step->callback = CB_GATTC_GET_INCLUDED_SERVICE;
step->callback_result.status = status;
step->callback_result.conn_id = conn_id;
- step->callback_result.service = g_memdup(srvc_id, sizeof(*srvc_id));
- step->callback_result.included = g_memdup(incl_srvc_id,
+ step->callback_result.service = g_memdup2(srvc_id, sizeof(*srvc_id));
+ step->callback_result.included = g_memdup2(incl_srvc_id,
sizeof(*srvc_id));
schedule_callback_verification(step);
@@ -1688,7 +1688,7 @@ static void gattc_read_characteristic_cb(int conn_id, int status,
step->callback = CB_GATTC_READ_CHARACTERISTIC;
step->callback_result.status = status;
step->callback_result.conn_id = conn_id;
- step->callback_result.read_params = g_memdup(p_data, sizeof(*p_data));
+ step->callback_result.read_params = g_memdup2(p_data, sizeof(*p_data));
schedule_callback_verification(step);
}
@@ -1701,7 +1701,7 @@ static void gattc_read_descriptor_cb(int conn_id, int status,
step->callback = CB_GATTC_READ_DESCRIPTOR;
step->callback_result.status = status;
step->callback_result.conn_id = conn_id;
- step->callback_result.read_params = g_memdup(p_data, sizeof(*p_data));
+ step->callback_result.read_params = g_memdup2(p_data, sizeof(*p_data));
schedule_callback_verification(step);
}
@@ -1714,7 +1714,7 @@ static void gattc_write_characteristic_cb(int conn_id, int status,
step->callback = CB_GATTC_WRITE_CHARACTERISTIC;
step->callback_result.status = status;
step->callback_result.conn_id = conn_id;
- step->callback_result.write_params = g_memdup(p_data, sizeof(*p_data));
+ step->callback_result.write_params = g_memdup2(p_data, sizeof(*p_data));
schedule_callback_verification(step);
}
@@ -1727,7 +1727,7 @@ static void gattc_write_descriptor_cb(int conn_id, int status,
step->callback = CB_GATTC_WRITE_DESCRIPTOR;
step->callback_result.status = status;
step->callback_result.conn_id = conn_id;
- step->callback_result.write_params = g_memdup(p_data, sizeof(*p_data));
+ step->callback_result.write_params = g_memdup2(p_data, sizeof(*p_data));
schedule_callback_verification(step);
}
@@ -1742,8 +1742,8 @@ static void gattc_register_for_notification_cb(int conn_id, int registered,
step->callback = CB_GATTC_REGISTER_FOR_NOTIFICATION;
step->callback_result.status = status;
step->callback_result.conn_id = conn_id;
- step->callback_result.service = g_memdup(srvc_id, sizeof(*srvc_id));
- step->callback_result.characteristic = g_memdup(char_id,
+ step->callback_result.service = g_memdup2(srvc_id, sizeof(*srvc_id));
+ step->callback_result.characteristic = g_memdup2(char_id,
sizeof(*char_id));
step->callback_result.notification_registered = registered;
@@ -1756,7 +1756,7 @@ static void gattc_notif_cb(int conn_id, btgatt_notify_params_t *p_data)
step->callback = CB_GATTC_NOTIFY;
step->callback_result.conn_id = conn_id;
- step->callback_result.notify_params = g_memdup(p_data, sizeof(*p_data));
+ step->callback_result.notify_params = g_memdup2(p_data, sizeof(*p_data));
schedule_callback_verification(step);
}
@@ -1827,8 +1827,8 @@ static void gatts_service_added_cb(int status, int server_if,
step->callback_result.status = status;
step->callback_result.gatt_app_id = server_if;
- step->callback_result.service = g_memdup(srvc_id, sizeof(*srvc_id));
- step->callback_result.srvc_handle = g_memdup(&srvc_handle,
+ step->callback_result.service = g_memdup2(srvc_id, sizeof(*srvc_id));
+ step->callback_result.srvc_handle = g_memdup2(&srvc_handle,
sizeof(srvc_handle));
schedule_callback_verification(step);
@@ -1844,9 +1844,9 @@ static void gatts_included_service_added_cb(int status, int server_if,
step->callback_result.status = status;
step->callback_result.gatt_app_id = server_if;
- step->callback_result.srvc_handle = g_memdup(&srvc_handle,
+ step->callback_result.srvc_handle = g_memdup2(&srvc_handle,
sizeof(srvc_handle));
- step->callback_result.inc_srvc_handle = g_memdup(&inc_srvc_handle,
+ step->callback_result.inc_srvc_handle = g_memdup2(&inc_srvc_handle,
sizeof(inc_srvc_handle));
schedule_callback_verification(step);
@@ -1863,10 +1863,10 @@ static void gatts_characteristic_added_cb(int status, int server_if,
step->callback_result.status = status;
step->callback_result.gatt_app_id = server_if;
- step->callback_result.srvc_handle = g_memdup(&srvc_handle,
+ step->callback_result.srvc_handle = g_memdup2(&srvc_handle,
sizeof(srvc_handle));
- step->callback_result.uuid = g_memdup(uuid, sizeof(*uuid));
- step->callback_result.char_handle = g_memdup(&char_handle,
+ step->callback_result.uuid = g_memdup2(uuid, sizeof(*uuid));
+ step->callback_result.char_handle = g_memdup2(&char_handle,
sizeof(char_handle));
schedule_callback_verification(step);
@@ -1883,10 +1883,10 @@ static void gatts_descriptor_added_cb(int status, int server_if,
step->callback_result.status = status;
step->callback_result.gatt_app_id = server_if;
- step->callback_result.srvc_handle = g_memdup(&srvc_handle,
+ step->callback_result.srvc_handle = g_memdup2(&srvc_handle,
sizeof(srvc_handle));
- step->callback_result.uuid = g_memdup(uuid, sizeof(*uuid));
- step->callback_result.desc_handle = g_memdup(&desc_handle,
+ step->callback_result.uuid = g_memdup2(uuid, sizeof(*uuid));
+ step->callback_result.desc_handle = g_memdup2(&desc_handle,
sizeof(desc_handle));
schedule_callback_verification(step);
@@ -1900,7 +1900,7 @@ static void gatts_service_started_cb(int status, int server_if, int srvc_handle)
step->callback_result.status = status;
step->callback_result.gatt_app_id = server_if;
- step->callback_result.srvc_handle = g_memdup(&srvc_handle,
+ step->callback_result.srvc_handle = g_memdup2(&srvc_handle,
sizeof(srvc_handle));
schedule_callback_verification(step);
@@ -1914,7 +1914,7 @@ static void gatts_service_stopped_cb(int status, int server_if, int srvc_handle)
step->callback_result.status = status;
step->callback_result.gatt_app_id = server_if;
- step->callback_result.srvc_handle = g_memdup(&srvc_handle,
+ step->callback_result.srvc_handle = g_memdup2(&srvc_handle,
sizeof(srvc_handle));
schedule_callback_verification(step);
@@ -1928,7 +1928,7 @@ static void gatts_service_deleted_cb(int status, int server_if, int srvc_handle)
step->callback_result.status = status;
step->callback_result.gatt_app_id = server_if;
- step->callback_result.srvc_handle = g_memdup(&srvc_handle,
+ step->callback_result.srvc_handle = g_memdup2(&srvc_handle,
sizeof(srvc_handle));
schedule_callback_verification(step);
@@ -1945,7 +1945,7 @@ static void gatts_request_read_cb(int conn_id, int trans_id, bt_bdaddr_t *bda,
step->callback_result.conn_id = conn_id;
step->callback_result.trans_id = trans_id;
- step->callback_result.attr_handle = g_memdup(&attr_handle,
+ step->callback_result.attr_handle = g_memdup2(&attr_handle,
sizeof(attr_handle));
step->callback_result.offset = offset;
step->callback_result.is_long = is_long;
@@ -1974,13 +1974,13 @@ static void gatts_request_write_cb(int conn_id, int trans_id, bt_bdaddr_t *bda,
step->callback_result.conn_id = conn_id;
step->callback_result.trans_id = trans_id;
- step->callback_result.attr_handle = g_memdup(&attr_handle,
+ step->callback_result.attr_handle = g_memdup2(&attr_handle,
sizeof(attr_handle));
step->callback_result.offset = offset;
step->callback_result.length = length;
step->callback_result.need_rsp = need_rsp;
step->callback_result.is_prep = is_prep;
- step->callback_result.value = g_memdup(&value, length);
+ step->callback_result.value = g_memdup2(&value, length);
/* Utilize property verification mechanism for bdaddr */
props[0] = create_property(BT_PROPERTY_BDADDR, bda, sizeof(*bda));
@@ -2169,7 +2169,7 @@ static btmce_mas_instance_t *copy_mas_instances(int num_instances,
inst[i].id = instances[i].id;
inst[i].scn = instances[i].scn;
inst[i].msg_types = instances[i].msg_types;
- inst[i].p_name = g_memdup(instances[i].p_name,
+ inst[i].p_name = g_memdup2(instances[i].p_name,
strlen(instances[i].p_name));
}
diff --git a/attrib/gatt.c b/attrib/gatt.c
index 46b2ca3..1f30764 100644
--- a/attrib/gatt.c
+++ b/attrib/gatt.c
@@ -696,7 +696,7 @@ guint gatt_discover_char(GAttrib *attrib, uint16_t start, uint16_t end,
dc->user_data = user_data;
dc->end = end;
dc->start = start;
- dc->uuid = g_memdup(uuid, sizeof(bt_uuid_t));
+ dc->uuid = g_memdup2(uuid, sizeof(bt_uuid_t));
dc->id = g_attrib_send(attrib, 0, buf, plen, char_discovered_cb,
discover_char_ref(dc), discover_char_unref);
@@ -964,7 +964,7 @@ guint gatt_write_char(GAttrib *attrib, uint16_t handle, const uint8_t *value,
long_write->func = func;
long_write->user_data = user_data;
long_write->handle = handle;
- long_write->value = g_memdup(value, vlen);
+ long_write->value = g_memdup2(value, vlen);
long_write->vlen = vlen;
return prepare_write(long_write);
@@ -1130,7 +1130,7 @@ guint gatt_discover_desc(GAttrib *attrib, uint16_t start, uint16_t end,
dd->user_data = user_data;
dd->start = start;
dd->end = end;
- dd->uuid = g_memdup(uuid, sizeof(bt_uuid_t));
+ dd->uuid = g_memdup2(uuid, sizeof(bt_uuid_t));
dd->id = g_attrib_send(attrib, 0, buf, plen, desc_discovered_cb,
discover_desc_ref(dd), discover_desc_unref);
diff --git a/client/gatt.c b/client/gatt.c
index 21fd38e..d302183 100644
--- a/client/gatt.c
+++ b/client/gatt.c
@@ -790,7 +790,7 @@ static uint8_t *str2bytearray(char *arg, size_t *val_len)
*val_len = i;
- return g_memdup(value, i);
+ return g_memdup2(value, i);
}
void gatt_write_attribute(GDBusProxy *proxy, int argc, char *argv[])
diff --git a/gobex/gobex-header.c b/gobex/gobex-header.c
index 011d33d..c56be2f 100644
--- a/gobex/gobex-header.c
+++ b/gobex/gobex-header.c
@@ -222,7 +222,7 @@ GObexHeader *g_obex_header_decode(const void *data, gsize len,
switch (data_policy) {
case G_OBEX_DATA_COPY:
- header->v.data = g_memdup(ptr, header->vlen);
+ header->v.data = g_memdup2(ptr, header->vlen);
break;
case G_OBEX_DATA_REF:
header->extdata = TRUE;
@@ -410,7 +410,7 @@ GObexHeader *g_obex_header_new_bytes(guint8 id, const void *data, gsize len)
header->id = id;
header->vlen = len;
header->hlen = len + 3;
- header->v.data = g_memdup(data, len);
+ header->v.data = g_memdup2(data, len);
return header;
}
diff --git a/gobex/gobex-packet.c b/gobex/gobex-packet.c
index 11937a5..18da6ea 100644
--- a/gobex/gobex-packet.c
+++ b/gobex/gobex-packet.c
@@ -201,7 +201,7 @@ gboolean g_obex_packet_set_data(GObexPacket *pkt, const void *data, gsize len,
switch (data_policy) {
case G_OBEX_DATA_COPY:
- pkt->data.buf = g_memdup(data, len);
+ pkt->data.buf = g_memdup2(data, len);
break;
case G_OBEX_DATA_REF:
pkt->data.buf_ref = data;
diff --git a/obexd/src/obex.c b/obexd/src/obex.c
index 9f992ec..151d956 100644
--- a/obexd/src/obex.c
+++ b/obexd/src/obex.c
@@ -594,7 +594,7 @@ static void parse_apparam(struct obex_session *os, GObexPacket *req)
if (!g_obex_header_get_bytes(hdr, &apparam, &len))
return;
- os->apparam = g_memdup(apparam, len);
+ os->apparam = g_memdup2(apparam, len);
os->apparam_len = len;
DBG("APPARAM");
}
diff --git a/plugins/neard.c b/plugins/neard.c
index e07b511..a806bb7 100644
--- a/plugins/neard.c
+++ b/plugins/neard.c
@@ -407,10 +407,10 @@ static int process_nokia_long (void *data, size_t size, uint8_t marker,
remote->name = g_strndup((char *)n->name, n->name_len);
if (marker == 0x01) {
- remote->pin = g_memdup(n->authentication, 4);
+ remote->pin = g_memdup2(n->authentication, 4);
remote->pin_len = 4;
} else if (marker == 0x02) {
- remote->pin = g_memdup(n->authentication, 16);
+ remote->pin = g_memdup2(n->authentication, 16);
remote->pin_len = 16;
}
@@ -439,7 +439,7 @@ static int process_nokia_short (void *data, size_t size,
if (n->name_len > 0)
remote->name = g_strndup((char *)n->name, n->name_len);
- remote->pin = g_memdup(n->authentication, 4);
+ remote->pin = g_memdup2(n->authentication, 4);
remote->pin_len = 4;
return 0;
diff --git a/plugins/policy.c b/plugins/policy.c
index bf93df0..79943fc 100644
--- a/plugins/policy.c
+++ b/plugins/policy.c
@@ -855,7 +855,7 @@ static int policy_init(void)
reconnect_attempts = default_attempts;
reconnect_intervals_len = sizeof(default_intervals) /
sizeof(*reconnect_intervals);
- reconnect_intervals = g_memdup(default_intervals,
+ reconnect_intervals = g_memdup2(default_intervals,
sizeof(default_intervals));
goto done;
}
@@ -886,7 +886,7 @@ static int policy_init(void)
g_clear_error(&gerr);
reconnect_intervals_len = sizeof(default_intervals) /
sizeof(*reconnect_intervals);
- reconnect_intervals = g_memdup(default_intervals,
+ reconnect_intervals = g_memdup2(default_intervals,
sizeof(default_intervals));
}
diff --git a/profiles/audio/avctp.c b/profiles/audio/avctp.c
index 50de336..2733a76 100644
--- a/profiles/audio/avctp.c
+++ b/profiles/audio/avctp.c
@@ -1731,7 +1731,7 @@ static int avctp_send_req(struct avctp *session, uint8_t code,
req->subunit = subunit;
req->op = opcode;
req->func = func;
- req->operands = g_memdup(operands, operand_count);
+ req->operands = g_memdup2(operands, operand_count);
req->operand_count = operand_count;
req->user_data = user_data;
@@ -1769,7 +1769,7 @@ int avctp_send_browsing_req(struct avctp *session,
req = g_new0(struct avctp_browsing_req, 1);
req->func = func;
- req->operands = g_memdup(operands, operand_count);
+ req->operands = g_memdup2(operands, operand_count);
req->operand_count = operand_count;
req->user_data = user_data;
diff --git a/profiles/audio/avrcp.c b/profiles/audio/avrcp.c
index 05dd791..e23228d 100644
--- a/profiles/audio/avrcp.c
+++ b/profiles/audio/avrcp.c
@@ -1297,7 +1297,7 @@ static uint8_t avrcp_handle_get_current_player_value(struct avrcp *session,
* Save a copy of requested settings because we can override them
* while responding
*/
- settings = g_memdup(&pdu->params[1], pdu->params[0]);
+ settings = g_memdup2(&pdu->params[1], pdu->params[0]);
len = 0;
/*
@@ -2786,7 +2786,7 @@ static gboolean avrcp_set_browsed_player_rsp(struct avctp *conn,
break;
}
- folders[count] = g_memdup(&pdu->params[i], len);
+ folders[count] = g_memdup2(&pdu->params[i], len);
i += len;
}
@@ -2873,7 +2873,7 @@ static void avrcp_player_parse_features(struct avrcp_player *player,
{
struct media_player *mp = player->user_data;
- player->features = g_memdup(features, 16);
+ player->features = g_memdup2(features, 16);
if (features[7] & 0x08) {
media_player_set_browsable(mp, true);
diff --git a/profiles/battery/bas.c b/profiles/battery/bas.c
index 3c6173b..b223fbe 100644
--- a/profiles/battery/bas.c
+++ b/profiles/battery/bas.c
@@ -75,7 +75,7 @@ struct bt_bas *bt_bas_new(void *primary)
bas->gatt_op = queue_new();
if (primary)
- bas->primary = g_memdup(primary, sizeof(*bas->primary));
+ bas->primary = g_memdup2(primary, sizeof(*bas->primary));
return bt_bas_ref(bas);
}
diff --git a/profiles/battery/battery.c b/profiles/battery/battery.c
index 176d127..3b5aa5c 100644
--- a/profiles/battery/battery.c
+++ b/profiles/battery/battery.c
@@ -159,7 +159,7 @@ static void read_initial_battery_level_cb(bool success,
if (!length)
return;
- batt->initial_value = g_memdup(value, length);
+ batt->initial_value = g_memdup2(value, length);
/* request notify */
batt->batt_level_cb_id =
diff --git a/profiles/deviceinfo/dis.c b/profiles/deviceinfo/dis.c
index 87fa633..79d98c3 100644
--- a/profiles/deviceinfo/dis.c
+++ b/profiles/deviceinfo/dis.c
@@ -143,7 +143,7 @@ struct bt_dis *bt_dis_new_primary(void *primary)
dis->gatt_op = queue_new();
if (primary)
- dis->primary = g_memdup(primary, sizeof(*dis->primary));
+ dis->primary = g_memdup2(primary, sizeof(*dis->primary));
return bt_dis_ref(dis);
}
diff --git a/profiles/input/hog-lib.c b/profiles/input/hog-lib.c
index e5e3d3e..3652bdf 100644
--- a/profiles/input/hog-lib.c
+++ b/profiles/input/hog-lib.c
@@ -514,7 +514,7 @@ static void report_read_cb(guint8 status, const guint8 *pdu, guint16 len,
if (report->value)
g_free(report->value);
- report->value = g_memdup(pdu, len);
+ report->value = g_memdup2(pdu, len);
report->len = len;
}
@@ -1595,7 +1595,7 @@ static void hog_attach_hog(struct bt_hog *hog, struct gatt_primary *primary)
struct bt_hog *instance;
if (!hog->primary) {
- hog->primary = g_memdup(primary, sizeof(*primary));
+ hog->primary = g_memdup2(primary, sizeof(*primary));
discover_char(hog, hog->attrib, primary->range.start,
primary->range.end, NULL,
char_discovered_cb, hog);
@@ -1609,7 +1609,7 @@ static void hog_attach_hog(struct bt_hog *hog, struct gatt_primary *primary)
if (!instance)
return;
- instance->primary = g_memdup(primary, sizeof(*primary));
+ instance->primary = g_memdup2(primary, sizeof(*primary));
find_included(instance, hog->attrib, primary->range.start,
primary->range.end, find_included_cb, instance);
diff --git a/profiles/scanparam/scpp.c b/profiles/scanparam/scpp.c
index da38a6a..1134360 100644
--- a/profiles/scanparam/scpp.c
+++ b/profiles/scanparam/scpp.c
@@ -110,7 +110,7 @@ struct bt_scpp *bt_scpp_new(void *primary)
scan->gatt_op = queue_new();
if (primary)
- scan->primary = g_memdup(primary, sizeof(*scan->primary));
+ scan->primary = g_memdup2(primary, sizeof(*scan->primary));
return bt_scpp_ref(scan);
}
diff --git a/src/attrib-server.c b/src/attrib-server.c
index 5a178f9..ce412c3 100644
--- a/src/attrib-server.c
+++ b/src/attrib-server.c
@@ -339,7 +339,7 @@ static struct attribute *attrib_db_add_new(struct gatt_server *server,
a = g_new0(struct attribute, 1);
a->len = len;
- a->data = g_memdup(value, len);
+ a->data = g_memdup2(value, len);
a->handle = handle;
a->uuid = *uuid;
a->read_req = read_req;
diff --git a/src/eir.c b/src/eir.c
index 0f5d14f..ceeb5f7 100644
--- a/src/eir.c
+++ b/src/eir.c
@@ -323,13 +323,13 @@ void eir_parse(struct eir_data *eir, const uint8_t *eir_data, uint8_t eir_len)
case EIR_SSP_HASH:
if (data_len < 16)
break;
- eir->hash = g_memdup(data, 16);
+ eir->hash = g_memdup2(data, 16);
break;
case EIR_SSP_RANDOMIZER:
if (data_len < 16)
break;
- eir->randomizer = g_memdup(data, 16);
+ eir->randomizer = g_memdup2(data, 16);
break;
case EIR_DEVICE_ID:
diff --git a/tools/gatt-service.c b/tools/gatt-service.c
index 631c4f2..1e272a5 100644
--- a/tools/gatt-service.c
+++ b/tools/gatt-service.c
@@ -127,7 +127,7 @@ static gboolean desc_get_value(const GDBusPropertyTable *property,
static void desc_write(struct descriptor *desc, const uint8_t *value, int len)
{
g_free(desc->value);
- desc->value = g_memdup(value, len);
+ desc->value = g_memdup2(value, len);
desc->vlen = len;
g_dbus_emit_property_changed(connection, desc->path,
@@ -265,7 +265,7 @@ static gboolean chr_get_props(const GDBusPropertyTable *property,
static void chr_write(struct characteristic *chr, const uint8_t *value, int len)
{
g_free(chr->value);
- chr->value = g_memdup(value, len);
+ chr->value = g_memdup2(value, len);
chr->vlen = len;
g_dbus_emit_property_changed(connection, chr->path, GATT_CHR_IFACE,
@@ -592,7 +592,7 @@ static gboolean register_characteristic(const char *chr_uuid,
chr = g_new0(struct characteristic, 1);
chr->uuid = g_strdup(chr_uuid);
- chr->value = g_memdup(value, vlen);
+ chr->value = g_memdup2(value, vlen);
chr->vlen = vlen;
chr->props = props;
chr->service = g_strdup(service_path);
diff --git a/tools/mesh-gatt/gatt.c b/tools/mesh-gatt/gatt.c
index b99234f..d7685f0 100644
--- a/tools/mesh-gatt/gatt.c
+++ b/tools/mesh-gatt/gatt.c
@@ -338,7 +338,7 @@ bool mesh_gatt_write(GDBusProxy *proxy, uint8_t *buf, uint16_t len,
/* TODO: should keep in queue in case we need to cancel write? */
data->gatt_len = len;
- data->gatt_data = g_memdup(buf, len);
+ data->gatt_data = g_memdup2(buf, len);
data->gatt_data[0] &= GATT_TYPE_MASK;
data->iov.iov_base = data->gatt_data;
data->iov.iov_len = len;
diff --git a/unit/test-avctp.c b/unit/test-avctp.c
index fa7db59..0bd138e 100644
--- a/unit/test-avctp.c
+++ b/unit/test-avctp.c
@@ -53,7 +53,7 @@ struct context {
#define raw_pdu(args...) \
{ \
.valid = true, \
- .data = g_memdup(data(args), sizeof(data(args))), \
+ .data = g_memdup2(data(args), sizeof(data(args))), \
.size = sizeof(data(args)), \
}
@@ -64,7 +64,7 @@ struct context {
}; \
static struct test_data data; \
data.test_name = g_strdup(name); \
- data.pdu_list = g_memdup(pdus, sizeof(pdus)); \
+ data.pdu_list = g_memdup2(pdus, sizeof(pdus)); \
tester_add(name, &data, NULL, function, NULL); \
} while (0)
diff --git a/unit/test-avdtp.c b/unit/test-avdtp.c
index f5340d6..d6fdd3d 100644
--- a/unit/test-avdtp.c
+++ b/unit/test-avdtp.c
@@ -48,7 +48,7 @@ struct test_data {
#define raw_pdu(args...) \
{ \
.valid = true, \
- .data = g_memdup(data(args), sizeof(data(args))), \
+ .data = g_memdup2(data(args), sizeof(data(args))), \
.size = sizeof(data(args)), \
}
@@ -56,7 +56,7 @@ struct test_data {
{ \
.valid = true, \
.fragmented = true, \
- .data = g_memdup(data(args), sizeof(data(args))), \
+ .data = g_memdup2(data(args), sizeof(data(args))), \
.size = sizeof(data(args)), \
}
@@ -67,7 +67,7 @@ struct test_data {
}; \
static struct test_data data; \
data.test_name = g_strdup(name); \
- data.pdu_list = g_memdup(pdus, sizeof(pdus)); \
+ data.pdu_list = g_memdup2(pdus, sizeof(pdus)); \
tester_add(name, &data, NULL, function, NULL); \
} while (0)
diff --git a/unit/test-avrcp.c b/unit/test-avrcp.c
index 34a7037..0c860e3 100644
--- a/unit/test-avrcp.c
+++ b/unit/test-avrcp.c
@@ -61,7 +61,7 @@ struct context {
#define raw_pdu(args...) \
{ \
.valid = true, \
- .data = g_memdup(data(args), sizeof(data(args))), \
+ .data = g_memdup2(data(args), sizeof(data(args))), \
.size = sizeof(data(args)), \
}
@@ -69,7 +69,7 @@ struct context {
{ \
.valid = true, \
.browse = true, \
- .data = g_memdup(data(args), sizeof(data(args))), \
+ .data = g_memdup2(data(args), sizeof(data(args))), \
.size = sizeof(data(args)), \
}
@@ -77,7 +77,7 @@ struct context {
{ \
.valid = true, \
.fragmented = true, \
- .data = g_memdup(data(args), sizeof(data(args))), \
+ .data = g_memdup2(data(args), sizeof(data(args))), \
.size = sizeof(data(args)), \
}
@@ -85,7 +85,7 @@ struct context {
{ \
.valid = true, \
.continuing = true, \
- .data = g_memdup(data(args), sizeof(data(args))), \
+ .data = g_memdup2(data(args), sizeof(data(args))), \
.size = sizeof(data(args)), \
}
@@ -96,7 +96,7 @@ struct context {
}; \
static struct test_data data; \
data.test_name = g_strdup(name); \
- data.pdu_list = g_memdup(pdus, sizeof(pdus)); \
+ data.pdu_list = g_memdup2(pdus, sizeof(pdus)); \
tester_add(name, &data, NULL, function, NULL); \
} while (0)
diff --git a/unit/test-gatt.c b/unit/test-gatt.c
index 4aa87d0..ab16818 100644
--- a/unit/test-gatt.c
+++ b/unit/test-gatt.c
@@ -73,7 +73,7 @@ struct context {
#define raw_pdu(args...) \
{ \
.valid = true, \
- .data = g_memdup(data(args), sizeof(data(args))), \
+ .data = g_memdup2(data(args), sizeof(data(args))), \
.size = sizeof(data(args)), \
}
@@ -94,7 +94,7 @@ struct context {
data.uuid = bt_uuid; \
data.step = test_step; \
data.source_db = db; \
- data.pdu_list = g_memdup(pdus, sizeof(pdus)); \
+ data.pdu_list = g_memdup2(pdus, sizeof(pdus)); \
tester_add(name, &data, NULL, function, NULL); \
} while (0)
diff --git a/unit/test-hfp.c b/unit/test-hfp.c
index f504724..6afc145 100644
--- a/unit/test-hfp.c
+++ b/unit/test-hfp.c
@@ -50,7 +50,7 @@ struct test_data {
#define raw_pdu(args...) \
{ \
.valid = true, \
- .data = g_memdup(data(args), sizeof(data(args))), \
+ .data = g_memdup2(data(args), sizeof(data(args))), \
.size = sizeof(data(args)), \
}
@@ -62,7 +62,7 @@ struct test_data {
#define type_pdu(cmd_type, args...) \
{ \
.valid = true, \
- .data = g_memdup(data(args), sizeof(data(args))), \
+ .data = g_memdup2(data(args), sizeof(data(args))), \
.size = sizeof(data(args)), \
.type = cmd_type, \
}
@@ -70,7 +70,7 @@ struct test_data {
#define frg_pdu(args...) \
{ \
.valid = true, \
- .data = g_memdup(data(args), sizeof(data(args))), \
+ .data = g_memdup2(data(args), sizeof(data(args))), \
.size = sizeof(data(args)), \
.fragmented = true, \
}
@@ -82,7 +82,7 @@ struct test_data {
}; \
static struct test_data data; \
data.test_name = g_strdup(name); \
- data.pdu_list = g_memdup(pdus, sizeof(pdus)); \
+ data.pdu_list = g_memdup2(pdus, sizeof(pdus)); \
data.result_func = result_function; \
tester_add(name, &data, NULL, function, NULL); \
data.test_handler = test_handler; \
@@ -96,7 +96,7 @@ struct test_data {
}; \
static struct test_data data; \
data.test_name = g_strdup(name); \
- data.pdu_list = g_memdup(pdus, sizeof(pdus)); \
+ data.pdu_list = g_memdup2(pdus, sizeof(pdus)); \
data.hf_result_func = result_func; \
data.response_func = response_function; \
tester_add(name, &data, NULL, function, NULL); \
diff --git a/unit/test-hog.c b/unit/test-hog.c
index e6d4aff..edf0633 100644
--- a/unit/test-hog.c
+++ b/unit/test-hog.c
@@ -59,7 +59,7 @@ struct context {
#define raw_pdu(args...) \
{ \
.valid = true, \
- .data = g_memdup(data(args), sizeof(data(args))), \
+ .data = g_memdup2(data(args), sizeof(data(args))), \
.size = sizeof(data(args)), \
}
@@ -75,7 +75,7 @@ struct context {
}; \
static struct test_data data; \
data.test_name = g_strdup(name); \
- data.pdu_list = g_memdup(pdus, sizeof(pdus)); \
+ data.pdu_list = g_memdup2(pdus, sizeof(pdus)); \
tester_add(name, &data, NULL, function, NULL); \
} while (0)
diff --git a/unit/test-sdp.c b/unit/test-sdp.c
index d3a885f..3a003ff 100644
--- a/unit/test-sdp.c
+++ b/unit/test-sdp.c
@@ -47,14 +47,14 @@ struct test_data {
#define raw_pdu(args...) \
{ \
.valid = true, \
- .raw_data = g_memdup(raw_data(args), sizeof(raw_data(args))), \
+ .raw_data = g_memdup2(raw_data(args), sizeof(raw_data(args))), \
.raw_size = sizeof(raw_data(args)), \
}
#define raw_pdu_cont(cont, args...) \
{ \
.valid = true, \
- .raw_data = g_memdup(raw_data(args), sizeof(raw_data(args))), \
+ .raw_data = g_memdup2(raw_data(args), sizeof(raw_data(args))), \
.raw_size = sizeof(raw_data(args)), \
.cont_len = cont, \
}
@@ -66,7 +66,7 @@ struct test_data {
}; \
static struct test_data data; \
data.mtu = _mtu; \
- data.pdu_list = g_memdup(pdus, sizeof(pdus)); \
+ data.pdu_list = g_memdup2(pdus, sizeof(pdus)); \
tester_add(name, &data, NULL, test_sdp, NULL); \
} while (0)
@@ -92,7 +92,7 @@ struct test_data_de {
#define define_test_de_attr(name, input, exp) \
do { \
static struct test_data_de data; \
- data.input_data = g_memdup(input, sizeof(input)); \
+ data.input_data = g_memdup2(input, sizeof(input)); \
data.input_size = sizeof(input); \
data.expected = exp; \
tester_add("/sdp/DE/ATTR/" name, &data, NULL, \
diff --git a/unit/test-uhid.c b/unit/test-uhid.c
index 001d39a..bfe8369 100644
--- a/unit/test-uhid.c
+++ b/unit/test-uhid.c
@@ -61,7 +61,7 @@ struct context {
}; \
static struct test_data data; \
data.test_name = g_strdup(name); \
- data.pdu_list = g_memdup(pdus, sizeof(pdus)); \
+ data.pdu_list = g_memdup2(pdus, sizeof(pdus)); \
tester_add(name, &data, NULL, function, NULL); \
} while (0)
--
2.31.1

90
0002-hog-Add-input-queue-while-uhid-device-has-not-been-c-rediffed.patch
View File

@ -1,90 +0,0 @@
From 33d13bbc5703185ab3f15e4429df324987f3f225 Mon Sep 17 00:00:00 2001
From: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
Date: Wed, 12 Jan 2022 14:07:36 -0800
Subject: [PATCH 2/2] hog: Add input queue while uhid device has not been
created
Since report map is only read after all reports it is possible to start
receiving notifications before uhid has been created, so this adds a
queue to store the events while the report map is pending and once uhid
has been created dequeue the events.
---
profiles/input/hog-lib.c | 32 +++++++++++++++++++++++++++++---
1 file changed, 29 insertions(+), 3 deletions(-)
diff --git a/profiles/input/hog-lib.c b/profiles/input/hog-lib.c
index beb19af70..0b375feb8 100644
--- a/profiles/input/hog-lib.c
+++ b/profiles/input/hog-lib.c
@@ -98,6 +98,7 @@ struct bt_hog {
struct queue *gatt_op;
struct gatt_db *gatt_db;
struct gatt_db_attribute *report_map_attr;
+ struct queue *input;
};
struct report_map {
@@ -355,11 +356,18 @@ static void report_value_cb(const guint8 *pdu, guint16 len, gpointer user_data)
ev.u.input.size = len;
}
- err = bt_uhid_send(hog->uhid, &ev);
- if (err < 0) {
- error("bt_uhid_send: %s (%d)", strerror(-err), -err);
+ /* If uhid had not been created yet queue up the input */
+ if (!hog->uhid_created) {
+ if (!hog->input)
+ hog->input = queue_new();
+
+ queue_push_tail(hog->input, g_memdup(&ev, sizeof(ev)));
return;
}
+
+ err = bt_uhid_send(hog->uhid, &ev);
+ if (err < 0)
+ error("bt_uhid_send: %s (%d)", strerror(-err), -err);
}
static void report_ccc_written_cb(guint8 status, const guint8 *pdu,
@@ -993,6 +1001,21 @@ static char *item2string(char *str, uint8_t *buf, uint8_t len)
return str;
}
+static bool input_dequeue(const void *data, const void *match_data)
+{
+ const struct uhid_event *ev = data;
+ const struct bt_hog *hog = match_data;
+ int err;
+
+ err = bt_uhid_send(hog->uhid, ev);
+ if (err < 0) {
+ error("bt_uhid_send: %s (%d)", strerror(-err), -err);
+ return false;
+ }
+
+ return true;
+}
+
static void uhid_create(struct bt_hog *hog, uint8_t *report_map,
ssize_t report_map_len)
{
@@ -1072,6 +1095,8 @@ static void uhid_create(struct bt_hog *hog, uint8_t *report_map,
hog->uhid_created = true;
DBG("HoG created uHID device");
+
+ queue_remove_all(hog->input, input_dequeue, hog, free);
}
static void db_report_map_write_value_cb(struct gatt_db_attribute *attr,
@@ -1284,6 +1309,7 @@ static void hog_free(void *data)
bt_hog_detach(hog);
+ queue_destroy(hog->input, free);
queue_destroy(hog->bas, (void *) bt_bas_unref);
g_slist_free_full(hog->instances, hog_free);
--
2.34.1

38
0002-systemd-Add-PrivateTmp-and-NoNewPrivileges-options.patch
View File

@ -1,38 +0,0 @@
From 36a44fc05feebe1aab16c33a1121f952986b2801 Mon Sep 17 00:00:00 2001
From: Craig Andrews <candrews@integralblue.com>
Date: Wed, 13 Sep 2017 15:23:09 +0200
Subject: [PATCH 2/4] systemd: Add PrivateTmp and NoNewPrivileges options
PrivateTmp makes bluetoothd's /tmp and /var/tmp be inside a different
namespace. This is useful to secure access to temporary files of the
process.
NoNewPrivileges ensures that service process and all its children
can never gain new privileges through execve(), lowering the risk of
possible privilege escalations.
---
src/bluetooth.service.in | 6 ++++++
1 file changed, 6 insertions(+)
diff --git a/src/bluetooth.service.in b/src/bluetooth.service.in
index f9faaa452..7c2f60bb4 100644
--- a/src/bluetooth.service.in
+++ b/src/bluetooth.service.in
@@ -12,8 +12,14 @@ NotifyAccess=main
#Restart=on-failure
CapabilityBoundingSet=CAP_NET_ADMIN CAP_NET_BIND_SERVICE
LimitNPROC=1
+
+# Filesystem lockdown
ProtectHome=true
ProtectSystem=full
+PrivateTmp=true
+
+# Privilege escalation
+NoNewPrivileges=true
[Install]
WantedBy=bluetooth.target
--
2.21.0

44
0003-systemd-Add-more-filesystem-lockdown.patch
View File

@ -1,44 +0,0 @@
From 13a348670fef0047555395ce6977e86e0005f8bd Mon Sep 17 00:00:00 2001
From: Bastien Nocera <hadess@hadess.net>
Date: Wed, 13 Sep 2017 15:37:11 +0200
Subject: [PATCH 3/4] systemd: Add more filesystem lockdown
We can only access the configuration file as read-only and read-write
to the Bluetooth cache directory and sub-directories.
---
Makefile.am | 3 +++
src/bluetooth.service.in | 4 ++++
2 files changed, 7 insertions(+)
diff --git a/Makefile.am b/Makefile.am
index ac88c12e0..0a6d09847 100644
--- a/Makefile.am
+++ b/Makefile.am
@@ -617,6 +617,9 @@
SED_PROCESS = $(AM_V_GEN)$(MKDIR_P) $(dir $@) && \
$(SED) -e 's,@pkglibexecdir\@,$(pkglibexecdir),g' \
+ -e 's,@libexecdir\@,$(libexecdir),g' \
+ -e 's,@statedir\@,$(statedir),g' \
+ -e 's,@confdir\@,$(confdir),g' \
< $< > $@
if RUN_RST2MAN
diff --git a/src/bluetooth.service.in b/src/bluetooth.service.in
index 7c2f60bb4..4daedef2a 100644
--- a/src/bluetooth.service.in
+++ b/src/bluetooth.service.in
@@ -17,6 +17,10 @@ LimitNPROC=1
ProtectHome=true
ProtectSystem=full
PrivateTmp=true
+ProtectKernelTunables=true
+ProtectControlGroups=true
+ReadWritePaths=@statedir@
+ReadOnlyPaths=@confdir@
# Privilege escalation
NoNewPrivileges=true
--
2.21.0

20
bluez.spec
View File

@ -5,8 +5,8 @@
%endif %endif
Name: bluez Name: bluez
Version: 5.63 Version: 5.64
Release: 3%{?dist} Release: 1%{?dist}
Summary: Bluetooth utilities Summary: Bluetooth utilities
License: GPLv2+ License: GPLv2+
URL: http://www.bluez.org/ URL: http://www.bluez.org/
@ -16,19 +16,6 @@ Source1: bluez.gitignore
# https://github.com/hadess/bluez/commits/obex-5.46 # https://github.com/hadess/bluez/commits/obex-5.46
Patch1: 0001-obex-Use-GLib-helper-function-to-manipulate-paths.patch Patch1: 0001-obex-Use-GLib-helper-function-to-manipulate-paths.patch
# https://github.com/hadess/bluez/commits/systemd-hardening
Patch2: 0001-build-Always-define-confdir-and-statedir.patch
Patch3: 0002-systemd-Add-PrivateTmp-and-NoNewPrivileges-options.patch
Patch4: 0003-systemd-Add-more-filesystem-lockdown.patch
Patch5: 0004-systemd-More-lockdown.patch
# Fix FTBFS with newer glib versions
Patch6: 0002-Use-g_memdup2-everywhere.patch
# Fix initialization problems with Logitech MX Master mice
# https://bugzilla.redhat.com/show_bug.cgi?id=2019970
# https://github.com/bluez/bluez/issues/220
# Both patches have one rediff necessary to apply to 5.63
Patch7: 0001-hog-Fix-read-order-of-attributes-rediffed.patch
Patch8: 0002-hog-Add-input-queue-while-uhid-device-has-not-been-c-rediffed.patch
BuildRequires: dbus-devel >= 1.6 BuildRequires: dbus-devel >= 1.6
BuildRequires: glib2-devel BuildRequires: glib2-devel
@ -326,6 +313,9 @@ install emulator/btvirt ${RPM_BUILD_ROOT}/%{_libexecdir}/bluetooth/
%{_userunitdir}/obex.service %{_userunitdir}/obex.service
%changelog %changelog
* Mon Mar 21 2022 Peter Robinson <pbrobinson@fedoraproject.org> - 5.64-1
- Update to 5.64
* Wed Jan 19 2022 Fedora Release Engineering <releng@fedoraproject.org> - 5.63-3 * Wed Jan 19 2022 Fedora Release Engineering <releng@fedoraproject.org> - 5.63-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild - Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild

2
sources
View File

@ -1 +1 @@
SHA512 (bluez-5.63.tar.xz) = 1b8ce7b1bd9611873c27a762a60df580edeefe5424e8733a2067b9afb1a47915f9319849bc1eeee148f5b1f33977b7975e05867e8dbdf73d33cd68e6b99ca75b SHA512 (bluez-5.64.tar.xz) = f11f9974b29c5c6fce3890d7e42425c1cb02e42c1b8f49c5cc4b249234e67b64317d0e5e82721e2fbf1b53269c8569a9c869d59ce42b5e927f6622f0753e53cd