From patchwork Tue May 31 07:41:05 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Gopal Tiwari X-Patchwork-Id: 578243 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 3D63DC433FE for ; Tue, 31 May 2022 07:41:37 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S244569AbiEaHlg (ORCPT ); Tue, 31 May 2022 03:41:36 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:39858 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S244561AbiEaHlc (ORCPT ); Tue, 31 May 2022 03:41:32 -0400 Received: from us-smtp-delivery-44.mimecast.com (us-smtp-delivery-44.mimecast.com [205.139.111.44]) by lindbergh.monkeyblade.net (Postfix) with ESMTP id 8C65E8CCEE for ; Tue, 31 May 2022 00:41:30 -0700 (PDT) Received: from mimecast-mx02.redhat.com (mimecast-mx02.redhat.com [66.187.233.88]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id us-mta-558-6BGb8hCeOUCnD5ofEBvGWA-1; Tue, 31 May 2022 03:41:28 -0400 X-MC-Unique: 6BGb8hCeOUCnD5ofEBvGWA-1 Received: from smtp.corp.redhat.com (int-mx07.intmail.prod.int.rdu2.redhat.com [10.11.54.7]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx02.redhat.com (Postfix) with ESMTPS id E4DB085A5B9; Tue, 31 May 2022 07:41:27 +0000 (UTC) Received: from localhost.localdomain.com (unknown [10.64.242.153]) by smtp.corp.redhat.com (Postfix) with ESMTP id 77CFC1410DDB; Tue, 31 May 2022 07:41:25 +0000 (UTC) From: Gopal Tiwari To: linux-bluetooth@vger.kernel.org Cc: luiz.dentz@gmail.com, gtiwari@redhat.com Subject: [Bluez V2 01/13] Fixing memory leak issue in gatt.c Date: Tue, 31 May 2022 13:11:05 +0530 Message-Id: <20220531074117.610321-2-gopalkrishna.tiwari@gmail.com> In-Reply-To: <20220531074117.610321-1-gopalkrishna.tiwari@gmail.com> References: <20220531074117.610321-1-gopalkrishna.tiwari@gmail.com> MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.85 on 10.11.54.7 Precedence: bulk List-ID: X-Mailing-List: linux-bluetooth@vger.kernel.org From: Gopal Tiwari While performing the static tool analysis using coverity tool found following reports Error: RESOURCE_LEAK (CWE-772): bluez-5.64/client/gatt.c:1531: leaked_storage: Variable "service" going out of scope leaks the storage it points to. Error: RESOURCE_LEAK (CWE-772): bluez-5.64/client/gatt.c:2626: leaked_storage: Variable "chrc" going out of scope leaks the storage it points to. Error: RESOURCE_LEAK (CWE-772): bluez-5.64/client/gatt.c:2906: leaked_storage: Variable "desc" going out of scope leaks the storage it points to. Fixing them. Signed-off-by: Gopal Tiwari --- client/gatt.c | 12 +++++++++--- 1 file changed, 9 insertions(+), 3 deletions(-) diff --git a/client/gatt.c b/client/gatt.c index 13872c794..4c1efaf75 100644 --- a/client/gatt.c +++ b/client/gatt.c @@ -1527,8 +1527,10 @@ void gatt_register_service(DBusConnection *conn, GDBusProxy *proxy, if (argc > 2) { service->handle = parse_handle(argv[2]); - if (!service->handle) + if (!service->handle) { + service_free(service); return bt_shell_noninteractive_quit(EXIT_FAILURE); + } } if (g_dbus_register_interface(conn, service->path, @@ -2622,8 +2624,10 @@ void gatt_register_chrc(DBusConnection *conn, GDBusProxy *proxy, if (argc > 3) { chrc->handle = parse_handle(argv[3]); - if (!chrc->handle) + if (!chrc->handle) { + chrc_free(chrc); return bt_shell_noninteractive_quit(EXIT_FAILURE); + } } if (g_dbus_register_interface(conn, chrc->path, CHRC_INTERFACE, @@ -2902,8 +2906,10 @@ void gatt_register_desc(DBusConnection *conn, GDBusProxy *proxy, if (argc > 3) { desc->handle = parse_handle(argv[3]); - if (!desc->handle) + if (!desc->handle) { + desc_free(desc); return bt_shell_noninteractive_quit(EXIT_FAILURE); + } } if (g_dbus_register_interface(conn, desc->path, DESC_INTERFACE, From patchwork Tue May 31 07:41:06 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Gopal Tiwari X-Patchwork-Id: 577494 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id C0127C43217 for ; Tue, 31 May 2022 07:41:37 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S244561AbiEaHlh (ORCPT ); Tue, 31 May 2022 03:41:37 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:39940 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S244566AbiEaHlf (ORCPT ); Tue, 31 May 2022 03:41:35 -0400 Received: from us-smtp-delivery-44.mimecast.com (us-smtp-delivery-44.mimecast.com [205.139.111.44]) by lindbergh.monkeyblade.net (Postfix) with ESMTP id 0C2408D68D for ; Tue, 31 May 2022 00:41:33 -0700 (PDT) Received: from mimecast-mx02.redhat.com (mimecast-mx02.redhat.com [66.187.233.88]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id us-mta-578-sIRHd_r7NjyK8nzKz0QJBw-1; Tue, 31 May 2022 03:41:31 -0400 X-MC-Unique: sIRHd_r7NjyK8nzKz0QJBw-1 Received: from smtp.corp.redhat.com (int-mx07.intmail.prod.int.rdu2.redhat.com [10.11.54.7]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx02.redhat.com (Postfix) with ESMTPS id 35C2E85A5BC; Tue, 31 May 2022 07:41:31 +0000 (UTC) Received: from localhost.localdomain.com (unknown [10.64.242.153]) by smtp.corp.redhat.com (Postfix) with ESMTP id 9F68B140EBD5; Tue, 31 May 2022 07:41:28 +0000 (UTC) From: Gopal Tiwari To: linux-bluetooth@vger.kernel.org Cc: luiz.dentz@gmail.com, gtiwari@redhat.com Subject: [Bluez V2 02/13] Fixing memory leakage in appkey.c Date: Tue, 31 May 2022 13:11:06 +0530 Message-Id: <20220531074117.610321-3-gopalkrishna.tiwari@gmail.com> In-Reply-To: <20220531074117.610321-1-gopalkrishna.tiwari@gmail.com> References: <20220531074117.610321-1-gopalkrishna.tiwari@gmail.com> MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.85 on 10.11.54.7 Precedence: bulk List-ID: X-Mailing-List: linux-bluetooth@vger.kernel.org From: Gopal Tiwari While performing the static analysis using the coverity tool found following memory leak reports bluez-5.64/mesh/appkey.c:143: leaked_storage: Variable "key" going out of scope leaks the storage it points to. Error: RESOURCE_LEAK (CWE-772): bluez-5.64/mesh/appkey.c:146: leaked_storage: Variable "key" going out of scope leaks the storage it points to. Fixing them. Signed-off-by: Gopal Tiwari --- mesh/appkey.c | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/mesh/appkey.c b/mesh/appkey.c index 5088a1812..52fed8c31 100644 --- a/mesh/appkey.c +++ b/mesh/appkey.c @@ -139,11 +139,15 @@ bool appkey_key_init(struct mesh_net *net, uint16_t net_idx, uint16_t app_idx, key->net_idx = net_idx; key->app_idx = app_idx; - if (key_value && !set_key(key, app_idx, key_value, false)) + if (key_value && !set_key(key, app_idx, key_value, false)) { + appkey_key_free(key); return false; + } - if (new_key_value && !set_key(key, app_idx, new_key_value, true)) + if (new_key_value && !set_key(key, app_idx, new_key_value, true)) { + appkey_key_free(key); return false; + } l_queue_push_tail(app_keys, key); From patchwork Tue May 31 07:41:07 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Gopal Tiwari X-Patchwork-Id: 578242 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 5BB39C433F5 for ; Tue, 31 May 2022 07:41:45 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S244571AbiEaHln (ORCPT ); Tue, 31 May 2022 03:41:43 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:40224 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S244563AbiEaHll (ORCPT ); Tue, 31 May 2022 03:41:41 -0400 Received: from us-smtp-delivery-44.mimecast.com (us-smtp-delivery-44.mimecast.com [205.139.111.44]) by lindbergh.monkeyblade.net (Postfix) with ESMTP id 979C6D8C for ; Tue, 31 May 2022 00:41:39 -0700 (PDT) Received: from mimecast-mx02.redhat.com (mx3-rdu2.redhat.com [66.187.233.73]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id us-mta-640-d7R50c5xPaqnTyHzF-qf8Q-1; Tue, 31 May 2022 03:41:34 -0400 X-MC-Unique: d7R50c5xPaqnTyHzF-qf8Q-1 Received: from smtp.corp.redhat.com (int-mx07.intmail.prod.int.rdu2.redhat.com [10.11.54.7]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx02.redhat.com (Postfix) with ESMTPS id 7881A1C0897D; Tue, 31 May 2022 07:41:34 +0000 (UTC) Received: from localhost.localdomain.com (unknown [10.64.242.153]) by smtp.corp.redhat.com (Postfix) with ESMTP id 384C91410F36; Tue, 31 May 2022 07:41:31 +0000 (UTC) From: Gopal Tiwari To: linux-bluetooth@vger.kernel.org Cc: luiz.dentz@gmail.com, gtiwari@redhat.com Subject: [Bluez V2 03/13] Fixing memory leak in jlink.c Date: Tue, 31 May 2022 13:11:07 +0530 Message-Id: <20220531074117.610321-4-gopalkrishna.tiwari@gmail.com> In-Reply-To: <20220531074117.610321-1-gopalkrishna.tiwari@gmail.com> References: <20220531074117.610321-1-gopalkrishna.tiwari@gmail.com> MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.85 on 10.11.54.7 Precedence: bulk List-ID: X-Mailing-List: linux-bluetooth@vger.kernel.org From: Gopal Tiwari While performing static tool analysis using coverity found following reports for resouse leak bluez-5.64/monitor/jlink.c:111: leaked_storage: Variable "so" going out of scope leaks the storage it points to. bluez-5.64/monitor/jlink.c:113: leaked_storage: Variable "so" going out of scope leaks the storage it points to. Fixing them. Signed-off-by: Gopal Tiwari --- monitor/jlink.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/monitor/jlink.c b/monitor/jlink.c index 9aaa4ebd8..f1d8ce660 100644 --- a/monitor/jlink.c +++ b/monitor/jlink.c @@ -107,9 +107,12 @@ int jlink_init(void) !jlink.tif_select || !jlink.setspeed || !jlink.connect || !jlink.getsn || !jlink.emu_getproductname || - !jlink.rtterminal_control || !jlink.rtterminal_read) + !jlink.rtterminal_control || !jlink.rtterminal_read) { + dlclose(so); return -EIO; + } + dlclose(so); return 0; } From patchwork Tue May 31 07:41:08 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Gopal Tiwari X-Patchwork-Id: 577493 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id CA300C433EF for ; Tue, 31 May 2022 07:41:43 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S244566AbiEaHlm (ORCPT ); Tue, 31 May 2022 03:41:42 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:40226 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S244565AbiEaHll (ORCPT ); Tue, 31 May 2022 03:41:41 -0400 Received: from us-smtp-delivery-44.mimecast.com (us-smtp-delivery-44.mimecast.com [207.211.30.44]) by lindbergh.monkeyblade.net (Postfix) with ESMTP id A89C025D3 for ; Tue, 31 May 2022 00:41:40 -0700 (PDT) Received: from mimecast-mx02.redhat.com (mimecast-mx02.redhat.com [66.187.233.88]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id us-mta-179-ifshmUf9PeitAYIII_8KzQ-1; Tue, 31 May 2022 03:41:37 -0400 X-MC-Unique: ifshmUf9PeitAYIII_8KzQ-1 Received: from smtp.corp.redhat.com (int-mx07.intmail.prod.int.rdu2.redhat.com [10.11.54.7]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx02.redhat.com (Postfix) with ESMTPS id 660F1185A79C; Tue, 31 May 2022 07:41:37 +0000 (UTC) Received: from localhost.localdomain.com (unknown [10.64.242.153]) by smtp.corp.redhat.com (Postfix) with ESMTP id 4D698140EBD5; Tue, 31 May 2022 07:41:34 +0000 (UTC) From: Gopal Tiwari To: linux-bluetooth@vger.kernel.org Cc: luiz.dentz@gmail.com, gtiwari@redhat.com Subject: [Bluez V2 04/13] Fixing memory leak in sixaxis.c Date: Tue, 31 May 2022 13:11:08 +0530 Message-Id: <20220531074117.610321-5-gopalkrishna.tiwari@gmail.com> In-Reply-To: <20220531074117.610321-1-gopalkrishna.tiwari@gmail.com> References: <20220531074117.610321-1-gopalkrishna.tiwari@gmail.com> MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.85 on 10.11.54.7 Precedence: bulk List-ID: X-Mailing-List: linux-bluetooth@vger.kernel.org From: Gopal Tiwari While performing static tool analysis using coverity found following reports for resouse leak bluez-5.64/plugins/sixaxis.c:425: alloc_arg: "get_pairing_type_for_device" allocates memory that is stored into "sysfs_path". bluez-5.64/plugins/sixaxis.c:428: leaked_storage: Variable "sysfs_path" going out of scope leaks the storage it points to. Fixing them. Signed-off-by: Gopal Tiwari --- plugins/sixaxis.c | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/plugins/sixaxis.c b/plugins/sixaxis.c index ddecbcccb..10cf15948 100644 --- a/plugins/sixaxis.c +++ b/plugins/sixaxis.c @@ -424,10 +424,15 @@ static void device_added(struct udev_device *udevice) cp = get_pairing_type_for_device(udevice, &bus, &sysfs_path); if (!cp || (cp->type != CABLE_PAIRING_SIXAXIS && - cp->type != CABLE_PAIRING_DS4)) + cp->type != CABLE_PAIRING_DS4)) { + g_free(sysfs_path); return; - if (bus != BUS_USB) + } + + if (bus != BUS_USB) { + g_free(sysfs_path); return; + } info("sixaxis: compatible device connected: %s (%04X:%04X %s)", cp->name, cp->vid, cp->pid, sysfs_path); From patchwork Tue May 31 07:41:09 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Gopal Tiwari X-Patchwork-Id: 577492 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id D8413C433F5 for ; Tue, 31 May 2022 07:42:06 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S244579AbiEaHmF (ORCPT ); Tue, 31 May 2022 03:42:05 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:41174 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S244563AbiEaHmB (ORCPT ); Tue, 31 May 2022 03:42:01 -0400 Received: from us-smtp-delivery-44.mimecast.com (us-smtp-delivery-44.mimecast.com [207.211.30.44]) by lindbergh.monkeyblade.net (Postfix) with ESMTP id B8C6C140C1 for ; Tue, 31 May 2022 00:41:45 -0700 (PDT) Received: from mimecast-mx02.redhat.com (mimecast-mx02.redhat.com [66.187.233.88]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id us-mta-619-faiczsxNPkSRCy644BqX9g-1; Tue, 31 May 2022 03:41:40 -0400 X-MC-Unique: faiczsxNPkSRCy644BqX9g-1 Received: from smtp.corp.redhat.com (int-mx07.intmail.prod.int.rdu2.redhat.com [10.11.54.7]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx02.redhat.com (Postfix) with ESMTPS id 6F40C803B22; Tue, 31 May 2022 07:41:40 +0000 (UTC) Received: from localhost.localdomain.com (unknown [10.64.242.153]) by smtp.corp.redhat.com (Postfix) with ESMTP id 439631410F36; Tue, 31 May 2022 07:41:37 +0000 (UTC) From: Gopal Tiwari To: linux-bluetooth@vger.kernel.org Cc: luiz.dentz@gmail.com, gtiwari@redhat.com Subject: [Bluez V2 05/13] Fixing leaked_handle in cltest.c Date: Tue, 31 May 2022 13:11:09 +0530 Message-Id: <20220531074117.610321-6-gopalkrishna.tiwari@gmail.com> In-Reply-To: <20220531074117.610321-1-gopalkrishna.tiwari@gmail.com> References: <20220531074117.610321-1-gopalkrishna.tiwari@gmail.com> MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.85 on 10.11.54.7 Precedence: bulk List-ID: X-Mailing-List: linux-bluetooth@vger.kernel.org From: Gopal Tiwari While performing static tool analysis using coverity found following reports for resouse leak bluez-5.64/tools/cltest.c:75: leaked_handle: Handle variable "fd" going out of scope leaks the handle. Signed-off-by: Gopal Tiwari --- tools/cltest.c | 1 + 1 file changed, 1 insertion(+) diff --git a/tools/cltest.c b/tools/cltest.c index 2766fcd23..250c93cc7 100644 --- a/tools/cltest.c +++ b/tools/cltest.c @@ -72,6 +72,7 @@ static bool send_message(const bdaddr_t *src, const bdaddr_t *dst, return false; } + close(fd); return true; } From patchwork Tue May 31 07:41:10 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Gopal Tiwari X-Patchwork-Id: 578239 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 6C341C433EF for ; Tue, 31 May 2022 07:42:17 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S244585AbiEaHmP (ORCPT ); Tue, 31 May 2022 03:42:15 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:41264 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S244574AbiEaHmC (ORCPT ); Tue, 31 May 2022 03:42:02 -0400 Received: from us-smtp-delivery-44.mimecast.com (us-smtp-delivery-44.mimecast.com [205.139.111.44]) by lindbergh.monkeyblade.net (Postfix) with ESMTP id B22431583F for ; Tue, 31 May 2022 00:41:45 -0700 (PDT) Received: from mimecast-mx02.redhat.com (mx3-rdu2.redhat.com [66.187.233.73]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id us-mta-516-UNdZwoqWMdi7UZXAgr4LGg-1; Tue, 31 May 2022 03:41:43 -0400 X-MC-Unique: UNdZwoqWMdi7UZXAgr4LGg-1 Received: from smtp.corp.redhat.com (int-mx07.intmail.prod.int.rdu2.redhat.com [10.11.54.7]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx02.redhat.com (Postfix) with ESMTPS id 6B8993810D44; Tue, 31 May 2022 07:41:43 +0000 (UTC) Received: from localhost.localdomain.com (unknown [10.64.242.153]) by smtp.corp.redhat.com (Postfix) with ESMTP id 446961410DDB; Tue, 31 May 2022 07:41:40 +0000 (UTC) From: Gopal Tiwari To: linux-bluetooth@vger.kernel.org Cc: luiz.dentz@gmail.com, gtiwari@redhat.com Subject: [Bluez V2 06/13] Fixing leaked_handle in create-image.c Date: Tue, 31 May 2022 13:11:10 +0530 Message-Id: <20220531074117.610321-7-gopalkrishna.tiwari@gmail.com> In-Reply-To: <20220531074117.610321-1-gopalkrishna.tiwari@gmail.com> References: <20220531074117.610321-1-gopalkrishna.tiwari@gmail.com> MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.85 on 10.11.54.7 Precedence: bulk List-ID: X-Mailing-List: linux-bluetooth@vger.kernel.org From: Gopal Tiwari While performing static tool analysis using coverity found following reports for resouse leak bluez-5.64/tools/create-image.c:124: leaked_storage: Variable "map" going out of scope leaks the storage it points to. Signed-off-by: Gopal Tiwari --- tools/create-image.c | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/tools/create-image.c b/tools/create-image.c index aba940da7..90cd87315 100644 --- a/tools/create-image.c +++ b/tools/create-image.c @@ -97,12 +97,13 @@ static void write_block(FILE *fp, const char *pathname, unsigned int ino, map = mmap(NULL, st.st_size, PROT_READ, MAP_SHARED, fd, 0); if (!map || map == MAP_FAILED) { - close(fd); - fd = -1; map = NULL; st.st_size = 0; } + close(fd); + fd = -1; + done: fprintf(fp, HDR_FMT, HDR_MAGIC, ino, mode, 0, 0, 1, 0, (uintmax_t) st.st_size, 0, 0, 0, 0, namelen + 1, 0, name); @@ -117,9 +118,7 @@ done: pad = 3 - ((st.st_size + 3) % 4); for (i = 0; i < pad; i++) fputc(0, fp); - munmap(map, st.st_size); - close(fd); } } From patchwork Tue May 31 07:41:11 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Gopal Tiwari X-Patchwork-Id: 578241 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 39C02C433FE for ; Tue, 31 May 2022 07:42:10 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S244578AbiEaHmG (ORCPT ); Tue, 31 May 2022 03:42:06 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:41060 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S240481AbiEaHmD (ORCPT ); Tue, 31 May 2022 03:42:03 -0400 Received: from us-smtp-delivery-44.mimecast.com (us-smtp-delivery-44.mimecast.com [207.211.30.44]) by lindbergh.monkeyblade.net (Postfix) with ESMTP id 1949B17055 for ; Tue, 31 May 2022 00:41:49 -0700 (PDT) Received: from mimecast-mx02.redhat.com (mimecast-mx02.redhat.com [66.187.233.88]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id us-mta-281-w-maGEfnNiSnBDBlYG4rww-1; Tue, 31 May 2022 03:41:47 -0400 X-MC-Unique: w-maGEfnNiSnBDBlYG4rww-1 Received: from smtp.corp.redhat.com (int-mx07.intmail.prod.int.rdu2.redhat.com [10.11.54.7]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx02.redhat.com (Postfix) with ESMTPS id A6CD1185A7A4; Tue, 31 May 2022 07:41:46 +0000 (UTC) Received: from localhost.localdomain.com (unknown [10.64.242.153]) by smtp.corp.redhat.com (Postfix) with ESMTP id 65859140EBD5; Tue, 31 May 2022 07:41:43 +0000 (UTC) From: Gopal Tiwari To: linux-bluetooth@vger.kernel.org Cc: luiz.dentz@gmail.com, gtiwari@redhat.com Subject: [Bluez V2 07/13] Fixing leaked_handle in l2cap-tester.c Date: Tue, 31 May 2022 13:11:11 +0530 Message-Id: <20220531074117.610321-8-gopalkrishna.tiwari@gmail.com> In-Reply-To: <20220531074117.610321-1-gopalkrishna.tiwari@gmail.com> References: <20220531074117.610321-1-gopalkrishna.tiwari@gmail.com> MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.85 on 10.11.54.7 Precedence: bulk List-ID: X-Mailing-List: linux-bluetooth@vger.kernel.org From: Gopal Tiwari While performing static tool analysis using coverity found following reports for resouse leak bluez-5.64/tools/l2cap-tester.c:1712: leaked_handle: Handle variable "new_sk" going out of scope leaks the handle. Signed-off-by: Gopal Tiwari --- tools/l2cap-tester.c | 1 + 1 file changed, 1 insertion(+) diff --git a/tools/l2cap-tester.c b/tools/l2cap-tester.c index d78b1e29c..3f0464013 100644 --- a/tools/l2cap-tester.c +++ b/tools/l2cap-tester.c @@ -1709,6 +1709,7 @@ static gboolean l2cap_listen_cb(GIOChannel *io, GIOCondition cond, if (!check_mtu(data, new_sk)) { tester_test_failed(); + close(new_sk); return FALSE; } From patchwork Tue May 31 07:41:12 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Gopal Tiwari X-Patchwork-Id: 577489 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 29769C433FE for ; Tue, 31 May 2022 07:42:18 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S244596AbiEaHmR (ORCPT ); Tue, 31 May 2022 03:42:17 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:41504 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S244599AbiEaHmG (ORCPT ); Tue, 31 May 2022 03:42:06 -0400 Received: from us-smtp-delivery-44.mimecast.com (us-smtp-delivery-44.mimecast.com [205.139.111.44]) by lindbergh.monkeyblade.net (Postfix) with ESMTP id 3731914017 for ; Tue, 31 May 2022 00:41:52 -0700 (PDT) Received: from mimecast-mx02.redhat.com (mx3-rdu2.redhat.com [66.187.233.73]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id us-mta-270-b_X-esbRNaGrXcNdhl4XRQ-1; Tue, 31 May 2022 03:41:50 -0400 X-MC-Unique: b_X-esbRNaGrXcNdhl4XRQ-1 Received: from smtp.corp.redhat.com (int-mx07.intmail.prod.int.rdu2.redhat.com [10.11.54.7]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx02.redhat.com (Postfix) with ESMTPS id DF4DA29AB3F9; Tue, 31 May 2022 07:41:49 +0000 (UTC) Received: from localhost.localdomain.com (unknown [10.64.242.153]) by smtp.corp.redhat.com (Postfix) with ESMTP id 7C1EF1410F36; Tue, 31 May 2022 07:41:47 +0000 (UTC) From: Gopal Tiwari To: linux-bluetooth@vger.kernel.org Cc: luiz.dentz@gmail.com, gtiwari@redhat.com Subject: [Bluez V2 08/13] Fixing resource leak in mesh/mesh-db.c Date: Tue, 31 May 2022 13:11:12 +0530 Message-Id: <20220531074117.610321-9-gopalkrishna.tiwari@gmail.com> In-Reply-To: <20220531074117.610321-1-gopalkrishna.tiwari@gmail.com> References: <20220531074117.610321-1-gopalkrishna.tiwari@gmail.com> MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.85 on 10.11.54.7 Precedence: bulk List-ID: X-Mailing-List: linux-bluetooth@vger.kernel.org From: Gopal Tiwari While performing static tool analysis using coverity found following reports for resouse leak bluez-5.64/tools/mesh/mesh-db.c:2388: leaked_handle: Handle variable "fd" going out of scope leaks the handle. bluez-5.64/tools/mesh/mesh-db.c:2388: leaked_storage: Variable "str" going out of scope leaks the storage it points to. Signed-off-by: Gopal Tiwari --- tools/mesh/mesh-db.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/tools/mesh/mesh-db.c b/tools/mesh/mesh-db.c index fa11837df..896ff722c 100644 --- a/tools/mesh/mesh-db.c +++ b/tools/mesh/mesh-db.c @@ -2384,6 +2384,8 @@ bool mesh_db_load(const char *fname) sz = read(fd, str, st.st_size); if (sz != st.st_size) { + close(fd); + l_free(str); l_error("Failed to read configuration file %s", fname); return false; } From patchwork Tue May 31 07:41:13 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Gopal Tiwari X-Patchwork-Id: 577491 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id F1FAEC433EF for ; Tue, 31 May 2022 07:42:11 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S244581AbiEaHmK (ORCPT ); Tue, 31 May 2022 03:42:10 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:41274 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S244587AbiEaHmD (ORCPT ); Tue, 31 May 2022 03:42:03 -0400 Received: from us-smtp-delivery-44.mimecast.com (us-smtp-delivery-44.mimecast.com [207.211.30.44]) by lindbergh.monkeyblade.net (Postfix) with ESMTP id 2D996140D7 for ; Tue, 31 May 2022 00:41:57 -0700 (PDT) Received: from mimecast-mx02.redhat.com (mimecast-mx02.redhat.com [66.187.233.88]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id us-mta-605-RKOck1zFMSCF8Af9P1sbJg-1; Tue, 31 May 2022 03:41:53 -0400 X-MC-Unique: RKOck1zFMSCF8Af9P1sbJg-1 Received: from smtp.corp.redhat.com (int-mx07.intmail.prod.int.rdu2.redhat.com [10.11.54.7]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx02.redhat.com (Postfix) with ESMTPS id 2091918F0269; Tue, 31 May 2022 07:41:53 +0000 (UTC) Received: from localhost.localdomain.com (unknown [10.64.242.153]) by smtp.corp.redhat.com (Postfix) with ESMTP id B6DC71410F37; Tue, 31 May 2022 07:41:50 +0000 (UTC) From: Gopal Tiwari To: linux-bluetooth@vger.kernel.org Cc: luiz.dentz@gmail.com, gtiwari@redhat.com Subject: [Bluez V2 09/13] Fixing leaked_handle in obex-client-tool.c Date: Tue, 31 May 2022 13:11:13 +0530 Message-Id: <20220531074117.610321-10-gopalkrishna.tiwari@gmail.com> In-Reply-To: <20220531074117.610321-1-gopalkrishna.tiwari@gmail.com> References: <20220531074117.610321-1-gopalkrishna.tiwari@gmail.com> MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.85 on 10.11.54.7 Precedence: bulk List-ID: X-Mailing-List: linux-bluetooth@vger.kernel.org From: Gopal Tiwari While performing static tool analysis using coverity found following reports for resouse leak bluez-5.64/tools/obex-client-tool.c:315: leaked_handle: Handle variable "sk" going out of scope leaks the handle. Signed-off-by: Gopal Tiwari --- tools/obex-client-tool.c | 1 + 1 file changed, 1 insertion(+) diff --git a/tools/obex-client-tool.c b/tools/obex-client-tool.c index ab9332896..cb0e41247 100644 --- a/tools/obex-client-tool.c +++ b/tools/obex-client-tool.c @@ -312,6 +312,7 @@ static GIOChannel *unix_connect(GObexTransportType transport) if (connect(sk, (struct sockaddr *) &addr, sizeof(addr)) < 0) { err = errno; g_printerr("connect: %s (%d)\n", strerror(err), err); + close(sk); return NULL; } From patchwork Tue May 31 07:41:14 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Gopal Tiwari X-Patchwork-Id: 578240 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 6CEFAC433F5 for ; Tue, 31 May 2022 07:42:13 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S240481AbiEaHmL (ORCPT ); Tue, 31 May 2022 03:42:11 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:41276 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S244588AbiEaHmD (ORCPT ); Tue, 31 May 2022 03:42:03 -0400 Received: from us-smtp-delivery-44.mimecast.com (us-smtp-delivery-44.mimecast.com [205.139.111.44]) by lindbergh.monkeyblade.net (Postfix) with ESMTP id 193C417054 for ; Tue, 31 May 2022 00:41:59 -0700 (PDT) Received: from mimecast-mx02.redhat.com (mx3-rdu2.redhat.com [66.187.233.73]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id us-mta-502-SoPxMpqFPm-69KalcedRPQ-1; Tue, 31 May 2022 03:41:56 -0400 X-MC-Unique: SoPxMpqFPm-69KalcedRPQ-1 Received: from smtp.corp.redhat.com (int-mx07.intmail.prod.int.rdu2.redhat.com [10.11.54.7]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx02.redhat.com (Postfix) with ESMTPS id 4C5A33C138A8; Tue, 31 May 2022 07:41:56 +0000 (UTC) Received: from localhost.localdomain.com (unknown [10.64.242.153]) by smtp.corp.redhat.com (Postfix) with ESMTP id 0A75F1415100; Tue, 31 May 2022 07:41:53 +0000 (UTC) From: Gopal Tiwari To: linux-bluetooth@vger.kernel.org Cc: luiz.dentz@gmail.com, gtiwari@redhat.com Subject: [Bluez V2 10/13] Fixing use after free in src/device.c Date: Tue, 31 May 2022 13:11:14 +0530 Message-Id: <20220531074117.610321-11-gopalkrishna.tiwari@gmail.com> In-Reply-To: <20220531074117.610321-1-gopalkrishna.tiwari@gmail.com> References: <20220531074117.610321-1-gopalkrishna.tiwari@gmail.com> MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.85 on 10.11.54.7 Precedence: bulk List-ID: X-Mailing-List: linux-bluetooth@vger.kernel.org From: Gopal Tiwari Following traces reported by covirty tool Error: USE_AFTER_FREE (CWE-416): bluez-5.64/src/device.c:2962: path: Condition "!dbus_message_get_args(msg, NULL, 0 /* (int)0 */)", taking false branch. bluez-5.64/src/device.c:2965: path: Condition "device->bonding", taking false branch. bluez-5.64/src/device.c:2968: path: Condition "device->bredr_state.bonded", taking true branch. bluez-5.64/src/device.c:2969: path: Falling through to end of if statement. bluez-5.64/src/device.c:2977: path: Condition "state->bonded", taking false branch. bluez-5.64/src/device.c:2983: path: Condition "agent", taking true branch. bluez-5.64/src/device.c:2984: path: Falling through to end of if statement. bluez-5.64/src/device.c:2990: path: Condition "agent", taking true branch. bluez-5.64/src/device.c:3005: path: Condition "bdaddr_type != 0", taking true branch. bluez-5.64/src/device.c:3006: path: Condition "!state->connected", taking true branch. bluez-5.64/src/device.c:3006: path: Condition "btd_le_connect_before_pairing()", taking true branch. bluez-5.64/src/device.c:3007: freed_arg: "device_connect_le" frees "device->bonding". bluez-5.64/src/device.c:3007: path: Falling through to end of if statement. bluez-5.64/src/device.c:3012: path: Falling through to end of if statement. bluez-5.64/src/device.c:3017: path: Condition "err < 0", taking true branch. bluez-5.64/src/device.c:3018: double_free: Calling "bonding_request_free" frees pointer "device->bonding" which has already been freed. Signed-off-by: Gopal Tiwari --- src/device.c | 1 + 1 file changed, 1 insertion(+) diff --git a/src/device.c b/src/device.c index 8dc12d026..a0e5d40db 100644 --- a/src/device.c +++ b/src/device.c @@ -2942,6 +2942,7 @@ static void bonding_request_free(struct bonding_req *bonding) bonding->device->bonding = NULL; g_free(bonding); + bonding = NULL; } static DBusMessage *pair_device(DBusConnection *conn, DBusMessage *msg, From patchwork Tue May 31 07:41:15 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Gopal Tiwari X-Patchwork-Id: 577490 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 2BC23C433F5 for ; Tue, 31 May 2022 07:42:15 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S244588AbiEaHmN (ORCPT ); Tue, 31 May 2022 03:42:13 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:41438 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S244583AbiEaHmF (ORCPT ); Tue, 31 May 2022 03:42:05 -0400 Received: from us-smtp-delivery-44.mimecast.com (us-smtp-delivery-44.mimecast.com [207.211.30.44]) by lindbergh.monkeyblade.net (Postfix) with ESMTP id 67F00140C1 for ; Tue, 31 May 2022 00:42:03 -0700 (PDT) Received: from mimecast-mx02.redhat.com (mx3-rdu2.redhat.com [66.187.233.73]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id us-mta-505-0oHKXtoTPhyG3Lw_9NdErQ-1; Tue, 31 May 2022 03:42:00 -0400 X-MC-Unique: 0oHKXtoTPhyG3Lw_9NdErQ-1 Received: from smtp.corp.redhat.com (int-mx07.intmail.prod.int.rdu2.redhat.com [10.11.54.7]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx02.redhat.com (Postfix) with ESMTPS id 194293C138A4; Tue, 31 May 2022 07:42:00 +0000 (UTC) Received: from localhost.localdomain.com (unknown [10.64.242.153]) by smtp.corp.redhat.com (Postfix) with ESMTP id 4DC421415100; Tue, 31 May 2022 07:41:56 +0000 (UTC) From: Gopal Tiwari To: linux-bluetooth@vger.kernel.org Cc: luiz.dentz@gmail.com, gtiwari@redhat.com Subject: [Bluez V2 11/13] Fixing memory leak in pbap.c Date: Tue, 31 May 2022 13:11:15 +0530 Message-Id: <20220531074117.610321-12-gopalkrishna.tiwari@gmail.com> In-Reply-To: <20220531074117.610321-1-gopalkrishna.tiwari@gmail.com> References: <20220531074117.610321-1-gopalkrishna.tiwari@gmail.com> MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.85 on 10.11.54.7 Precedence: bulk List-ID: X-Mailing-List: linux-bluetooth@vger.kernel.org From: Gopal Tiwari Reported by coverity tool as follows: bluez-5.64/obexd/client/pbap.c:929: leaked_storage: Variable "apparam" going out of scope leaks the storage it points to. Signed-off-by: Gopal Tiwari --- obexd/client/pbap.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/obexd/client/pbap.c b/obexd/client/pbap.c index 1a2bacc9f..1ed8c68ec 100644 --- a/obexd/client/pbap.c +++ b/obexd/client/pbap.c @@ -925,10 +925,11 @@ static DBusMessage *pbap_search(DBusConnection *connection, return g_dbus_create_error(message, ERROR_INTERFACE ".InvalidArguments", NULL); - if (dbus_message_iter_get_arg_type(&args) != DBUS_TYPE_STRING) + if (dbus_message_iter_get_arg_type(&args) != DBUS_TYPE_STRING) { + g_obex_apparam_free(apparam); return g_dbus_create_error(message, ERROR_INTERFACE ".InvalidArguments", NULL); - + } dbus_message_iter_get_basic(&args, &value); dbus_message_iter_next(&args); From patchwork Tue May 31 07:41:16 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Gopal Tiwari X-Patchwork-Id: 578238 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id AC105C4332F for ; Tue, 31 May 2022 07:42:18 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S244592AbiEaHmS (ORCPT ); Tue, 31 May 2022 03:42:18 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:41530 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S244563AbiEaHmI (ORCPT ); Tue, 31 May 2022 03:42:08 -0400 Received: from us-smtp-delivery-44.mimecast.com (us-smtp-delivery-44.mimecast.com [205.139.111.44]) by lindbergh.monkeyblade.net (Postfix) with ESMTP id C37B1A1A1 for ; Tue, 31 May 2022 00:42:07 -0700 (PDT) Received: from mimecast-mx02.redhat.com (mimecast-mx02.redhat.com [66.187.233.88]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id us-mta-510-vheDCN5XMACcpq9-KRT4Bg-1; Tue, 31 May 2022 03:42:03 -0400 X-MC-Unique: vheDCN5XMACcpq9-KRT4Bg-1 Received: from smtp.corp.redhat.com (int-mx07.intmail.prod.int.rdu2.redhat.com [10.11.54.7]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx02.redhat.com (Postfix) with ESMTPS id 32F28101A54E; Tue, 31 May 2022 07:42:03 +0000 (UTC) Received: from localhost.localdomain.com (unknown [10.64.242.153]) by smtp.corp.redhat.com (Postfix) with ESMTP id 032ED1410DDB; Tue, 31 May 2022 07:42:00 +0000 (UTC) From: Gopal Tiwari To: linux-bluetooth@vger.kernel.org Cc: luiz.dentz@gmail.com, gtiwari@redhat.com Subject: [Bluez V2 12/13] Fixing possible use_after_free in meshctl.c Date: Tue, 31 May 2022 13:11:16 +0530 Message-Id: <20220531074117.610321-13-gopalkrishna.tiwari@gmail.com> In-Reply-To: <20220531074117.610321-1-gopalkrishna.tiwari@gmail.com> References: <20220531074117.610321-1-gopalkrishna.tiwari@gmail.com> MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.85 on 10.11.54.7 Precedence: bulk List-ID: X-Mailing-List: linux-bluetooth@vger.kernel.org From: Gopal Tiwari Reported by coverity tool as follows : bluez-5.64/tools/meshctl.c:1968: freed_arg: "g_free" frees "mesh_dir". bluez-5.64/tools/meshctl.c:2018: double_free: Calling "g_free" frees pointer "mesh_dir" which has already been freed. Signed-off-by: Gopal Tiwari --- tools/meshctl.c | 1 - 1 file changed, 1 deletion(-) diff --git a/tools/meshctl.c b/tools/meshctl.c index 18e20c40d..38ffd35f3 100644 --- a/tools/meshctl.c +++ b/tools/meshctl.c @@ -2015,7 +2015,6 @@ int main(int argc, char *argv[]) fail: bt_shell_cleanup(); - g_free(mesh_dir); return EXIT_FAILURE; } From patchwork Tue May 31 07:41:17 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Gopal Tiwari X-Patchwork-Id: 577488 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id BF78AC433FE for ; Tue, 31 May 2022 07:42:19 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S244594AbiEaHmS (ORCPT ); Tue, 31 May 2022 03:42:18 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:41880 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S244586AbiEaHmM (ORCPT ); Tue, 31 May 2022 03:42:12 -0400 Received: from us-smtp-delivery-44.mimecast.com (us-smtp-delivery-44.mimecast.com [207.211.30.44]) by lindbergh.monkeyblade.net (Postfix) with ESMTP id 40A3D1583F for ; Tue, 31 May 2022 00:42:11 -0700 (PDT) Received: from mimecast-mx02.redhat.com (mx3-rdu2.redhat.com [66.187.233.73]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id us-mta-449-uridecpLN46ZueG31aqoTw-1; Tue, 31 May 2022 03:42:06 -0400 X-MC-Unique: uridecpLN46ZueG31aqoTw-1 Received: from smtp.corp.redhat.com (int-mx07.intmail.prod.int.rdu2.redhat.com [10.11.54.7]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx02.redhat.com (Postfix) with ESMTPS id 8604D2809CA5; Tue, 31 May 2022 07:42:06 +0000 (UTC) Received: from localhost.localdomain.com (unknown [10.64.242.153]) by smtp.corp.redhat.com (Postfix) with ESMTP id 130801410F36; Tue, 31 May 2022 07:42:03 +0000 (UTC) From: Gopal Tiwari To: linux-bluetooth@vger.kernel.org Cc: luiz.dentz@gmail.com, gtiwari@redhat.com Subject: [Bluez V2 13/13] Fixing use_after_free in prov-db.c Date: Tue, 31 May 2022 13:11:17 +0530 Message-Id: <20220531074117.610321-14-gopalkrishna.tiwari@gmail.com> In-Reply-To: <20220531074117.610321-1-gopalkrishna.tiwari@gmail.com> References: <20220531074117.610321-1-gopalkrishna.tiwari@gmail.com> MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.85 on 10.11.54.7 Precedence: bulk List-ID: X-Mailing-List: linux-bluetooth@vger.kernel.org From: Gopal Tiwari Following scenario happens when prov is false and we have double free as mentioned in the below bluez-5.64/tools/mesh-gatt/prov-db.c:847: freed_arg: "g_free" frees "in_str". bluez-5.64/tools/mesh-gatt/prov-db.c:867: double_free: Calling "g_free" frees pointer "in_str" which has already been freed. Signed-off-by: Gopal Tiwari --- tools/mesh-gatt/prov-db.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/tools/mesh-gatt/prov-db.c b/tools/mesh-gatt/prov-db.c index 2fb08f799..a5b6997e0 100644 --- a/tools/mesh-gatt/prov-db.c +++ b/tools/mesh-gatt/prov-db.c @@ -859,7 +859,8 @@ bool prov_db_local_set_iv_index(uint32_t iv_index, bool update, bool prov) set_local_iv_index(jmain, iv_index, update); prov_file_write(jmain, false); - } + } else + return true; res = true; done: