From owner-freebsd-bluetooth@FreeBSD.ORG  Tue Dec  1 19:30:49 2009
Return-Path: <owner-freebsd-bluetooth@FreeBSD.ORG>
Delivered-To: freebsd-bluetooth@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 0052F106566C
	for <freebsd-bluetooth@freebsd.org>;
	Tue,  1 Dec 2009 19:30:48 +0000 (UTC)
	(envelope-from plunky@rya-online.net)
Received: from smtp5.freeserve.com (smtp5.freeserve.com [193.252.22.159])
	by mx1.freebsd.org (Postfix) with ESMTP id 923988FC08
	for <freebsd-bluetooth@freebsd.org>;
	Tue,  1 Dec 2009 19:30:48 +0000 (UTC)
Received: from me-wanadoo.net (localhost [127.0.0.1])
	by mwinf3402.me.freeserve.com (SMTP Server) with ESMTP id EAA931C00090
	for <freebsd-bluetooth@freebsd.org>;
	Tue,  1 Dec 2009 20:30:46 +0100 (CET)
Received: from me-wanadoo.net (localhost [127.0.0.1])
	by mwinf3402.me.freeserve.com (SMTP Server) with ESMTP id DDE411C00092
	for <freebsd-bluetooth@freebsd.org>;
	Tue,  1 Dec 2009 20:30:46 +0100 (CET)
Received: from rya-online.net (unknown [89.194.129.131])
	by mwinf3402.me.freeserve.com (SMTP Server) with SMTP id A408E1C00090
	for <freebsd-bluetooth@freebsd.org>;
	Tue,  1 Dec 2009 20:30:45 +0100 (CET)
X-ME-UUID: 20091201193045671.A408E1C00090@mwinf3402.me.freeserve.com
Received: (nullmailer pid 5097 invoked by uid 1000);
	Tue, 01 Dec 2009 19:31:13 -0000
Date: Tue, 1 Dec 2009 19:31:13 +0000 (GMT)
To: freebsd-bluetooth@freebsd.org
In-Reply-To: <1259694948.961003.27487.nullmailer@galant.ukfsn.org>
References: <20091201125054.44a00147@zelz27>
	<1259694948.961003.27487.nullmailer@galant.ukfsn.org>
User-Agent: Alpine 2.00 (NEB 1167 2008-08-23)
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Message-Id: <1259695873.086896.28523.nullmailer@galant.ukfsn.org>
From: Iain Hibbert <plunky@rya-online.net>
Subject: obexapp patches for type-punning
X-BeenThere: freebsd-bluetooth@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Using Bluetooth in FreeBSD environments
	<freebsd-bluetooth.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-bluetooth>, 
	<mailto:freebsd-bluetooth-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-bluetooth>
List-Post: <mailto:freebsd-bluetooth@freebsd.org>
List-Help: <mailto:freebsd-bluetooth-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-bluetooth>, 
	<mailto:freebsd-bluetooth-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 01 Dec 2009 19:30:49 -0000

Hi,

while on the subject of obexapp, I have a patch to remove some annoying
'type punning' compilation errors that gcc spits out that I'm not totally
sure are valid, but see below anyway..

I don't understand the OBEX protocol or libopenobex enough to know if it
is possible, but the last case also removes a potential NULL dereference -
if the OBEX_ObjectGetNonHdrData() fails to recover a proper data, an error
is logged but it carries on and hdr->flags might cause a segfault?

iain

--- ~client.c	2009-04-10 00:16:31.000000000 +0100
+++ client.c	2009-12-01 16:44:49.000000000 +0000
@@ -1219,10 +1219,10 @@ obexapp_client_request_connect_done(obex
 		int obex_rsp)
 {
 	context_p		 context = (context_p) OBEX_GetUserData(handle);
-	obex_connect_hdr_t      *hdr = NULL;
 	obex_headerdata_t	 hv;
 	uint8_t			 hi;
 	uint32_t		 hlen;
+	uint8_t			*data = NULL;

 	log_debug("%s(): Connect completed, response %#x", __func__, obex_rsp);

@@ -1232,10 +1232,12 @@ obexapp_client_request_connect_done(obex
 	if (obex_rsp != OBEX_RSP_SUCCESS)
 		return (obex_rsp);

-	if (OBEX_ObjectGetNonHdrData(object, (uint8_t **) &hdr) == sizeof(*hdr))
+	if (OBEX_ObjectGetNonHdrData(object, &data) == sizeof(obex_connect_hdr_t))
 		log_debug("%s(): OBEX connect header: " \
 			"version=%#x, flags=%#x, mtu=%d", __func__,
-			hdr->version, hdr->flags, ntohs(hdr->mtu));
+			((obex_connect_hdr_t *)data)->version,
+			((obex_connect_hdr_t *)data)->flags,
+			ntohs(((obex_connect_hdr_t *)data)->mtu));
 	else
 		log_err("%s(): Invalid OBEX connect header?!", __func__);

--- ~server.c	2009-08-20 22:57:18.000000000 +0100
+++ server.c	2009-12-01 16:57:08.000000000 +0000
@@ -471,19 +471,21 @@ static int
 obexapp_server_request_connect(obex_t *handle, obex_object_t *object,
 		__unused int obex_rsp)
 {
-	obex_connect_hdr_t      *hdr = NULL;
 	obex_headerdata_t	 hv;
 	uint8_t			 hi;
 	uint32_t		 hlen;
 	uint8_t const		*target = NULL;
 	int			 target_len = 0;
+	uint8_t			*data = NULL;

 	log_debug("%s()", __func__);

-	if (OBEX_ObjectGetNonHdrData(object, (uint8_t **) &hdr) == sizeof(*hdr))
+	if (OBEX_ObjectGetNonHdrData(object, &data) == sizeof(obex_connect_hdr_t))
 		log_debug("%s(): OBEX connect header: version=%#x, " \
-			"flags=%#x, mtu=%d", __func__, hdr->version, hdr->flags,
-			ntohs(hdr->mtu));
+			"flags=%#x, mtu=%d", __func__,
+			((obex_connect_hdr_t *)data)->version,
+			((obex_connect_hdr_t *)data)->flags,
+			ntohs(((obex_connect_hdr_t *)data)->mtu));
 	else
 		log_err("%s(): Invalid OBEX connect header?!", __func__);

@@ -1086,20 +1088,22 @@ obexapp_server_request_setpath(obex_t *h
 		__unused int obex_rsp)
 {
 	context_p		 context = (context_p) OBEX_GetUserData(handle);
-	obex_setpath_hdr_t	*hdr = NULL;
 	obex_headerdata_t	 hv;
 	uint8_t			 hi;
 	uint32_t		 hlen;
 	int			 got_name = 0;
+	uint8_t			*data = NULL;
+	uint8_t			 flags = 0;

 	log_debug("%s()", __func__);

 	context->file[0] = '\0';

-	if (OBEX_ObjectGetNonHdrData(object, (uint8_t **) &hdr) == sizeof(*hdr))
+	if (OBEX_ObjectGetNonHdrData(object, &data) == sizeof(obex_setpath_hdr_t)) {
+		flags = ((obex_setpath_hdr_t *)data)->flags;
                 log_debug("%s(): OBEX setpath header: flags=%#x, constants=%d",
-			__func__, hdr->flags, hdr->constants);
-	else
+			__func__, flags, ((obex_setpath_hdr_t *)data)->constants);
+	} else
 		log_err("%s(): Invalid OBEX setpath header?!", __func__);

 	while (OBEX_ObjectGetNextHeader(handle, object, &hi, &hv, &hlen)) {
@@ -1145,15 +1149,14 @@ obexapp_server_request_setpath(obex_t *h
 	}

 	if (!got_name) {
-
 		/*
 		 * No name and flags == 0x3 (back up one level + don't create
 		 * directory) means "cd ..". Everything else is forbidden.
 		 */

-		if (hdr->flags != 0x3) {
+		if (flags != 0x3) {
 			log_err("%s(): Invalid flags for 'cd ..', flags=%#x",
-				__func__, hdr->flags);
+				__func__, flags);

 			return (OBEXAPP_PACK_RSP_CODES(OBEX_RSP_FORBIDDEN,
 							OBEX_RSP_FORBIDDEN));
@@ -1169,9 +1172,9 @@ obexapp_server_request_setpath(obex_t *h
 		 * 'cd /'. Everything else is forbidden
 		 */

-		if (hdr->flags != 0x2) {
+		if (flags != 0x2) {
 			log_err("%s(): Invalid flags for 'cd /', flags=%#x",
-				__func__, hdr->flags);
+				__func__, flags);

 			return (OBEXAPP_PACK_RSP_CODES(OBEX_RSP_FORBIDDEN,
 							OBEX_RSP_FORBIDDEN));
@@ -1180,7 +1183,7 @@ obexapp_server_request_setpath(obex_t *h
 		strlcpy(context->file, context->root, PATH_MAX);
 	}

-	if (hdr->flags == 0) {
+	if (flags == 0) {
 		if (mkdir(context->file, 0755) < 0 && errno != EEXIST) {
 			log_err("%s(): mkdir(%s) failed. %s (%d)",
 				__func__, context->file,