Date: Tue, 1 Dec 2009 19:31:13 +0000 (GMT) From: Iain Hibbert <plunky@rya-online.net> To: freebsd-bluetooth@freebsd.org Subject: obexapp patches for type-punning Message-ID: <1259695873.086896.28523.nullmailer@galant.ukfsn.org> In-Reply-To: <1259694948.961003.27487.nullmailer@galant.ukfsn.org> References: <20091201125054.44a00147@zelz27> <1259694948.961003.27487.nullmailer@galant.ukfsn.org>
next in thread | previous in thread | raw e-mail | index | archive | help
Hi,
while on the subject of obexapp, I have a patch to remove some annoying
'type punning' compilation errors that gcc spits out that I'm not totally
sure are valid, but see below anyway..
I don't understand the OBEX protocol or libopenobex enough to know if it
is possible, but the last case also removes a potential NULL dereference -
if the OBEX_ObjectGetNonHdrData() fails to recover a proper data, an error
is logged but it carries on and hdr->flags might cause a segfault?
iain
--- ~client.c 2009-04-10 00:16:31.000000000 +0100
+++ client.c 2009-12-01 16:44:49.000000000 +0000
@@ -1219,10 +1219,10 @@ obexapp_client_request_connect_done(obex
int obex_rsp)
{
context_p context = (context_p) OBEX_GetUserData(handle);
- obex_connect_hdr_t *hdr = NULL;
obex_headerdata_t hv;
uint8_t hi;
uint32_t hlen;
+ uint8_t *data = NULL;
log_debug("%s(): Connect completed, response %#x", __func__, obex_rsp);
@@ -1232,10 +1232,12 @@ obexapp_client_request_connect_done(obex
if (obex_rsp != OBEX_RSP_SUCCESS)
return (obex_rsp);
- if (OBEX_ObjectGetNonHdrData(object, (uint8_t **) &hdr) == sizeof(*hdr))
+ if (OBEX_ObjectGetNonHdrData(object, &data) == sizeof(obex_connect_hdr_t))
log_debug("%s(): OBEX connect header: " \
"version=%#x, flags=%#x, mtu=%d", __func__,
- hdr->version, hdr->flags, ntohs(hdr->mtu));
+ ((obex_connect_hdr_t *)data)->version,
+ ((obex_connect_hdr_t *)data)->flags,
+ ntohs(((obex_connect_hdr_t *)data)->mtu));
else
log_err("%s(): Invalid OBEX connect header?!", __func__);
--- ~server.c 2009-08-20 22:57:18.000000000 +0100
+++ server.c 2009-12-01 16:57:08.000000000 +0000
@@ -471,19 +471,21 @@ static int
obexapp_server_request_connect(obex_t *handle, obex_object_t *object,
__unused int obex_rsp)
{
- obex_connect_hdr_t *hdr = NULL;
obex_headerdata_t hv;
uint8_t hi;
uint32_t hlen;
uint8_t const *target = NULL;
int target_len = 0;
+ uint8_t *data = NULL;
log_debug("%s()", __func__);
- if (OBEX_ObjectGetNonHdrData(object, (uint8_t **) &hdr) == sizeof(*hdr))
+ if (OBEX_ObjectGetNonHdrData(object, &data) == sizeof(obex_connect_hdr_t))
log_debug("%s(): OBEX connect header: version=%#x, " \
- "flags=%#x, mtu=%d", __func__, hdr->version, hdr->flags,
- ntohs(hdr->mtu));
+ "flags=%#x, mtu=%d", __func__,
+ ((obex_connect_hdr_t *)data)->version,
+ ((obex_connect_hdr_t *)data)->flags,
+ ntohs(((obex_connect_hdr_t *)data)->mtu));
else
log_err("%s(): Invalid OBEX connect header?!", __func__);
@@ -1086,20 +1088,22 @@ obexapp_server_request_setpath(obex_t *h
__unused int obex_rsp)
{
context_p context = (context_p) OBEX_GetUserData(handle);
- obex_setpath_hdr_t *hdr = NULL;
obex_headerdata_t hv;
uint8_t hi;
uint32_t hlen;
int got_name = 0;
+ uint8_t *data = NULL;
+ uint8_t flags = 0;
log_debug("%s()", __func__);
context->file[0] = '\0';
- if (OBEX_ObjectGetNonHdrData(object, (uint8_t **) &hdr) == sizeof(*hdr))
+ if (OBEX_ObjectGetNonHdrData(object, &data) == sizeof(obex_setpath_hdr_t)) {
+ flags = ((obex_setpath_hdr_t *)data)->flags;
log_debug("%s(): OBEX setpath header: flags=%#x, constants=%d",
- __func__, hdr->flags, hdr->constants);
- else
+ __func__, flags, ((obex_setpath_hdr_t *)data)->constants);
+ } else
log_err("%s(): Invalid OBEX setpath header?!", __func__);
while (OBEX_ObjectGetNextHeader(handle, object, &hi, &hv, &hlen)) {
@@ -1145,15 +1149,14 @@ obexapp_server_request_setpath(obex_t *h
}
if (!got_name) {
-
/*
* No name and flags == 0x3 (back up one level + don't create
* directory) means "cd ..". Everything else is forbidden.
*/
- if (hdr->flags != 0x3) {
+ if (flags != 0x3) {
log_err("%s(): Invalid flags for 'cd ..', flags=%#x",
- __func__, hdr->flags);
+ __func__, flags);
return (OBEXAPP_PACK_RSP_CODES(OBEX_RSP_FORBIDDEN,
OBEX_RSP_FORBIDDEN));
@@ -1169,9 +1172,9 @@ obexapp_server_request_setpath(obex_t *h
* 'cd /'. Everything else is forbidden
*/
- if (hdr->flags != 0x2) {
+ if (flags != 0x2) {
log_err("%s(): Invalid flags for 'cd /', flags=%#x",
- __func__, hdr->flags);
+ __func__, flags);
return (OBEXAPP_PACK_RSP_CODES(OBEX_RSP_FORBIDDEN,
OBEX_RSP_FORBIDDEN));
@@ -1180,7 +1183,7 @@ obexapp_server_request_setpath(obex_t *h
strlcpy(context->file, context->root, PATH_MAX);
}
- if (hdr->flags == 0) {
+ if (flags == 0) {
if (mkdir(context->file, 0755) < 0 && errno != EEXIST) {
log_err("%s(): mkdir(%s) failed. %s (%d)",
__func__, context->file,
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?1259695873.086896.28523.nullmailer>