You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@mynewt.apache.org by cc...@apache.org on 2017/02/01 19:14:40 UTC
[1/5] incubator-mynewt-core git commit: nimble/sm: Fix out of bound
access with logs enabled
Repository: incubator-mynewt-core
Updated Branches:
refs/heads/develop 80ed11d38 -> 311154e77
nimble/sm: Fix out of bound access with logs enabled
TK is 16 bytes long.
Project: http://git-wip-us.apache.org/repos/asf/incubator-mynewt-core/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-mynewt-core/commit/98f2a201
Tree: http://git-wip-us.apache.org/repos/asf/incubator-mynewt-core/tree/98f2a201
Diff: http://git-wip-us.apache.org/repos/asf/incubator-mynewt-core/diff/98f2a201
Branch: refs/heads/develop
Commit: 98f2a20120ebd397f6e1cf14a16ec35e65936fe0
Parents: 876af60
Author: Szymon Janc <sz...@codecoup.pl>
Authored: Mon Jan 30 16:06:06 2017 +0100
Committer: Szymon Janc <sz...@codecoup.pl>
Committed: Mon Jan 30 16:08:03 2017 +0100
----------------------------------------------------------------------
net/nimble/host/src/ble_sm_sc.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/incubator-mynewt-core/blob/98f2a201/net/nimble/host/src/ble_sm_sc.c
----------------------------------------------------------------------
diff --git a/net/nimble/host/src/ble_sm_sc.c b/net/nimble/host/src/ble_sm_sc.c
index 32806b0..b751a0b 100644
--- a/net/nimble/host/src/ble_sm_sc.c
+++ b/net/nimble/host/src/ble_sm_sc.c
@@ -429,7 +429,7 @@ ble_sm_sc_random_rx(struct ble_sm_proc *proc, struct ble_sm_result *res)
ble_sm_sc_responder_verifies_random(proc)) {
BLE_HS_LOG(DEBUG, "tk=");
- ble_hs_log_flat_buf(proc->tk, 32);
+ ble_hs_log_flat_buf(proc->tk, 16);
BLE_HS_LOG(DEBUG, "\n");
rc = ble_sm_alg_f4(proc->pub_key_peer.x, ble_sm_sc_pub_key.u8,
@@ -720,7 +720,7 @@ ble_sm_dhkey_check_process(struct ble_sm_proc *proc,
&peer_id_addr_type,
&peer_ota_addr);
BLE_HS_LOG(DEBUG, "tk=");
- ble_hs_log_flat_buf(proc->tk, 32);
+ ble_hs_log_flat_buf(proc->tk, 16);
BLE_HS_LOG(DEBUG, "\n");
res->app_status = ble_sm_alg_f6(proc->mackey,
[3/5] incubator-mynewt-core git commit: nimble/hci: Fix passing
uninitialized data
Posted by cc...@apache.org.
nimble/hci: Fix passing uninitialized data
In ble_hs_hci_evt_le_dir_adv_rpt function desc.length_data was passed
uninitialized to ble_gap_rx_adv_report. While it shouldn't be access
if desc.data is NULL it is better to just initialize it to 0.
Project: http://git-wip-us.apache.org/repos/asf/incubator-mynewt-core/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-mynewt-core/commit/4e7d5834
Tree: http://git-wip-us.apache.org/repos/asf/incubator-mynewt-core/tree/4e7d5834
Diff: http://git-wip-us.apache.org/repos/asf/incubator-mynewt-core/diff/4e7d5834
Branch: refs/heads/develop
Commit: 4e7d583466b6bd3917e984eb47d8b06f2e20c353
Parents: 1c49145
Author: Szymon Janc <sz...@codecoup.pl>
Authored: Mon Jan 30 16:43:37 2017 +0100
Committer: Szymon Janc <sz...@codecoup.pl>
Committed: Mon Jan 30 16:43:37 2017 +0100
----------------------------------------------------------------------
net/nimble/host/src/ble_hs_hci_evt.c | 1 +
1 file changed, 1 insertion(+)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/incubator-mynewt-core/blob/4e7d5834/net/nimble/host/src/ble_hs_hci_evt.c
----------------------------------------------------------------------
diff --git a/net/nimble/host/src/ble_hs_hci_evt.c b/net/nimble/host/src/ble_hs_hci_evt.c
index 4305124..d622950 100644
--- a/net/nimble/host/src/ble_hs_hci_evt.c
+++ b/net/nimble/host/src/ble_hs_hci_evt.c
@@ -434,6 +434,7 @@ ble_hs_hci_evt_le_dir_adv_rpt(uint8_t subevent, uint8_t *data, int len)
/* Data fields not present in a direct advertising report. */
desc.data = NULL;
+ desc.length_data = 0;
for (i = 0; i < num_reports; i++) {
suboff = 0;
[5/5] incubator-mynewt-core git commit: This closes #170.
Posted by cc...@apache.org.
This closes #170.
Merge remote-tracking branch 'sjanc/fixes' into develop
* sjanc/fixes:
nimble/gatts: Fix use of uninitialized variable
nimble/hci: Fix passing uninitialized data
nimble/l2cap: Fix possible NULL pointer dereference
nimble/sm: Fix out of bound access with logs enabled
Project: http://git-wip-us.apache.org/repos/asf/incubator-mynewt-core/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-mynewt-core/commit/311154e7
Tree: http://git-wip-us.apache.org/repos/asf/incubator-mynewt-core/tree/311154e7
Diff: http://git-wip-us.apache.org/repos/asf/incubator-mynewt-core/diff/311154e7
Branch: refs/heads/develop
Commit: 311154e77d637d4bbc0a4c7edd156dfe0a0c41e5
Parents: 80ed11d 3f1ea82
Author: Christopher Collins <cc...@apache.org>
Authored: Wed Feb 1 11:05:11 2017 -0800
Committer: Christopher Collins <cc...@apache.org>
Committed: Wed Feb 1 11:05:11 2017 -0800
----------------------------------------------------------------------
net/nimble/host/src/ble_gatts.c | 2 +-
net/nimble/host/src/ble_hs_hci_evt.c | 1 +
net/nimble/host/src/ble_l2cap_sig_cmd.c | 12 +++---------
net/nimble/host/src/ble_sm_sc.c | 4 ++--
4 files changed, 7 insertions(+), 12 deletions(-)
----------------------------------------------------------------------
[4/5] incubator-mynewt-core git commit: nimble/gatts: Fix use of
uninitialized variable
Posted by cc...@apache.org.
nimble/gatts: Fix use of uninitialized variable
new_notification was set to 1 only on complete iteration of loop. If
ble_hs_conn_find_by_idx would return NULL on first iteration it would
be used uninitialized
Project: http://git-wip-us.apache.org/repos/asf/incubator-mynewt-core/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-mynewt-core/commit/3f1ea82a
Tree: http://git-wip-us.apache.org/repos/asf/incubator-mynewt-core/tree/3f1ea82a
Diff: http://git-wip-us.apache.org/repos/asf/incubator-mynewt-core/diff/3f1ea82a
Branch: refs/heads/develop
Commit: 3f1ea82ac4ef1043f595ccc7ded14d57279efa62
Parents: 4e7d583
Author: Szymon Janc <sz...@codecoup.pl>
Authored: Mon Jan 30 17:03:15 2017 +0100
Committer: Szymon Janc <sz...@codecoup.pl>
Committed: Mon Jan 30 17:03:15 2017 +0100
----------------------------------------------------------------------
net/nimble/host/src/ble_gatts.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/incubator-mynewt-core/blob/3f1ea82a/net/nimble/host/src/ble_gatts.c
----------------------------------------------------------------------
diff --git a/net/nimble/host/src/ble_gatts.c b/net/nimble/host/src/ble_gatts.c
index ae9f3fb..39bf350 100644
--- a/net/nimble/host/src/ble_gatts.c
+++ b/net/nimble/host/src/ble_gatts.c
@@ -1443,7 +1443,7 @@ ble_gatts_chr_updated(uint16_t chr_val_handle)
struct ble_store_key_cccd cccd_key;
struct ble_gatts_clt_cfg *clt_cfg;
struct ble_hs_conn *conn;
- int new_notifications;
+ int new_notifications = 0;
int clt_cfg_idx;
int persist;
int rc;
[2/5] incubator-mynewt-core git commit: nimble/l2cap: Fix possible
NULL pointer dereference
Posted by cc...@apache.org.
nimble/l2cap: Fix possible NULL pointer dereference
os_mbuf_free expects valid pointer which could result in dereferencing
NULL pointer if ble_hs_mbuf_l2cap_pkt failed.
Project: http://git-wip-us.apache.org/repos/asf/incubator-mynewt-core/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-mynewt-core/commit/1c491451
Tree: http://git-wip-us.apache.org/repos/asf/incubator-mynewt-core/tree/1c491451
Diff: http://git-wip-us.apache.org/repos/asf/incubator-mynewt-core/diff/1c491451
Branch: refs/heads/develop
Commit: 1c49145107cc8d320977f0ed7a155a2edd7ab5db
Parents: 98f2a20
Author: Szymon Janc <sz...@codecoup.pl>
Authored: Mon Jan 30 16:33:47 2017 +0100
Committer: Szymon Janc <sz...@codecoup.pl>
Committed: Mon Jan 30 16:33:47 2017 +0100
----------------------------------------------------------------------
net/nimble/host/src/ble_l2cap_sig_cmd.c | 12 +++---------
1 file changed, 3 insertions(+), 9 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/incubator-mynewt-core/blob/1c491451/net/nimble/host/src/ble_l2cap_sig_cmd.c
----------------------------------------------------------------------
diff --git a/net/nimble/host/src/ble_l2cap_sig_cmd.c b/net/nimble/host/src/ble_l2cap_sig_cmd.c
index b8ab12b..7458210 100644
--- a/net/nimble/host/src/ble_l2cap_sig_cmd.c
+++ b/net/nimble/host/src/ble_l2cap_sig_cmd.c
@@ -27,21 +27,19 @@ ble_l2cap_sig_init_cmd(uint8_t op, uint8_t id, uint8_t payload_len,
struct ble_l2cap_sig_hdr hdr;
struct os_mbuf *txom;
void *v;
- int rc;
*out_om = NULL;
*out_payload_buf = NULL;
txom = ble_hs_mbuf_l2cap_pkt();
if (txom == NULL) {
- rc = BLE_HS_ENOMEM;
- goto err;
+ return BLE_HS_ENOMEM;
}
v = os_mbuf_extend(txom, BLE_L2CAP_SIG_HDR_SZ + payload_len);
if (v == NULL) {
- rc = BLE_HS_ENOMEM;
- goto err;
+ os_mbuf_free(txom);
+ return BLE_HS_ENOMEM;
}
hdr.op = op;
@@ -54,10 +52,6 @@ ble_l2cap_sig_init_cmd(uint8_t op, uint8_t id, uint8_t payload_len,
*out_payload_buf = (uint8_t *)v + BLE_L2CAP_SIG_HDR_SZ;
return 0;
-
-err:
- os_mbuf_free(txom);
- return rc;
}
static int