Closed Bug 1166587 Opened 9 years ago Closed 9 years ago

Check OBEX packet length before accessing it

Categories

(Firefox OS Graveyard :: Bluetooth, defect)

Product:
Firefox OS Graveyard
Component:
Bluetooth
Platform:
ARM
Gonk (Firefox OS)
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

(blocking-b2g:2.2r+, firefox41 fixed, b2g-v2.2r fixed, b2g-master fixed)

Status:
RESOLVED FIXED
Project Flags:
blocking-b2g 2.2r+
Tracking Flags:
Tracking Status
firefox41 --- fixed
b2g-v2.2r --- fixed
b2g-master --- fixed

People

(Reporter: ben.tian, Assigned: ben.tian)

References

Details

Attachments

(3 files, 1 obsolete file)

[final] Patch 1: Check OBEX packet length before accessing it, r=shuang
12.80 KB, patch
Details | Diff | Splinter Review
(for branch 2.2r) Patch 1: Check OBEX packet length before accessing it, r=shuang
12.79 KB, patch
wiwang
: review+
Details | Diff | Splinter Review
(for branch 2.2r) Patch 2: Check OBEX packet length before accessing it
1.01 KB, patch
shawnjohnjr
: review+
Details | Diff | Splinter Review 
+++ This bug was initially created as a clone of Bug #1162902 +++

Bug #1162902 comment 7 mentions OBEX packet length problem we should check for both OPP and PBAP managers.

Create this bug to fix them:
- ensure received packet length smaller than max packet length
- ensure received packet length equals to or larger than we expect for different opcodes.
Assignee: nobody → btian

        Attachment #8607952 -
        Flags: review?(shuang)

    
    

    
  
Comment on attachment 8607952 [details] [diff] [review]
Patch 1 (v1): Check OBEX packet length before accessing it

Review of attachment 8607952 [details] [diff] [review]:
-----------------------------------------------------------------

The code looks good to me. Thanks, Ben!

        Attachment #8607952 -
        Flags: review?(shuang) → review+

    
    

    
  
try fails to build on ICS emulator for lack of BlueZ OPP manger change. I'll add BlueZ OPP change into the patch.

https://treeherder.mozilla.org/#/jobs?repo=try&revision=f246c2a123ce

    
    

    
  
https://hg.mozilla.org/mozilla-central/rev/fbeefb82d466
Status: NEW → RESOLVED
Closed: 9 years ago

          status-firefox41:
          --- → fixed
Resolution: --- → FIXED

    
    

    
  
Hi Ben,
According to Bug #1162902 comment 7, the patch prevents the invalid memory access.
Since Bug 1162902 had been landed to 2.2r, we might consider landing this patch to 2.2r too.
What do you think ?
Flags: needinfo?(btian)

    
    

    
  
Set 2.2r+ blocker per comment 7.
blocking-b2g: --- → 2.2r+
Flags: needinfo?(btian)

    
    

    
  


  
Rebased patch for branch 2.2r.
Carry r+ from previous patch.

        Attachment #8677436 -
        Flags: review+

    
    

    
  


  
Second rebased patch for 2.2r, for the related function call in BluetoothMapSmsManager.cpp.

Hi Shawn,
Since I am currently not familiar with MAP profile,
could you help to review for this slight modification?

Thanks!

        Attachment #8677438 -
        Flags: review?(shuang)

          You need to log in
          before you can comment on or make changes to this bug.
        






  

    
  







  

    

      
Attachment

      

      
      
      
      
    

    

      

        

          

            
General

            

              Creator: 



            

            
Created: 

            
Updated: 

            
Size: