From 49852c0b4fe1ef1dae5d11e7ff01b70c12464e40 Mon Sep 17 00:00:00 2001 From: Johan Hedberg Date: Fri, 18 Aug 2006 22:32:10 +0000 Subject: Fix accessing free'd memory --- hcid/dbus.c | 3 ++- hcid/device.c | 49 ++++++++++++++++++++----------------------------- hcid/main.c | 20 ++++++++++++++++---- 3 files changed, 38 insertions(+), 34 deletions(-) diff --git a/hcid/dbus.c b/hcid/dbus.c index 365af30e..162745cd 100644 --- a/hcid/dbus.c +++ b/hcid/dbus.c @@ -752,8 +752,9 @@ void hcid_dbus_bonding_process_complete(bdaddr_t *local, bdaddr_t *peer, const u l = slist_find(pdata->pending_bondings, peer, pending_bonding_cmp); if (l) { + void *d = l->data; pdata->pending_bondings = slist_remove(pdata->pending_bondings, l->data); - free(l->data); + free(d); if (!status) { const char *name = "BondingCreated"; diff --git a/hcid/device.c b/hcid/device.c index 7beb4fe8..5c3518dd 100644 --- a/hcid/device.c +++ b/hcid/device.c @@ -99,28 +99,6 @@ void init_devices(void) memset(devices + i, 0, sizeof(struct hci_dev)); } -static int device_read_bdaddr(uint16_t dev_id, bdaddr_t *bdaddr) -{ - int dd; - - dd = hci_open_dev(dev_id); - if (dd < 0) { - error("Can't open device hci%d", - dev_id, strerror(errno), errno); - return -errno; - } - - if (hci_read_bd_addr(dd, bdaddr, 2000) < 0) { - error("Can't read address for hci%d: %s (%d)", - dev_id, strerror(errno), errno); - return -errno; - } - - hci_close_dev(dd); - - return 0; -} - int add_device(uint16_t dev_id) { struct hci_dev *dev; @@ -140,13 +118,7 @@ int add_device(uint16_t dev_id) dev->ignore = 1; } - if (bacmp(&di.bdaddr, BDADDR_ANY)) - bacpy(&dev->bdaddr, &di.bdaddr); - else { - int ret = device_read_bdaddr(dev_id, &dev->bdaddr); - if (ret < 0) - return ret; - } + bacpy(&dev->bdaddr, &di.bdaddr); memcpy(dev->features, di.features, 8); info("Device hci%d has been added", dev_id); @@ -266,6 +238,7 @@ int stop_device(uint16_t dev_id) int get_device_address(uint16_t dev_id, char *address, size_t size) { struct hci_dev *dev; + int dd; ASSERT_DEV_ID; @@ -274,6 +247,24 @@ int get_device_address(uint16_t dev_id, char *address, size_t size) dev = &devices[dev_id]; + if (bacmp(&dev->bdaddr, BDADDR_ANY)) + return ba2str(&dev->bdaddr, address); + + dd = hci_open_dev(dev_id); + if (dd < 0) { + error("Can't open device hci%d", + dev_id, strerror(errno), errno); + return -errno; + } + + if (hci_read_bd_addr(dd, &dev->bdaddr, 2000) < 0) { + error("Can't read address for hci%d: %s (%d)", + dev_id, strerror(errno), errno); + return -errno; + } + + hci_close_dev(dd); + return ba2str(&dev->bdaddr, address); } diff --git a/hcid/main.c b/hcid/main.c index d69326dc..3aea1a89 100644 --- a/hcid/main.c +++ b/hcid/main.c @@ -478,7 +478,19 @@ static void init_all_devices(int ctl) for (i = 0; i < dl->dev_num; i++, dr++) { if (hcid.auto_init) init_device(dr->dev_id); + + add_device(dr->dev_id); + + if (hcid.auto_init && hci_test_bit(HCI_UP, &dr->dev_opt)) + configure_device(dr->dev_id); + + if (hcid.security && hci_test_bit(HCI_UP, &dr->dev_opt)) + start_security_manager(dr->dev_id); + + start_device(dr->dev_id); + hcid_dbus_register_device(dr->dev_id); + hcid_dbus_start_device(dr->dev_id); } free(dl); @@ -520,6 +532,7 @@ static inline void device_event(GIOChannel *chan, evt_stack_internal *si) info("HCI dev %d registered", sd->dev_id); if (hcid.auto_init) init_device(sd->dev_id); + add_device(sd->dev_id); hcid_dbus_register_device(sd->dev_id); break; @@ -531,7 +544,6 @@ static inline void device_event(GIOChannel *chan, evt_stack_internal *si) case HCI_DEV_UP: info("HCI dev %d up", sd->dev_id); - add_device(sd->dev_id); if (hcid.auto_init) configure_device(sd->dev_id); if (hcid.security) @@ -705,13 +717,13 @@ int main(int argc, char *argv[]) /* Create event loop */ event_loop = g_main_new(FALSE); + /* Initialize already connected devices */ + init_all_devices(hcid.sock); + ctl_io = g_io_channel_unix_new(hcid.sock); g_io_add_watch(ctl_io, G_IO_IN, io_stack_event, NULL); - /* Initialize already connected devices */ - init_all_devices(hcid.sock); - if (sdp) start_sdp_server(); -- cgit