Package: bluez-tools
Version: 0.2.0~20140808-3
Severity: important
Tags: patch
-- System Information:
Debian Release: 8.0
APT prefers stable
APT policy: (500, 'stable')
Architecture: i386 (i686)
Kernel: Linux 3.16.0-4-686-pae (SMP w/1 CPU core)
Locale: LANG=en_US, LC_CTYPE=en_US (charmap=ISO-8859-1)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
Versions of packages bluez-tools depends on:
ii libc6 2.19-18
ii libglib2.0-0 2.42.1-1
ii libreadline6 6.3-8+b3
Versions of packages bluez-tools recommends:
ii bluez-obexd 5.23-2+b1
bluez-tools suggests no packages.
-- no debconf information
The problem appears to be an incorrect use of 'sscanf' combined with
an improper use of the dbus 'return code' API. I have only patched
one of the functions that this bug involves. basically the entire
section of code needs a once-over and partial re-write.
steps to repro ('MACADDR' is the MAC address for client bluetooth):
1. run bt-agent with '-p somefile' containing the MACADDR and PIN
2. in a separate console, use 'bt-device -c MACADDR' to connect
3. note 'Segmentation Fault'.
I used gdb to track down the cause (the sscanf call) and also noted how
the return code was incorrectly returned as either UINT32 or STRING,
rather than a 'tuple'. error messages pointed me towards the correct
return type, which I implemented (possibly incorrectly) in my sample
patch. This all may be due to changes in dbus call methods that took
place between versions 4 and 5. This problem did not occur in 'wheezy'
which appears to use blueZ version 4.
--- src/lib/agent-helper.c.orig 2014-08-03 18:39:59.000000000 -0700
+++ src/lib/agent-helper.c 2015-05-18 01:18:24.086901318 -0700
@@ -293,14 +293,25 @@
g_object_unref(device_obj);
/* Try to use found PIN */
if (pin != NULL)
{
+ GVariant *pTemp = NULL, *pTemp2; // BBB - temporary fix
if (_interactive)
g_print("Passkey found\n");
- sscanf(pin, "%s", &ret);
- g_dbus_method_invocation_return_value(invocation, g_variant_new_string(ret));
+// BBB - removed, since it page faults - no need to scan a string, right?
+// sscanf(pin, "%s", &ret);
+
+ pTemp2 = g_variant_new_string(pin); // added since I need a tuple now
+ if(pTemp2)
+ {
+ pTemp = g_variant_new_tuple(&pTemp2, 1); // only one element
+ }
+ if(pTemp)
+ {
+ g_dbus_method_invocation_return_value(invocation, pTemp); // g_variant_new_string(ret));
+ }
return;
}
else if (_interactive)
{
g_print("Enter passkey: ");
