[Pkg-bluetooth-maintainers] Bug#785603: bluez-tools: Segmentation Fault in bt-agent when attempting to use PIN code

[Bob Frazier]

Package: bluez-tools
Version: 0.2.0~20140808-3
Severity: important
Tags: patch



-- System Information:
Debian Release: 8.0
   APT prefers stable
   APT policy: (500, 'stable')
Architecture: i386 (i686)

Kernel: Linux 3.16.0-4-686-pae (SMP w/1 CPU core)
Locale: LANG=en_US, LC_CTYPE=en_US (charmap=ISO-8859-1)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages bluez-tools depends on:
ii  libc6         2.19-18
ii  libglib2.0-0  2.42.1-1
ii  libreadline6  6.3-8+b3

Versions of packages bluez-tools recommends:
ii  bluez-obexd  5.23-2+b1

bluez-tools suggests no packages.

-- no debconf information

The problem appears to be an incorrect use of 'sscanf' combined with
an improper use of the dbus 'return code' API.  I have only patched
one of the functions that this bug involves.  basically the entire
section of code needs a once-over and partial re-write.

steps to repro ('MACADDR' is the MAC address for client bluetooth):

1.  run bt-agent with '-p somefile' containing the MACADDR and PIN
2.  in a separate console, use 'bt-device -c MACADDR' to connect
3.  note 'Segmentation Fault'.

I used gdb to track down the cause (the sscanf call) and also noted how 
the return code was incorrectly returned as either UINT32 or STRING, 
rather than a 'tuple'.  error messages pointed me towards the correct 
return type, which I implemented (possibly incorrectly) in my sample 
patch.  This all may be due to changes in dbus call methods that took 
place between versions 4 and 5.  This problem did not occur in 'wheezy' 
which appears to use blueZ version 4.


-------------- next part --------------
A non-text attachment was scrubbed...
Name: agent-helper.c.patch
Type: text/x-patch
Size: 1136 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/pkg-bluetooth-maintainers/attachments/20150518/d908e7df/attachment.bin>