From 7ec7e43f3be20d7c79b5b62252ed368aca79e54a Mon Sep 17 00:00:00 2001 From: Michal Labedzki Date: Thu, 18 Jun 2015 09:10:55 +0200 Subject: [PATCH] Bluetooth: Coverity fixes Try to fix Coverity issues in Bluetooth HCI and androiddump. Change-Id: Id2ed35130eb4dbb0698b7a54afccdba56af62bfd Reviewed-on: https://code.wireshark.org/review/8983 Petri-Dish: Alexis La Goutte Tested-by: Petri Dish Buildbot Reviewed-by: Michal Labedzki --- epan/dissectors/packet-bthci_cmd.c | 8 ++++---- epan/dissectors/packet-bthci_evt.c | 24 ++++++++++++------------ epan/dissectors/packet-bthci_vendor.c | 17 +++++++++++++---- extcap/androiddump.c | 12 +++++++++++- 4 files changed, 40 insertions(+), 21 deletions(-) diff --git a/epan/dissectors/packet-bthci_cmd.c b/epan/dissectors/packet-bthci_cmd.c index 17c18990f8..8546a57ef8 100644 --- a/epan/dissectors/packet-bthci_cmd.c +++ b/epan/dissectors/packet-bthci_cmd.c @@ -1604,7 +1604,7 @@ dissect_link_control_cmd(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree_add_item(tree, hf_bthci_cmd_allow_role_switch, tvb, offset, 1, ENC_LITTLE_ENDIAN); offset++; - if (!pinfo->fd->flags.visited && bluetooth_data) { + if (!pinfo->fd->flags.visited) { guint32 interface_id; guint32 adapter_id; guint32 bd_addr_oui; @@ -1671,7 +1671,7 @@ dissect_link_control_cmd(tvbuff_t *tvb, int offset, packet_info *pinfo, role = tvb_get_guint8(tvb, offset); offset += 1; - if (!pinfo->fd->flags.visited && bluetooth_data) { + if (!pinfo->fd->flags.visited) { guint32 interface_id; guint32 adapter_id; guint32 bd_addr_oui; @@ -3122,7 +3122,7 @@ dissect_bthci_cmd(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void *dat ocf = opcode & 0x03ff; ogf = (guint8) (opcode >> 10); - if (!pinfo->fd->flags.visited && bluetooth_data) { + if (!pinfo->fd->flags.visited) { bthci_cmd_data = (bthci_cmd_data_t *) wmem_new(wmem_file_scope(), bthci_cmd_data_t); bthci_cmd_data->opcode = opcode; bthci_cmd_data->command_in_frame = frame_number; @@ -3231,7 +3231,7 @@ dissect_bthci_cmd(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void *dat } } - if (!pinfo->fd->flags.visited && bluetooth_data && bthci_cmd_data) { + if (!pinfo->fd->flags.visited && bthci_cmd_data) { key[0].length = 1; key[0].key = &interface_id; key[1].length = 1; diff --git a/epan/dissectors/packet-bthci_evt.c b/epan/dissectors/packet-bthci_evt.c index dc37270955..5378b0cccb 100644 --- a/epan/dissectors/packet-bthci_evt.c +++ b/epan/dissectors/packet-bthci_evt.c @@ -765,7 +765,7 @@ save_remote_device_name(tvbuff_t *tvb, gint offset, packet_info *pinfo, gchar *name; device_name_t *device_name; - if (!(!pinfo->fd->flags.visited && bluetooth_data && bd_addr)) return; + if (!(!pinfo->fd->flags.visited && bd_addr)) return; interface_id = bluetooth_data->interface_id; adapter_id = bluetooth_data->adapter_id; @@ -836,7 +836,7 @@ dissect_bthci_evt_connect_complete(tvbuff_t *tvb, int offset, packet_info *pinfo offset += 2; offset = dissect_bd_addr(hf_bthci_evt_bd_addr, pinfo, tree, tvb, offset, FALSE, bluetooth_data->interface_id, bluetooth_data->adapter_id, bd_addr); - if (!pinfo->fd->flags.visited && bluetooth_data != NULL && status == 0x00) { + if (!pinfo->fd->flags.visited && status == STATUS_SUCCESS) { wmem_tree_key_t key[5]; guint32 k_interface_id; guint32 k_adapter_id; @@ -923,7 +923,7 @@ dissect_bthci_evt_disconnect_complete(tvbuff_t *tvb, int offset, packet_info *pi proto_tree_add_item(tree, hf_bthci_evt_reason, tvb, offset, 1, ENC_LITTLE_ENDIAN); offset += 1; - if (!pinfo->fd->flags.visited && bluetooth_data != NULL && status == 0x00) { + if (!pinfo->fd->flags.visited && status == STATUS_SUCCESS) { wmem_tree_key_t key[4]; guint32 interface_id; guint32 adapter_id; @@ -1153,7 +1153,7 @@ dissect_bthci_evt_remote_name_req_complete(tvbuff_t *tvb, int offset, offset = dissect_bd_addr(hf_bthci_evt_bd_addr, pinfo, tree, tvb, offset, FALSE, bluetooth_data->interface_id, bluetooth_data->adapter_id, bd_addr); proto_tree_add_item(tree, hf_bthci_evt_remote_name, tvb, offset, 248, ENC_UTF_8|ENC_NA); - if (!pinfo->fd->flags.visited && bluetooth_data != NULL) { + if (!pinfo->fd->flags.visited) { wmem_tree_key_t key[6]; guint32 interface_id; guint32 adapter_id; @@ -1346,7 +1346,7 @@ dissect_bthci_evt_mode_change(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_item_append_text(handle_item, " Baseband slots (%f msec)", tvb_get_letohs(tvb, offset)*0.625); offset += 2; - if (!pinfo->fd->flags.visited && bluetooth_data && status == 0x00) { + if (!pinfo->fd->flags.visited && status == STATUS_SUCCESS) { wmem_tree_key_t key[5]; guint32 interface_id; guint32 adapter_id; @@ -1396,7 +1396,7 @@ dissect_bthci_evt_role_change(tvbuff_t *tvb, int offset, packet_info *pinfo, role = tvb_get_guint8(tvb, offset); offset += 1; - if (!pinfo->fd->flags.visited && bluetooth_data && status == 0) { + if (!pinfo->fd->flags.visited && status == STATUS_SUCCESS) { guint32 interface_id; guint32 adapter_id; guint32 bd_addr_oui; @@ -1875,7 +1875,7 @@ dissect_bthci_evt_le_meta(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree_add_item(tree, hf_bthci_evt_le_master_clock_accuracy, tvb, offset, 1, ENC_LITTLE_ENDIAN); offset += 1; - if (!pinfo->fd->flags.visited && bluetooth_data != NULL && status == 0x00) { + if (!pinfo->fd->flags.visited && status == STATUS_SUCCESS) { wmem_tree_key_t key[5]; guint32 k_interface_id; guint32 k_adapter_id; @@ -2330,7 +2330,7 @@ dissect_bthci_evt_command_complete(tvbuff_t *tvb, int offset, offset += 1; offset = dissect_bd_addr(hf_bthci_evt_bd_addr, pinfo, tree, tvb, offset, local_addr, bluetooth_data->interface_id, bluetooth_data->adapter_id, bd_addr); - if (!pinfo->fd->flags.visited && bluetooth_data != NULL && local_addr) { + if (!pinfo->fd->flags.visited && local_addr) { localhost_bdaddr_entry_t *localhost_bdaddr_entry; interface_id = bluetooth_data->interface_id; @@ -2543,7 +2543,7 @@ dissect_bthci_evt_command_complete(tvbuff_t *tvb, int offset, offset += 1; proto_tree_add_item(tree, hf_bthci_evt_device_name, tvb, offset, 248, ENC_UTF_8|ENC_NA); - if (status == STATUS_SUCCESS && !pinfo->fd->flags.visited && bluetooth_data != NULL) { + if (status == STATUS_SUCCESS && !pinfo->fd->flags.visited) { gchar *name; localhost_name_entry_t *localhost_name_entry; @@ -2869,7 +2869,7 @@ dissect_bthci_evt_command_complete(tvbuff_t *tvb, int offset, lmp_subversion_item = proto_tree_add_item(tree, hf_bthci_evt_sub_vers_nr, tvb, offset, 2, ENC_LITTLE_ENDIAN); offset += 2; - if (status == STATUS_SUCCESS && bluetooth_data) { + if (status == STATUS_SUCCESS) { hci_vendor_data_t *hci_vendor_data; guint16 hci_revision; guint16 manufacturer; @@ -3447,7 +3447,7 @@ dissect_bthci_evt_sync_connection_complete(tvbuff_t *tvb, int offset, adapter_id = bluetooth_data->adapter_id; frame_number = pinfo->fd->num; - if (!pinfo->fd->flags.visited && status == 0x00) { + if (!pinfo->fd->flags.visited && status == STATUS_SUCCESS) { remote_bdaddr_t *remote_bdaddr; chandle_session_t *chandle_session; bthci_sco_stream_number_t *sco_stream_number; @@ -4177,7 +4177,7 @@ dissect_bthci_evt(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void *dat tap_device->data.name = lastest_bthci_cmd_data->data.name; tap_queue_packet(bluetooth_device_tap, pinfo, tap_device); } - if (status == STATUS_SUCCESS && !pinfo->fd->flags.visited && bluetooth_data) { + if (status == STATUS_SUCCESS && !pinfo->fd->flags.visited) { localhost_name_entry_t *localhost_name_entry; wmem_tree_key_t key[4]; guint32 interface_id; diff --git a/epan/dissectors/packet-bthci_vendor.c b/epan/dissectors/packet-bthci_vendor.c index e6ef90d587..62872ac275 100644 --- a/epan/dissectors/packet-bthci_vendor.c +++ b/epan/dissectors/packet-bthci_vendor.c @@ -368,8 +368,17 @@ dissect_bthci_vendor_broadcom(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tre guint8 status; guint8 subcode; guint8 condition; + guint32 interface_id; + guint32 adapter_id; bluetooth_data = (bluetooth_data_t *) data; + if (bluetooth_data) { + interface_id = bluetooth_data->interface_id; + adapter_id = bluetooth_data->adapter_id; + } else { + interface_id = HCI_INTERFACE_DEFAULT; + adapter_id = HCI_ADAPTER_DEFAULT; + } main_item = proto_tree_add_item(tree, proto_bthci_vendor_broadcom, tvb, 0, tvb_captured_length(tvb), ENC_NA); main_tree = proto_item_add_subtree(main_item, ett_bthci_vendor_broadcom); @@ -401,7 +410,7 @@ dissect_bthci_vendor_broadcom(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tre switch(ocf) { case 0x0001: /* Write BDADDR */ - offset = dissect_bd_addr(hf_bd_addr, pinfo, main_tree, tvb, offset, TRUE, bluetooth_data->interface_id, bluetooth_data->adapter_id, bd_addr); + offset = dissect_bd_addr(hf_bd_addr, pinfo, main_tree, tvb, offset, TRUE, interface_id, adapter_id, bd_addr); /* TODO: This is command, but in respose (event Command Complete) there is a status for that, so write bdaddr can fail, but we store bdaddr as valid for now... */ @@ -582,12 +591,12 @@ dissect_bthci_vendor_broadcom(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tre proto_tree_add_item(main_tree, hf_le_multi_advertising_address_type, tvb, offset, 1, ENC_NA); offset += 1; - offset = dissect_bd_addr(hf_bd_addr, pinfo, main_tree, tvb, offset, FALSE, bluetooth_data->interface_id, bluetooth_data->adapter_id, NULL); + offset = dissect_bd_addr(hf_bd_addr, pinfo, main_tree, tvb, offset, FALSE, interface_id, adapter_id, NULL); proto_tree_add_item(main_tree, hf_le_multi_advertising_address_type, tvb, offset, 1, ENC_NA); offset += 1; - offset = dissect_bd_addr(hf_bd_addr, pinfo, main_tree, tvb, offset, FALSE, bluetooth_data->interface_id, bluetooth_data->adapter_id, NULL); + offset = dissect_bd_addr(hf_bd_addr, pinfo, main_tree, tvb, offset, FALSE, interface_id, adapter_id, NULL); proto_tree_add_bitmask(main_tree, tvb, offset, hf_le_multi_advertising_channel_map, ett_channel_map, hfx_le_multi_advertising_channel_map, ENC_NA); offset += 1; @@ -613,7 +622,7 @@ dissect_bthci_vendor_broadcom(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tre break; case 0x04: /* Set Random Address */ - offset = dissect_bd_addr(hf_bd_addr, pinfo, main_tree, tvb, offset, FALSE, bluetooth_data->interface_id, bluetooth_data->adapter_id, NULL); + offset = dissect_bd_addr(hf_bd_addr, pinfo, main_tree, tvb, offset, FALSE, interface_id, adapter_id, NULL); proto_tree_add_item(main_tree, hf_le_multi_advertising_instance_id, tvb, offset, 1, ENC_NA); offset += 1; diff --git a/extcap/androiddump.c b/extcap/androiddump.c index eec27601dd..c96be11e4a 100644 --- a/extcap/androiddump.c +++ b/extcap/androiddump.c @@ -254,6 +254,11 @@ static struct extcap_dumper extcap_dumper_open(char *fifo, int encap) { pcap = pcap_open_dead_with_tstamp_precision(encap_ext, PACKET_LENGTH, PCAP_TSTAMP_PRECISION_NANO); extcap_dumper.dumper.pcap = pcap_dump_open(pcap, fifo); + if (!extcap_dumper.dumper.pcap) { + if (verbose) + fprintf(stderr, "ERROR: Cannot save dump file\n"); + exit(1); + } extcap_dumper.encap = encap; pcap_dump_flush(extcap_dumper.dumper.pcap); #else @@ -270,6 +275,11 @@ static struct extcap_dumper extcap_dumper_open(char *fifo, int encap) { } extcap_dumper.dumper.wtap = wtap_dump_open(fifo, WTAP_FILE_TYPE_SUBTYPE_PCAP_NSEC, encap_ext, PACKET_LENGTH, FALSE, &err); + if (!extcap_dumper.dumper.wtap) { + if (verbose) + fprintf(stderr, "ERROR: Cannot save dump file\n"); + exit(1); + } extcap_dumper.encap = encap; wtap_dump_flush(extcap_dumper.dumper.wtap); #endif @@ -1440,6 +1450,7 @@ static int capture_android_bluetooth_external_parser(char *interface, *bt_local_tcp_port, *bt_server_tcp_port, result); } + memset(&server, 0 , sizeof(server)); server.sin_family = AF_INET; server.sin_port = GINT16_TO_BE(*bt_local_tcp_port); server.sin_addr.s_addr = inet_addr(bt_local_ip); @@ -1526,7 +1537,6 @@ static int capture_android_bluetooth_external_parser(char *interface, if ((sock = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP)) == INVALID_SOCKET) { if (verbose) printf("ERROR1: %s\n", strerror(errno)); - closesocket(sock); return 1; }