mirrors/pipewire
1
0
Fork 0
mirror of https://gitlab.freedesktop.org/pipewire/pipewire.git synced 2026-03-19 05:33:49 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions

bluez5: telephony: improve +CLCC parsing

Browse source 
Make sure we don't crash or do anything stupid if the incoming
command is malformed
This commit is contained in:
George Kiagiadakis 2024-11-15 17:48:22 +02:00 committed by Wim Taymans
parent 9d1862a6f8
commit abd96e592b
1 changed files with 67 additions and 45 deletions
Download patch file Download diff file Expand all files Collapse all files

46
spa/plugins/bluez5/backend-native.c
View file

@ -2008,35 +2008,54 @@ static bool rfcomm_hfp_hf(struct rfcomm *rfcomm, char* token)
} }
} else if (spa_strstartswith(token, "+CLCC: ")) { } else if (spa_strstartswith(token, "+CLCC: ")) {
struct spa_bt_telephony_call *call; struct spa_bt_telephony_call *call;
size_t pos;
char *token_end;
int idx; int idx;
unsigned int status, mpty; unsigned int status, mpty;
bool found = false; bool parsed = false, found = false;
token[strcspn(token, "\r")] = 0; token[strcspn(token, "\r")] = 0;
token[strcspn(token, "\n")] = 0; token[strcspn(token, "\n")] = 0;
token_end = token + strlen(token);
token += strlen("+CLCC: "); token += strlen("+CLCC: ");
token[strcspn(token, ",")] = 0;
if (token < token_end) {
pos = strcspn(token, ",");
token[pos] = '\0';
idx = atoi(token); idx = atoi(token);
token += strcspn(token, "\0") + 1; token += pos + 1;
}
if (token < token_end) {
// Skip direction // Skip direction
token[strcspn(token, ",")] = 0; pos = strcspn(token, ",");
token += strcspn(token, "\0") + 1; token += pos + 1;
token[strcspn(token, ",")] = 0; }
if (token < token_end) {
pos = strcspn(token, ",");
token[pos] = '\0';
status = atoi(token); status = atoi(token);
token += strcspn(token, "\0") + 1; token += pos + 1;
}
if (token < token_end) {
// Skip mode // Skip mode
token[strcspn(token, ",")] = 0; pos = strcspn(token, ",");
token += strcspn(token, "\0") + 1; token += pos + 1;
token[strcspn(token, ",")] = 0; }
if (token < token_end) {
pos = strcspn(token, ",");
token[pos] = '\0';
mpty = atoi(token); mpty = atoi(token);
token += strcspn(token, "\0") + 1; token += pos + 1;
if (strlen(token) > 0) { }
if (token < token_end) {
if (sscanf(token, "\"%16[^\"]\",%u", number, &type) != 2) { if (sscanf(token, "\"%16[^\"]\",%u", number, &type) != 2) {
spa_log_warn(backend->log, "Failed to parse number: %s", token); spa_log_warn(backend->log, "Failed to parse number: %s", token);
number[0] = '\0'; number[0] = '\0';
} }
parsed = true;
} }
if (SPA_LIKELY (parsed)) {
spa_list_for_each(call, &rfcomm->telephony_ag->call_list, link) { spa_list_for_each(call, &rfcomm->telephony_ag->call_list, link) {
if (call->id == idx) { if (call->id == idx) {
bool changed = false; bool changed = false;
@ -2071,6 +2090,9 @@ static bool rfcomm_hfp_hf(struct rfcomm *rfcomm, char* token)
else if (call->id != idx) else if (call->id != idx)
spa_log_warn(backend->log, "wrong call index: %d, expected: %d", call->id, idx); spa_log_warn(backend->log, "wrong call index: %d, expected: %d", call->id, idx);
} }
} else {
spa_log_warn(backend->log, "malformed +CLCC command received from AG");
}
rfcomm->hfp_hf_in_progress = false; rfcomm->hfp_hf_in_progress = false;
} else if (spa_strstartswith(token, "OK")) { } else if (spa_strstartswith(token, "OK")) {