Sunday, March 6, 2011

Bug in hcidump

Try to run the following command:
  $ sudo hcidump -i aaa
Instead of giving an error that there is no device with a name "aaa", hcidump uses the "hci0" device. The first thing that comes to mind is maybe hcidump uses "hci0" device by default if the specified device not found, but when I try to run the following:
  $ sudo hcidump -i aaa123
It gives an error:
  Can't open device: No such device
So what is the reason of such behavior. To find out it, I review the argument parsing part of the source code (as hcidump is open source) and find out the following.
To download the source code of hcidump (version 1.42, used in Ubuntu 10.10) 
  $ git clone git://git.kernel.org/pub/scm/bluetooth/bluez-hcidump.git  # get the sources
  $ git checkout -b new 1.42                                    # get the version 1.42

The code of input arguments parsing is located in file "src/hcidump.c" starting at line 1002. The device name's parsing code is located between 1004 1010 lines:


As you can see the reason of the unusual behavior is in the following line:
    device = atoi(optarg + 3);
which didn't check the correctness of input (work for "hci[0-9]" like names only).

No comments:

Post a Comment