alex/esp-idf
alex/esp-idf
1
0
Fork 0
mirror of https://github.com/espressif/esp-idf.git synced 2024-10-05 20:47:46 -04:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity

component/bt: Fix crash problem while using invalid control parameter

Browse Source 
- Fix crash problem while using invalid control parameter to set gatt characteristic or descriptor
This commit is contained in:
island 2017-06-07 20:06:49 +08:00
parent 058eb26574
commit 30783d481d
2 changed files with 87 additions and 76 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

72
components/bt/bluedroid/api/esp_gatts_api.c
View File

@ -23,6 +23,8 @@
#if (GATTS_INCLUDED == TRUE) #if (GATTS_INCLUDED == TRUE)
#define COPY_TO_GATTS_ARGS(_gatt_args, _arg, _arg_type) memcpy(_gatt_args, _arg, sizeof(_arg_type)) #define COPY_TO_GATTS_ARGS(_gatt_args, _arg, _arg_type) memcpy(_gatt_args, _arg, sizeof(_arg_type))
static esp_err_t esp_ble_gatts_add_char_desc_param_check(esp_attr_value_t *char_val, esp_attr_control_t *control);
esp_err_t esp_ble_gatts_register_callback(esp_gatts_cb_t callback) esp_err_t esp_ble_gatts_register_callback(esp_gatts_cb_t callback)
{ {
@ -138,30 +140,16 @@ esp_err_t esp_ble_gatts_add_char(uint16_t service_handle, esp_bt_uuid_t *char_
{ {
btc_msg_t msg; btc_msg_t msg;
btc_ble_gatts_args_t arg; btc_ble_gatts_args_t arg;
esp_err_t status;
if (esp_bluedroid_get_status() != ESP_BLUEDROID_STATUS_ENABLED) { if (esp_bluedroid_get_status() != ESP_BLUEDROID_STATUS_ENABLED) {
return ESP_ERR_INVALID_STATE; return ESP_ERR_INVALID_STATE;
} }
/* parameter validation check */ /* parameter validation check */
if ((control != NULL) && (control->auto_rsp == GATT_STACK_RSP)){ status = esp_ble_gatts_add_char_desc_param_check(char_val, control);
if (char_val == NULL){ if (status != ESP_OK){
LOG_ERROR("Error in %s, line=%d, for stack respond attribute, char_val should not be NULL here\n",\ return status;
__func__, __LINE__);
return ESP_ERR_INVALID_ARG;
} else if (char_val->attr_max_len == 0){
LOG_ERROR("Error in %s, line=%d, for stack respond attribute, attribute max length should not be 0\n",\
__func__, __LINE__);
return ESP_ERR_INVALID_ARG;
}
}
if (char_val != NULL){
if (char_val->attr_len > char_val->attr_max_len){
LOG_ERROR("Error in %s, line=%d,attribute actual length (%d) should not be larger than max length (%d)\n",\
__func__, __LINE__, char_val->attr_len, char_val->attr_max_len);
return ESP_ERR_INVALID_ARG;
}
} }
memset(&arg, 0, sizeof(btc_ble_gatts_args_t)); memset(&arg, 0, sizeof(btc_ble_gatts_args_t));
@ -193,33 +181,17 @@ esp_err_t esp_ble_gatts_add_char_descr (uint16_t service_handle,
{ {
btc_msg_t msg; btc_msg_t msg;
btc_ble_gatts_args_t arg; btc_ble_gatts_args_t arg;
esp_err_t status;
if (esp_bluedroid_get_status() != ESP_BLUEDROID_STATUS_ENABLED) { if (esp_bluedroid_get_status() != ESP_BLUEDROID_STATUS_ENABLED) {
return ESP_ERR_INVALID_STATE; return ESP_ERR_INVALID_STATE;
} }
/* parameter validation check */ /* parameter validation check */
if ((control != NULL) && (control->auto_rsp == GATT_STACK_RSP)){ status = esp_ble_gatts_add_char_desc_param_check(char_descr_val, control);
if (char_descr_val == NULL){ if (status != ESP_OK){
LOG_ERROR("Error in %s, line=%d, for stack respond attribute, char_descr_val should not be NULL here\n",\ return status;
__func__, __LINE__);
return ESP_ERR_INVALID_ARG;
} }
else if (char_descr_val->attr_max_len == 0){
LOG_ERROR("Error in %s, line=%d, for stack respond attribute, attribute max length should not be 0\n",\
__func__, __LINE__);
return ESP_ERR_INVALID_ARG;
}
}
if (char_descr_val != NULL){
if (char_descr_val->attr_len > char_descr_val->attr_max_len){
LOG_ERROR("Error in %s, line=%d,attribute actual length (%d) should not be larger than max length (%d)\n",\
__func__, __LINE__, char_descr_val->attr_len, char_descr_val->attr_max_len);
return ESP_ERR_INVALID_ARG;
}
}
memset(&arg, 0, sizeof(btc_ble_gatts_args_t)); memset(&arg, 0, sizeof(btc_ble_gatts_args_t));
msg.sig = BTC_SIG_API_CALL; msg.sig = BTC_SIG_API_CALL;
@ -402,4 +374,28 @@ esp_err_t esp_ble_gatts_close(esp_gatt_if_t gatts_if, uint16_t conn_id)
== BT_STATUS_SUCCESS ? ESP_OK : ESP_FAIL); == BT_STATUS_SUCCESS ? ESP_OK : ESP_FAIL);
} }
static esp_err_t esp_ble_gatts_add_char_desc_param_check(esp_attr_value_t *char_val, esp_attr_control_t *control)
{
if ((control != NULL) && ((control->auto_rsp != ESP_GATT_AUTO_RSP) && (control->auto_rsp != ESP_GATT_RSP_BY_APP))){
LOG_ERROR("Error in %s, line=%d, control->auto_rsp should be set to ESP_GATT_AUTO_RSP or ESP_GATT_RSP_BY_APP\n",\
__func__, __LINE__);
return ESP_ERR_INVALID_ARG;
}
if ((control != NULL) && (control->auto_rsp == ESP_GATT_AUTO_RSP)){
if (char_val == NULL){
LOG_ERROR("Error in %s, line=%d, for stack respond attribute, char_val should not be NULL here\n",\
__func__, __LINE__);
return ESP_ERR_INVALID_ARG;
} else if (char_val->attr_max_len == 0){
LOG_ERROR("Error in %s, line=%d, for stack respond attribute, attribute max length should not be 0\n",\
__func__, __LINE__);
return ESP_ERR_INVALID_ARG;
}
}
return ESP_OK;
}
#endif ///GATTS_INCLUDED #endif ///GATTS_INCLUDED

85
components/bt/bluedroid/stack/gatt/gatt_db.c
View File

@ -46,6 +46,7 @@ static BOOLEAN copy_extra_byte_in_db(tGATT_SVC_DB *p_db, void **p_dst, UINT16 le
static BOOLEAN gatts_db_add_service_declaration(tGATT_SVC_DB *p_db, tBT_UUID *p_service, BOOLEAN is_pri); static BOOLEAN gatts_db_add_service_declaration(tGATT_SVC_DB *p_db, tBT_UUID *p_service, BOOLEAN is_pri);
static tGATT_STATUS gatts_send_app_read_request(tGATT_TCB *p_tcb, UINT8 op_code, static tGATT_STATUS gatts_send_app_read_request(tGATT_TCB *p_tcb, UINT8 op_code,
UINT16 handle, UINT16 offset, UINT32 trans_id, BOOLEAN need_rsp); UINT16 handle, UINT16 offset, UINT32 trans_id, BOOLEAN need_rsp);
static BOOLEAN gatts_add_char_desc_value_check (tGATT_ATTR_VAL *attr_val, tGATTS_ATTR_CONTROL *control);
/******************************************************************************* /*******************************************************************************
** **
@ -468,27 +469,13 @@ UINT16 gatts_add_characteristic (tGATT_SVC_DB *p_db, tGATT_PERM perm,
{ {
tGATT_ATTR16 *p_char_decl, *p_char_val; tGATT_ATTR16 *p_char_decl, *p_char_val;
tBT_UUID uuid = {LEN_UUID_16, {GATT_UUID_CHAR_DECLARE}}; tBT_UUID uuid = {LEN_UUID_16, {GATT_UUID_CHAR_DECLARE}};
BOOLEAN status;
GATT_TRACE_DEBUG("gatts_add_characteristic perm=0x%0x property=0x%0x\n", perm, property); GATT_TRACE_DEBUG("gatts_add_characteristic perm=0x%0x property=0x%0x\n", perm, property);
/* parameter validation check */ /* parameter validation check */
if ((control != NULL) && (control->auto_rsp == GATT_STACK_RSP)){ status = gatts_add_char_desc_value_check(attr_val, control);
if (attr_val == NULL){ if (status == FALSE){
GATT_TRACE_ERROR("Error in %s, line=%d, for stack respond attribute, attr_val should not be NULL here\n",\
__func__, __LINE__);
return 0; return 0;
} else if (attr_val->attr_max_len == 0){
GATT_TRACE_ERROR("Error in %s, line=%d, for stack respond attribute, attribute max length should not be 0\n",\
__func__, __LINE__);
return 0;
}
}
if (attr_val != NULL){
if (attr_val->attr_len > attr_val->attr_max_len){
GATT_TRACE_ERROR("Error in %s, line=%d,attribute actual length should not be larger than max length\n",\
__func__, __LINE__);
return 0;
}
} }
@ -621,30 +608,15 @@ UINT16 gatts_add_char_descr (tGATT_SVC_DB *p_db, tGATT_PERM perm,
tBT_UUID *p_descr_uuid, tGATT_ATTR_VAL *attr_val, tGATTS_ATTR_CONTROL *control) tBT_UUID *p_descr_uuid, tGATT_ATTR_VAL *attr_val, tGATTS_ATTR_CONTROL *control)
{ {
tGATT_ATTR16 *p_char_dscptr; tGATT_ATTR16 *p_char_dscptr;
BOOLEAN status;
GATT_TRACE_DEBUG("gatts_add_char_descr uuid=0x%04x\n", p_descr_uuid->uu.uuid16); GATT_TRACE_DEBUG("gatts_add_char_descr uuid=0x%04x\n", p_descr_uuid->uu.uuid16);
/* parameter validation check */ /* parameter validation check */
if ((control != NULL) && (control->auto_rsp == GATT_STACK_RSP)){ status = gatts_add_char_desc_value_check(attr_val, control);
if (attr_val == NULL){ if (status == FALSE){
GATT_TRACE_ERROR("Error in %s, line=%d, for stack respond attribute, attr_val should not be NULL here\n",\
__func__, __LINE__);
return 0;
} else if (attr_val->attr_max_len == 0){
GATT_TRACE_ERROR("Error in %s, line=%d, for stack respond attribute, attribute max length should not be 0\n",\
__func__, __LINE__);
return 0; return 0;
} }
}
if (attr_val != NULL){
if (attr_val->attr_len > attr_val->attr_max_len){
GATT_TRACE_ERROR("Error in %s, line=%d,attribute actual length (%d) should not be larger than max length (%d)\n",\
__func__, __LINE__, attr_val->attr_len, attr_val->attr_max_len);
return 0;
}
}
/* Add characteristic descriptors */ /* Add characteristic descriptors */
if ((p_char_dscptr = (tGATT_ATTR16 *)allocate_attr_in_db(p_db, p_descr_uuid, perm)) == NULL) { if ((p_char_dscptr = (tGATT_ATTR16 *)allocate_attr_in_db(p_db, p_descr_uuid, perm)) == NULL) {
@ -1465,4 +1437,47 @@ static BOOLEAN gatts_db_add_service_declaration(tGATT_SVC_DB *p_db, tBT_UUID *p_
return rt; return rt;
} }
/*******************************************************************************
**
** Function gatts_add_char_desc_value_check
**
** Description parameters validation check for gatts add char/descriptor functions
**
** Parameter attr_val: attribute value for char/descriptor.
** control: control variable for char/descriptor.
**
** Returns void
**
*******************************************************************************/
static BOOLEAN gatts_add_char_desc_value_check (tGATT_ATTR_VAL *attr_val, tGATTS_ATTR_CONTROL *control)
{
if ((control != NULL) && ((control->auto_rsp != GATT_RSP_BY_APP) && (control->auto_rsp != GATT_RSP_BY_STACK))){
GATT_TRACE_ERROR("Error in %s, line=%d, control->auto_rsp should be set to GATT_RSP_BY_APP or GATT_RSP_BY_STACK here\n",\
__func__, __LINE__);
return FALSE;
}
if ((control != NULL) && (control->auto_rsp == GATT_RSP_BY_STACK)){
if (attr_val == NULL){
GATT_TRACE_ERROR("Error in %s, line=%d, for stack respond attribute, attr_val should not be NULL here\n",\
__func__, __LINE__);
return FALSE;
} else if (attr_val->attr_max_len == 0){
GATT_TRACE_ERROR("Error in %s, line=%d, for stack respond attribute, attribute max length should not be 0\n",\
__func__, __LINE__);
return FALSE;
}
}
if (attr_val != NULL){
if (attr_val->attr_len > attr_val->attr_max_len){
GATT_TRACE_ERROR("Error in %s, line=%d,attribute actual length should not be larger than max length\n",\
__func__, __LINE__);
return FALSE;
}
}
return TRUE ;
}
#endif /* BLE_INCLUDED == TRUE && GATTS_INCLUDED == TRUE */ #endif /* BLE_INCLUDED == TRUE && GATTS_INCLUDED == TRUE */