blackbeard420/esp-idf
1
0
Fork 0
mirror of https://github.com/espressif/esp-idf synced 2025-03-09 17:19:09 -04:00
Code Issues Projects Releases Wiki Activity

fix(ble/blufi): Fixed blufi example security issue

Browse Source
This commit is contained in:
zhanghaipeng 2024-12-17 19:42:06 +08:00 committed by xuzhekai
parent 9659bb2d03
commit a4c4601e59
1 changed files with 23 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

24
components/bt/common/btc/profile/esp/blufi/blufi_prf.c
View File

@ -1,5 +1,5 @@
/*
* SPDX-FileCopyrightText: 2015-2021 Espressif Systems (Shanghai) CO LTD
* SPDX-FileCopyrightText: 2015-2024 Espressif Systems (Shanghai) CO LTD
*
* SPDX-License-Identifier: Apache-2.0
*/
@ -95,7 +95,29 @@ void btc_blufi_report_error(esp_blufi_error_state_t state)
void btc_blufi_recv_handler(uint8_t *data, int len)
{
if (len < sizeof(struct blufi_hdr)) {
BTC_TRACE_ERROR("%s invalid data length: %d", __func__, len);
btc_blufi_report_error(ESP_BLUFI_DATA_FORMAT_ERROR);
return;
}
struct blufi_hdr *hdr = (struct blufi_hdr *)data;
// Verify if the received data length matches the expected length based on the BLUFI protocol
int target_data_len;
if (BLUFI_FC_IS_CHECK(hdr->fc)) {
target_data_len = hdr->data_len + 4 + 2; // Data + (Type + Frame Control + Sequence Number + Data Length) + Checksum
} else {
target_data_len = hdr->data_len + 4; // Data + (Type + Frame Control + Sequence Number + Data Length)
}
if (len != target_data_len) {
BTC_TRACE_ERROR("%s: Invalid data length: %d, expected: %d", __func__, len, target_data_len);
btc_blufi_report_error(ESP_BLUFI_DATA_FORMAT_ERROR);
return;
}
uint16_t checksum, checksum_pkt;
int ret;