blackbeard420/esp-idf
1
0
Fork 0
mirror of https://github.com/espressif/esp-idf synced 2025-03-10 01:29:21 -04:00
Code Issues Projects Releases Wiki Activity

fix(bt): Fixed SDP record integrity check bug

Browse Source
This commit is contained in:
xiongweichao 2025-02-12 10:55:25 +08:00 committed by Xiong Wei Chao
parent dd5155ea9c
commit dc7b0241ae
1 changed files with 10 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
components/bt/host/bluedroid/api/esp_sdp_api.c
View File

@ -1,5 +1,5 @@
/* /*
* SPDX-FileCopyrightText: 2015-2024 Espressif Systems (Shanghai) CO LTD * SPDX-FileCopyrightText: 2015-2025 Espressif Systems (Shanghai) CO LTD
* *
* SPDX-License-Identifier: Apache-2.0 * SPDX-License-Identifier: Apache-2.0
*/ */
@ -20,6 +20,10 @@ static bool esp_sdp_record_integrity_check(esp_bluetooth_sdp_record_t *record)
bool ret = true; bool ret = true;
if (record != NULL) { if (record != NULL) {
if (record->hdr.type < ESP_SDP_TYPE_RAW || record->hdr.type > ESP_SDP_TYPE_SAP_SERVER) {
LOG_ERROR("Invalid type!\n");
return false;
}
switch (record->hdr.type) { switch (record->hdr.type) {
case ESP_SDP_TYPE_MAP_MAS: case ESP_SDP_TYPE_MAP_MAS:
if ((record->mas.mas_instance_id >> 8) || (record->mas.supported_message_types >> 8)) { if ((record->mas.mas_instance_id >> 8) || (record->mas.supported_message_types >> 8)) {
@ -35,13 +39,13 @@ static bool esp_sdp_record_integrity_check(esp_bluetooth_sdp_record_t *record)
break; break;
default: default:
break;
}
if (record->hdr.service_name_length > ESP_SDP_SERVER_NAME_MAX || if (record->hdr.service_name_length > ESP_SDP_SERVER_NAME_MAX ||
strlen(record->hdr.service_name) + 1 != record->hdr.service_name_length) { strlen(record->hdr.service_name) + 1 != record->hdr.service_name_length) {
LOG_ERROR("Invalid server name!\n"); LOG_ERROR("Invalid server name!\n");
ret = false; ret = false;
} }
break;
}
} else { } else {
LOG_ERROR("record is NULL!\n"); LOG_ERROR("record is NULL!\n");
ret = false; ret = false;