blackbeard420/esp-idf
1
0
Fork 0
mirror of https://github.com/espressif/esp-idf synced 2025-03-09 17:19:09 -04:00
Code Issues Projects Releases Wiki Activity

fix(blufi): Fixed some security issue in blufi example

Browse Source 
(cherry picked from commit abc18e93eb3500dbec74c3e589671ef82c8b3919)

Co-authored-by: zhanghaipeng <zhanghaipeng@espressif.com>
This commit is contained in:
Zhang Hai Peng 2025-01-22 16:34:30 +08:00
parent 72d91b5117
commit e65cf7ea2a
2 changed files with 40 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

20
examples/bluetooth/blufi/main/blufi_example_main.c
View File

@ -382,12 +382,22 @@ static void example_event_callback(esp_blufi_cb_event_t event, esp_blufi_cb_para
BLUFI_INFO("Recv STA BSSID %s\n", sta_config.sta.ssid);
break;
case ESP_BLUFI_EVENT_RECV_STA_SSID:
if (param->sta_ssid.ssid_len >= sizeof(sta_config.sta.ssid)/sizeof(sta_config.sta.ssid[0])) {
esp_blufi_send_error_info(ESP_BLUFI_DATA_FORMAT_ERROR);
BLUFI_INFO("Invalid STA SSID\n");
break;
}
strncpy((char *)sta_config.sta.ssid, (char *)param->sta_ssid.ssid, param->sta_ssid.ssid_len);
sta_config.sta.ssid[param->sta_ssid.ssid_len] = '\0';
esp_wifi_set_config(WIFI_IF_STA, &sta_config);
BLUFI_INFO("Recv STA SSID %s\n", sta_config.sta.ssid);
break;
case ESP_BLUFI_EVENT_RECV_STA_PASSWD:
if (param->sta_passwd.passwd_len >= sizeof(sta_config.sta.password)/sizeof(sta_config.sta.password[0])) {
esp_blufi_send_error_info(ESP_BLUFI_DATA_FORMAT_ERROR);
BLUFI_INFO("Invalid STA PASSWORD\n");
break;
}
strncpy((char *)sta_config.sta.password, (char *)param->sta_passwd.passwd, param->sta_passwd.passwd_len);
sta_config.sta.password[param->sta_passwd.passwd_len] = '\0';
sta_config.sta.threshold.authmode = EXAMPLE_WIFI_SCAN_AUTH_MODE_THRESHOLD;
@ -395,6 +405,11 @@ static void example_event_callback(esp_blufi_cb_event_t event, esp_blufi_cb_para
BLUFI_INFO("Recv STA PASSWORD %s\n", sta_config.sta.password);
break;
case ESP_BLUFI_EVENT_RECV_SOFTAP_SSID:
if (param->softap_ssid.ssid_len >= sizeof(ap_config.ap.ssid)/sizeof(ap_config.ap.ssid[0])) {
esp_blufi_send_error_info(ESP_BLUFI_DATA_FORMAT_ERROR);
BLUFI_INFO("Invalid SOFTAP SSID\n");
break;
}
strncpy((char *)ap_config.ap.ssid, (char *)param->softap_ssid.ssid, param->softap_ssid.ssid_len);
ap_config.ap.ssid[param->softap_ssid.ssid_len] = '\0';
ap_config.ap.ssid_len = param->softap_ssid.ssid_len;
@ -402,6 +417,11 @@ static void example_event_callback(esp_blufi_cb_event_t event, esp_blufi_cb_para
BLUFI_INFO("Recv SOFTAP SSID %s, ssid len %d\n", ap_config.ap.ssid, ap_config.ap.ssid_len);
break;
case ESP_BLUFI_EVENT_RECV_SOFTAP_PASSWD:
if (param->softap_passwd.passwd_len >= sizeof(ap_config.sta.ssid)/sizeof(ap_config.sta.ssid[0])) {
esp_blufi_send_error_info(ESP_BLUFI_DATA_FORMAT_ERROR);
BLUFI_INFO("Invalid SOFTAP PASSWD\n");
break;
}
strncpy((char *)ap_config.ap.password, (char *)param->softap_passwd.passwd, param->softap_passwd.passwd_len);
ap_config.ap.password[param->softap_passwd.passwd_len] = '\0';
esp_wifi_set_config(WIFI_IF_AP, &ap_config);

21
examples/bluetooth/blufi/main/blufi_security.c
View File

@ -1,5 +1,5 @@
/*
* SPDX-FileCopyrightText: 2021-2022 Espressif Systems (Shanghai) CO LTD
* SPDX-FileCopyrightText: 2021-2025 Espressif Systems (Shanghai) CO LTD
*
* SPDX-License-Identifier: Unlicense OR CC0-1.0
*/
@ -67,6 +67,12 @@ extern void btc_blufi_report_error(esp_blufi_error_state_t state);
void blufi_dh_negotiate_data_handler(uint8_t *data, int len, uint8_t **output_data, int *output_len, bool *need_free)
{
if (data == NULL || len < 3) {
BLUFI_ERROR("BLUFI Invalid data format");
btc_blufi_report_error(ESP_BLUFI_DATA_FORMAT_ERROR);
return;
}
int ret;
uint8_t type = data[0];
@ -96,6 +102,13 @@ void blufi_dh_negotiate_data_handler(uint8_t *data, int len, uint8_t **output_da
btc_blufi_report_error(ESP_BLUFI_DH_PARAM_ERROR);
return;
}
if (len < (blufi_sec->dh_param_len + 1)) {
BLUFI_ERROR("%s, invalid dh param len\n", __func__);
btc_blufi_report_error(ESP_BLUFI_DH_PARAM_ERROR);
return;
}
uint8_t *param = blufi_sec->dh_param;
memcpy(blufi_sec->dh_param, &data[1], blufi_sec->dh_param_len);
ret = mbedtls_dhm_read_params(&blufi_sec->dhm, &param, &param[blufi_sec->dh_param_len]);
@ -108,6 +121,12 @@ void blufi_dh_negotiate_data_handler(uint8_t *data, int len, uint8_t **output_da
blufi_sec->dh_param = NULL;
const int dhm_len = mbedtls_dhm_get_len(&blufi_sec->dhm);
if (dhm_len > DH_SELF_PUB_KEY_LEN) {
BLUFI_ERROR("%s dhm len not support %d\n", __func__, dhm_len);
btc_blufi_report_error(ESP_BLUFI_DH_PARAM_ERROR);
}
ret = mbedtls_dhm_make_public(&blufi_sec->dhm, dhm_len, blufi_sec->self_public_key, dhm_len, myrand, NULL);
if (ret) {
BLUFI_ERROR("%s make public failed %d\n", __func__, ret);