mirror/btstack
1
0
Fork 0
mirror of https://github.com/bluekitchen/btstack.git synced 2025-04-18 14:42:33 +00:00
Code Issues Packages Projects Releases Wiki Activity

hci: avoid out of bounds read for string pin code

Browse Source
This commit is contained in:
Milanka Ringwald 2021-04-06 14:55:25 +02:00
parent 32e2f27f96
commit 3f659ee459
1 changed files with 4 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
src/hci.c
View File

@ -3854,9 +3854,12 @@ static bool hci_run_general_gap_classic(void){
if (hci_stack->gap_pairing_state != GAP_PAIRING_STATE_IDLE){ if (hci_stack->gap_pairing_state != GAP_PAIRING_STATE_IDLE){
uint8_t state = hci_stack->gap_pairing_state; uint8_t state = hci_stack->gap_pairing_state;
hci_stack->gap_pairing_state = GAP_PAIRING_STATE_IDLE; hci_stack->gap_pairing_state = GAP_PAIRING_STATE_IDLE;
uint8_t pin_code[16];
switch (state){ switch (state){
case GAP_PAIRING_STATE_SEND_PIN: case GAP_PAIRING_STATE_SEND_PIN:
hci_send_cmd(&hci_pin_code_request_reply, hci_stack->gap_pairing_addr, hci_stack->gap_pairing_pin_len, hci_stack->gap_pairing_input.gap_pairing_pin); memset(pin_code, 0, 16);
memcpy(pin_code, hci_stack->gap_pairing_input.gap_pairing_pin, hci_stack->gap_pairing_pin_len);
hci_send_cmd(&hci_pin_code_request_reply, hci_stack->gap_pairing_addr, hci_stack->gap_pairing_pin_len, pin_code);
break; break;
case GAP_PAIRING_STATE_SEND_PIN_NEGATIVE: case GAP_PAIRING_STATE_SEND_PIN_NEGATIVE:
hci_send_cmd(&hci_pin_code_request_negative_reply, hci_stack->gap_pairing_addr); hci_send_cmd(&hci_pin_code_request_negative_reply, hci_stack->gap_pairing_addr);