From 43ce0351828e368713693d4c8e52ec0ac2d84fb8 Mon Sep 17 00:00:00 2001 From: Matthias Ringwald Date: Thu, 9 Mar 2023 09:56:00 +0100 Subject: [PATCH] hci: fix report of extended advertisements with data len > 31 --- CHANGELOG.md | 3 ++- src/bluetooth.h | 1 + src/hci.c | 2 +- 3 files changed, 4 insertions(+), 2 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 7c30dc107..064d6a4a6 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -19,7 +19,8 @@ and this project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0. - esp32: allow to disable default audio i2s driver via component config - ## Fixed -- hci: fix set extended scan response +- HCI: fix set extended scan response +- HCI: fix report of extended advertisements with data len > 31 - SM: fix value in SM_EVENT_NUMERIC_COMPARISON_REQUEST - btstack_stdin_embedded: use timer to poll RTT input, fix for tickless RTOS - gatt_client: return ERROR_CODE_UNKNOWN_CONNECTION_IDENTIFIER for invalid connection handle diff --git a/src/bluetooth.h b/src/bluetooth.h index 40d1fc521..b2192face 100644 --- a/src/bluetooth.h +++ b/src/bluetooth.h @@ -403,6 +403,7 @@ typedef enum { #define HCI_SCO_3EV5_SIZE 540 #define LE_ADVERTISING_DATA_SIZE 31 +#define LE_EXTENDED_ADVERTISING_DATA_SIZE 229 #define LE_EXTENDED_ADVERTISING_MAX_HANDLE 0xEFu #define LE_EXTENDED_ADVERTISING_MAX_CHUNK_LEN 251 diff --git a/src/hci.c b/src/hci.c index 7da234b9a..addef8352 100644 --- a/src/hci.c +++ b/src/hci.c @@ -1494,7 +1494,7 @@ void le_handle_extended_advertisement_report(uint8_t *packet, uint16_t size) { for (i=0; (i LE_ADVERTISING_DATA_SIZE) return; + if (data_length > LE_EXTENDED_ADVERTISING_DATA_SIZE) return; if ((offset + 24u + data_length) > size) return; uint16_t event_type = little_endian_read_16(packet, offset); offset += 2;