mirror/btstack
1
0
Fork 0
mirror of https://github.com/bluekitchen/btstack.git synced 2025-04-17 11:42:34 +00:00
Code Issues Packages Projects Releases Wiki Activity

ble/gatt-service: avoid use after free in GATT service clients

Browse Source
This commit is contained in:
Milanka Ringwald 2021-06-07 17:42:41 +02:00
parent 4011bbc579
commit 5fa2c39a49
4 changed files with 18 additions and 18 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
src/ble/gatt-service/battery_service_client.c
View File

@ -302,7 +302,7 @@ static void handle_gatt_client_event(uint8_t packet_type, uint16_t channel, uint
if (client->state != BATTERY_SERVICE_CLIENT_STATE_W4_SERVICE_RESULT) {
battery_service_emit_connection_established(client, GATT_CLIENT_IN_WRONG_STATE);
battery_service_finalize_client(client);
break;
return;
}
if (client->num_instances < MAX_NUM_BATTERY_SERVICES){
@ -416,13 +416,13 @@ static void handle_gatt_client_event(uint8_t packet_type, uint16_t channel, uint
if (status != ATT_ERROR_SUCCESS){
battery_service_emit_connection_established(client, status);
battery_service_finalize_client(client);
break;
return;
}
if (client->num_instances == 0){
battery_service_emit_connection_established(client, ERROR_CODE_UNSUPPORTED_FEATURE_OR_PARAMETER_VALUE);
battery_service_finalize_client(client);
break;
return;
}
if (client->num_instances > MAX_NUM_BATTERY_SERVICES) {
@ -438,7 +438,7 @@ static void handle_gatt_client_event(uint8_t packet_type, uint16_t channel, uint
if (status != ATT_ERROR_SUCCESS){
battery_service_emit_connection_established(client, status);
battery_service_finalize_client(client);
break;
return;
}
// check if there is another service to query

8
src/ble/gatt-service/device_information_service_client.c
View File

@ -339,7 +339,7 @@ static void handle_gatt_client_event(uint8_t packet_type, uint16_t channel, uint
if (client->state != DEVICE_INFORMATION_SERVICE_CLIENT_STATE_W4_SERVICE_RESULT) {
device_information_service_emit_query_done(client, GATT_CLIENT_IN_WRONG_STATE);
device_information_service_finalize_client(client);
break;
return;
}
gatt_event_service_query_result_get_service(packet, &service);
@ -388,13 +388,13 @@ static void handle_gatt_client_event(uint8_t packet_type, uint16_t channel, uint
if (att_status != ATT_ERROR_SUCCESS){
device_information_service_emit_query_done(client, att_status);
device_information_service_finalize_client(client);
break;
return;
}
if (client->num_instances != 1){
device_information_service_emit_query_done(client, ERROR_CODE_UNSUPPORTED_FEATURE_OR_PARAMETER_VALUE);
device_information_service_finalize_client(client);
break;
return;
}
client->characteristic_index = 0;
#ifdef ENABLE_TESTING_SUPPORT
@ -434,7 +434,7 @@ static void handle_gatt_client_event(uint8_t packet_type, uint16_t channel, uint
// we are done with quering all characteristics
device_information_service_emit_query_done(client, ERROR_CODE_SUCCESS);
device_information_service_finalize_client(client);
break;
return;
default:
break;

12
src/ble/gatt-service/hids_client.c
View File

@ -1180,13 +1180,13 @@ static void handle_gatt_client_event(uint8_t packet_type, uint16_t channel, uint
if (att_status != ATT_ERROR_SUCCESS){
hids_emit_connection_established(client, att_status);
hids_finalize_client(client);
break;
return;
}
if (client->num_instances == 0){
hids_emit_connection_established(client, ERROR_CODE_UNSUPPORTED_FEATURE_OR_PARAMETER_VALUE);
hids_finalize_client(client);
break;
return;
}
client->service_index = 0;
@ -1197,7 +1197,7 @@ static void handle_gatt_client_event(uint8_t packet_type, uint16_t channel, uint
if (att_status != ATT_ERROR_SUCCESS){
hids_emit_connection_established(client, att_status);
hids_finalize_client(client);
break;
return;
}
if ((client->service_index + 1) < client->num_instances){
@ -1237,7 +1237,7 @@ static void handle_gatt_client_event(uint8_t packet_type, uint16_t channel, uint
if (att_status != ATT_ERROR_SUCCESS){
hids_emit_connection_established(client, att_status);
hids_finalize_client(client);
break;
return;
}
client->state = HIDS_CLIENT_STATE_W2_REPORT_MAP_DISCOVER_CHARACTERISTIC_DESCRIPTORS;
break;
@ -1262,7 +1262,7 @@ static void handle_gatt_client_event(uint8_t packet_type, uint16_t channel, uint
hids_emit_connection_established(client, ERROR_CODE_UNSUPPORTED_FEATURE_OR_PARAMETER_VALUE);
hids_finalize_client(client);
break;
return;
case HIDS_CLIENT_STATE_W4_REPORT_MAP_EXTERNAL_REPORT_REFERENCE_UUID:
// go for next map report
@ -1283,7 +1283,7 @@ static void handle_gatt_client_event(uint8_t packet_type, uint16_t channel, uint
hids_emit_connection_established(client, ERROR_CODE_UNSUPPORTED_FEATURE_OR_PARAMETER_VALUE);
hids_finalize_client(client);
break;
return;
case HIDS_CLIENT_STATE_W4_REPORT_FOUND:
if (client->handle != 0){

8
src/ble/gatt-service/scan_parameters_service_client.c
View File

@ -254,7 +254,7 @@ static void handle_gatt_client_event(uint8_t packet_type, uint16_t channel, uint
if (client->state != SCAN_PARAMETERS_SERVICE_CLIENT_STATE_W4_SERVICE_RESULT) {
scan_parameters_service_emit_connection_established(client, GATT_CLIENT_IN_WRONG_STATE);
scan_parameters_service_finalize_client(client);
break;
return;
}
gatt_event_service_query_result_get_service(packet, &service);
@ -332,7 +332,7 @@ static void handle_gatt_client_event(uint8_t packet_type, uint16_t channel, uint
if (att_status != ATT_ERROR_SUCCESS){
scan_parameters_service_emit_connection_established(client, att_status);
scan_parameters_service_finalize_client(client);
break;
return;
}
if (client->start_handle != 0){
@ -342,7 +342,7 @@ static void handle_gatt_client_event(uint8_t packet_type, uint16_t channel, uint
scan_parameters_service_emit_connection_established(client, ERROR_CODE_UNSUPPORTED_FEATURE_OR_PARAMETER_VALUE);
scan_parameters_service_finalize_client(client);
break;
return;
case SCAN_PARAMETERS_SERVICE_CLIENT_STATE_W4_CHARACTERISTIC_RESULT:
if (att_status != ATT_ERROR_SUCCESS){
@ -353,7 +353,7 @@ static void handle_gatt_client_event(uint8_t packet_type, uint16_t channel, uint
if (client->scan_interval_window_value_handle == 0){
scan_parameters_service_emit_connection_established(client, ERROR_CODE_UNSUPPORTED_FEATURE_OR_PARAMETER_VALUE);
scan_parameters_service_finalize_client(client);
break;
return;
}
#ifdef ENABLE_TESTING_SUPPORT
client->state = SCAN_PARAMETERS_SERVICE_CLIENT_STATE_W2_QUERY_CCC;