att: handle invalid requests & commands

src/ble/att_db.c

@@ -1192,9 +1192,10 @@ uint16_t att_handle_request(att_connection_t * att_connection,
                             uint16_t request_len,
                             uint8_t * response_buffer){
     uint16_t response_len = 0;
-    uint16_t response_buffer_size = att_connection->mtu;
-    
-    switch (request_buffer[0]){
+    const uint16_t response_buffer_size = att_connection->mtu;
+    const uint8_t  request_opcode = request_buffer[0];
+
+    switch (request_opcode){
         case ATT_EXCHANGE_MTU_REQUEST:
             response_len = handle_exchange_mtu_request(att_connection, request_buffer, request_len, response_buffer);
             break;
@@ -1237,8 +1238,7 @@ uint16_t att_handle_request(att_connection_t * att_connection,
             break;
 #endif
         default:
-            log_info("Unhandled ATT Command: %02X, DATA: ", request_buffer[0]);
-            log_info_hexdump(&request_buffer[9u], request_len-9u);
+            response_len = setup_error(response_buffer, request_opcode, 0, ATT_ERROR_REQUEST_NOT_SUPPORTED);
             break;
     }
     return response_len;

src/ble/att_dispatch.c

@@ -65,11 +65,20 @@ static uint8_t can_send_now_pending;
 static void att_packet_handler(uint8_t packet_type, uint16_t handle, uint8_t *packet, uint16_t size){
     uint8_t index;
     uint8_t i;
+    uint8_t opcode;
+    uint8_t method;
+    bool for_server;
+    bool command;
+    bool invalid;
     switch (packet_type){
         case ATT_DATA_PACKET:
-            // odd PDUs are sent from server to client - even PDUs are sent from client to server
-            index = packet[0u] & 1u;
-            // log_info("att_data_packet with opcode 0x%x", packet[0]);
+            // parse opcode
+            opcode  = packet[0u];
+            method  = opcode & 0x03f;
+            invalid = method > ATT_MULTIPLE_HANDLE_VALUE_NTF;
+            // odd PDUs are sent from server to client - even PDUs are sent from client to server, also let server handle invalid ones
+            for_server = ((method & 1u) == 0) || invalid;
+            index = for_server ? ATT_SERVER : ATT_CLIENT;
             if (!subscriptions[index].packet_handler) return;
             subscriptions[index].packet_handler(packet_type, handle, packet, size);
             break;

src/ble/att_server.c

@@ -786,8 +786,18 @@ static void att_server_handle_att_pdu(hci_connection_t * hci_connection, uint8_t
     att_server_t * att_server = &hci_connection->att_server;
     att_connection_t * att_connection = &hci_connection->att_connection;
 
+    uint8_t opcode  = packet[0u];
+    uint8_t method  = opcode & 0x03f;
+    bool invalid = method > ATT_MULTIPLE_HANDLE_VALUE_NTF;
+    bool command = (opcode & 0x40) != 0;
+
+    // ignore invalid commands
+    if (invalid && command){
+        return;
+    }
+
     // handle value indication confirms
-    if ((packet[0] == ATT_HANDLE_VALUE_CONFIRMATION) && att_server->value_indication_handle){
+    if ((opcode == ATT_HANDLE_VALUE_CONFIRMATION) && att_server->value_indication_handle){
         btstack_run_loop_remove_timer(&att_server->value_indication_timer);
         uint16_t att_handle = att_server->value_indication_handle;
         att_server->value_indication_handle = 0;    
@@ -798,7 +808,7 @@ static void att_server_handle_att_pdu(hci_connection_t * hci_connection, uint8_t
 
     // directly process command
     // note: signed write cannot be handled directly as authentication needs to be verified
-    if (packet[0] == ATT_WRITE_COMMAND){
+    if (opcode == ATT_WRITE_COMMAND){
         att_handle_request(att_connection, packet, size, NULL);
         return;
     }