mirror/btstack
1
0
Fork 0
mirror of https://github.com/bluekitchen/btstack.git synced 2025-02-22 06:41:17 +00:00
Code Issues Packages Projects Releases Wiki Activity

bluetooth: add PIN_CODE_LEN, check len in gap_pin_code_response_binary, fixes #542

Browse Source
This commit is contained in:
Matthias Ringwald 2023-11-10 11:29:34 +01:00
parent 730e827efa
commit c26f2c7ba7
3 changed files with 9 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
platform/daemon/src/daemon.c
View File

@ -249,7 +249,7 @@ static const char * btstack_server_storage_path;
// GAP command buffer // GAP command buffer
#ifdef ENABLE_CLASSIC #ifdef ENABLE_CLASSIC
static uint8_t daemon_gap_pin_code[16]; static uint8_t daemon_gap_pin_code[PIN_CODE_LEN];
#endif #endif
// TLV // TLV
@ -1153,7 +1153,7 @@ static int btstack_command_handler(connection_t *connection, uint8_t *packet, ui
break; break;
case GAP_PIN_CODE_RESPONSE: case GAP_PIN_CODE_RESPONSE:
reverse_bd_addr(&packet[3], addr); reverse_bd_addr(&packet[3], addr);
memcpy(daemon_gap_pin_code, &packet[10], 16); memcpy(daemon_gap_pin_code, &packet[10], PIN_CODE_LEN);
gap_pin_code_response_binary(addr, daemon_gap_pin_code, packet[9]); gap_pin_code_response_binary(addr, daemon_gap_pin_code, packet[9]);
break; break;
case GAP_PIN_CODE_NEGATIVE: case GAP_PIN_CODE_NEGATIVE:

5
src/bluetooth.h
View File

@ -79,6 +79,11 @@ typedef uint8_t bd_addr_t[BD_ADDR_LEN];
BD_ADDR_TYPE_UNKNOWN = 0xfe, // also used as 'invalid' BD_ADDR_TYPE_UNKNOWN = 0xfe, // also used as 'invalid'
} bd_addr_type_t; } bd_addr_type_t;
/**
* Pin Codde
*/
#define PIN_CODE_LEN 16
/** /**
* Link types for BR/EDR Connections * Link types for BR/EDR Connections
*/ */

3
src/hci.c
View File

@ -5796,7 +5796,7 @@ static bool hci_run_general_gap_classic(void){
// pairing // pairing
if (hci_stack->gap_pairing_state != GAP_PAIRING_STATE_IDLE){ if (hci_stack->gap_pairing_state != GAP_PAIRING_STATE_IDLE){
uint8_t state = hci_stack->gap_pairing_state; uint8_t state = hci_stack->gap_pairing_state;
uint8_t pin_code[16]; uint8_t pin_code[PIN_CODE_LEN];
switch (state){ switch (state){
case GAP_PAIRING_STATE_SEND_PIN: case GAP_PAIRING_STATE_SEND_PIN:
hci_stack->gap_pairing_state = GAP_PAIRING_STATE_IDLE; hci_stack->gap_pairing_state = GAP_PAIRING_STATE_IDLE;
@ -9142,6 +9142,7 @@ static int gap_pairing_set_state_and_run(const bd_addr_t addr, uint8_t state){
*/ */
int gap_pin_code_response_binary(const bd_addr_t addr, const uint8_t * pin_data, uint8_t pin_len){ int gap_pin_code_response_binary(const bd_addr_t addr, const uint8_t * pin_data, uint8_t pin_len){
if (hci_stack->gap_pairing_state != GAP_PAIRING_STATE_IDLE) return ERROR_CODE_COMMAND_DISALLOWED; if (hci_stack->gap_pairing_state != GAP_PAIRING_STATE_IDLE) return ERROR_CODE_COMMAND_DISALLOWED;
if (pin_len > PIN_CODE_LEN) return ERROR_CODE_INVALID_HCI_COMMAND_PARAMETERS;
hci_stack->gap_pairing_input.gap_pairing_pin = pin_data; hci_stack->gap_pairing_input.gap_pairing_pin = pin_data;
hci_stack->gap_pairing_pin_len = pin_len; hci_stack->gap_pairing_pin_len = pin_len;
return gap_pairing_set_state_and_run(addr, GAP_PAIRING_STATE_SEND_PIN); return gap_pairing_set_state_and_run(addr, GAP_PAIRING_STATE_SEND_PIN);