mirror/btstack
1
0
Fork 0
mirror of https://github.com/bluekitchen/btstack.git synced 2025-04-01 04:20:33 +00:00
Code Issues Packages Projects Releases Wiki Activity

mesh: assert valid pdu size in adv_bearer and mesh_network

Browse Source
This commit is contained in:
Matthias Ringwald 2019-10-04 23:07:25 +02:00
parent 160fcf341f
commit e529392ed4
2 changed files with 9 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
src/mesh/adv_bearer.c
View File

@ -281,6 +281,7 @@ static void adv_bearer_run(void){
// //
static void adv_bearer_prepare_message(const uint8_t * data, uint16_t data_len, uint8_t type, uint8_t count, uint16_t interval){ static void adv_bearer_prepare_message(const uint8_t * data, uint16_t data_len, uint8_t type, uint8_t count, uint16_t interval){
btstack_assert(data_len <= (sizeof(adv_bearer_buffer)-2));
log_debug("adv bearer message, type 0x%x\n", type); log_debug("adv bearer message, type 0x%x\n", type);
// prepare message // prepare message
adv_bearer_buffer[0] = data_len+1; adv_bearer_buffer[0] = data_len+1;
@ -336,14 +337,17 @@ void adv_bearer_request_can_send_now_for_provisioning_pdu(void){
// adv bearer send message // adv bearer send message
void adv_bearer_send_network_pdu(const uint8_t * data, uint16_t data_len, uint8_t count, uint16_t interval){ void adv_bearer_send_network_pdu(const uint8_t * data, uint16_t data_len, uint8_t count, uint16_t interval){
btstack_assert(data_len <= (sizeof(adv_bearer_buffer)-2));
adv_bearer_prepare_message(data, data_len, BLUETOOTH_DATA_TYPE_MESH_MESSAGE, count, interval); adv_bearer_prepare_message(data, data_len, BLUETOOTH_DATA_TYPE_MESH_MESSAGE, count, interval);
adv_bearer_run(); adv_bearer_run();
} }
void adv_bearer_send_beacon(const uint8_t * data, uint16_t data_len){ void adv_bearer_send_beacon(const uint8_t * data, uint16_t data_len){
btstack_assert(data_len <= (sizeof(adv_bearer_buffer)-2));
adv_bearer_prepare_message(data, data_len, BLUETOOTH_DATA_TYPE_MESH_BEACON, 3, 100); adv_bearer_prepare_message(data, data_len, BLUETOOTH_DATA_TYPE_MESH_BEACON, 3, 100);
adv_bearer_run(); adv_bearer_run();
} }
void adv_bearer_send_provisioning_pdu(const uint8_t * data, uint16_t data_len){ void adv_bearer_send_provisioning_pdu(const uint8_t * data, uint16_t data_len){
btstack_assert(data_len <= (sizeof(adv_bearer_buffer)-2));
adv_bearer_prepare_message(data, data_len, BLUETOOTH_DATA_TYPE_PB_ADV, 3, 100); adv_bearer_prepare_message(data, data_len, BLUETOOTH_DATA_TYPE_PB_ADV, 3, 100);
adv_bearer_run(); adv_bearer_run();
} }

15
src/mesh/mesh_network.c
View File

@ -324,6 +324,8 @@ static void mesh_network_send_b(void *arg){
memcpy(&outgoing_pdu->data[outgoing_pdu->len], net_mic, net_mic_len); memcpy(&outgoing_pdu->data[outgoing_pdu->len], net_mic, net_mic_len);
outgoing_pdu->len += net_mic_len; outgoing_pdu->len += net_mic_len;
btstack_assert(outgoing_pdu->len <= 29);
#ifdef LOG_NETWORK #ifdef LOG_NETWORK
printf("TX-B-NetworkPDU (%p): ", outgoing_pdu); printf("TX-B-NetworkPDU (%p): ", outgoing_pdu);
printf_hexdump(outgoing_pdu->data, outgoing_pdu->len); printf_hexdump(outgoing_pdu->data, outgoing_pdu->len);
@ -986,16 +988,9 @@ void mesh_network_send_pdu(mesh_network_pdu_t * network_pdu){
printf("^^ into network_pdus_queued\n"); printf("^^ into network_pdus_queued\n");
#endif #endif
if (network_pdu->len > 29){ uint8_t net_mic_len = network_pdu->data[1] & 0x80 ? 8 : 4;
printf("too long, %u\n", network_pdu->len); btstack_assert((network_pdu->len + net_mic_len) <= 29);
while(1); btstack_assert(network_pdu->len >= 9);
}
// network pdu without payload = 9 bytes
if (network_pdu->len < 9){
printf("too short, %u\n", network_pdu->len);
while(1);
}
// setup callback // setup callback
network_pdu->callback = &mesh_network_send_d; network_pdu->callback = &mesh_network_send_d;