alex/esp-idf
1
0
Fork 0
mirror of https://github.com/espressif/esp-idf.git synced 2025-08-15 06:26:49 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'bugfix/fix_ble_resolve_adv_data_v5.2' into 'release/v5.2'

Browse Source 
fix(ble/bluedroid): Fixed memory out-of-bounds issue when parsing adv data (v5.2)

See merge request espressif/esp-idf!33024
This commit is contained in:
Jiang Jiang Jian
2024-08-26 10:40:48 +08:00
parent c9953e3fa0 15eb5f7f85
commit 33539d19a1
17 changed files with 151 additions and 43 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
examples/bluetooth/bluedroid/ble/ble_spp_client/main/spp_client_demo.c
View File

@@ -247,7 +247,10 @@ static void esp_gap_cb(esp_gap_ble_cb_event_t event, esp_ble_gap_cb_param_t *par
case ESP_GAP_SEARCH_INQ_RES_EVT:
esp_log_buffer_hex(GATTC_TAG, scan_result->scan_rst.bda, 6);
ESP_LOGI(GATTC_TAG, "Searched Adv Data Len %d, Scan Response Len %d", scan_result->scan_rst.adv_data_len, scan_result->scan_rst.scan_rsp_len);
adv_name = esp_ble_resolve_adv_data(scan_result->scan_rst.ble_adv, ESP_BLE_AD_TYPE_NAME_CMPL, &adv_name_len);
adv_name = esp_ble_resolve_adv_data_by_type(scan_result->scan_rst.ble_adv,
scan_result->scan_rst.adv_data_len + scan_result->scan_rst.scan_rsp_len,
ESP_BLE_AD_TYPE_NAME_CMPL,
&adv_name_len);
ESP_LOGI(GATTC_TAG, "Searched Device Name Len %d", adv_name_len);
esp_log_buffer_char(GATTC_TAG, adv_name, adv_name_len);
ESP_LOGI(GATTC_TAG, " ");

6
examples/bluetooth/bluedroid/ble/ble_throughput/throughput_client/main/example_ble_client_throughput.c
View File

@@ -394,8 +394,10 @@ static void esp_gap_cb(esp_gap_ble_cb_event_t event, esp_ble_gap_cb_param_t *par
case ESP_GAP_SEARCH_INQ_RES_EVT:
esp_log_buffer_hex(GATTC_TAG, scan_result->scan_rst.bda, 6);
ESP_LOGI(GATTC_TAG, "searched Adv Data Len %d, Scan Response Len %d", scan_result->scan_rst.adv_data_len, scan_result->scan_rst.scan_rsp_len);
adv_name = esp_ble_resolve_adv_data(scan_result->scan_rst.ble_adv,
ESP_BLE_AD_TYPE_NAME_CMPL, &adv_name_len);
adv_name = esp_ble_resolve_adv_data_by_type(scan_result->scan_rst.ble_adv,
scan_result->scan_rst.adv_data_len + scan_result->scan_rst.scan_rsp_len,
ESP_BLE_AD_TYPE_NAME_CMPL,
&adv_name_len);
ESP_LOGI(GATTC_TAG, "searched Device Name Len %d", adv_name_len);
esp_log_buffer_char(GATTC_TAG, adv_name, adv_name_len);
ESP_LOGI(GATTC_TAG, " ");

6
examples/bluetooth/bluedroid/ble/gatt_client/main/gattc_demo.c
View File

@@ -349,8 +349,10 @@ static void esp_gap_cb(esp_gap_ble_cb_event_t event, esp_ble_gap_cb_param_t *par
case ESP_GAP_SEARCH_INQ_RES_EVT:
esp_log_buffer_hex(GATTC_TAG, scan_result->scan_rst.bda, 6);
ESP_LOGI(GATTC_TAG, "searched Adv Data Len %d, Scan Response Len %d", scan_result->scan_rst.adv_data_len, scan_result->scan_rst.scan_rsp_len);
adv_name = esp_ble_resolve_adv_data(scan_result->scan_rst.ble_adv,
ESP_BLE_AD_TYPE_NAME_CMPL, &adv_name_len);
adv_name = esp_ble_resolve_adv_data_by_type(scan_result->scan_rst.ble_adv,
scan_result->scan_rst.adv_data_len + scan_result->scan_rst.scan_rsp_len,
ESP_BLE_AD_TYPE_NAME_CMPL,
&adv_name_len);
ESP_LOGI(GATTC_TAG, "searched Device Name Len %d", adv_name_len);
esp_log_buffer_char(GATTC_TAG, adv_name, adv_name_len);

6
examples/bluetooth/bluedroid/ble/gatt_security_client/main/example_ble_sec_gattc_demo.c
View File

@@ -451,8 +451,10 @@ static void esp_gap_cb(esp_gap_ble_cb_event_t event, esp_ble_gap_cb_param_t *par
case ESP_GAP_SEARCH_INQ_RES_EVT:
esp_log_buffer_hex(GATTC_TAG, scan_result->scan_rst.bda, 6);
ESP_LOGI(GATTC_TAG, "Searched Adv Data Len %d, Scan Response Len %d", scan_result->scan_rst.adv_data_len, scan_result->scan_rst.scan_rsp_len);
adv_name = esp_ble_resolve_adv_data(scan_result->scan_rst.ble_adv,
ESP_BLE_AD_TYPE_NAME_CMPL, &adv_name_len);
adv_name = esp_ble_resolve_adv_data_by_type(scan_result->scan_rst.ble_adv,
scan_result->scan_rst.adv_data_len + scan_result->scan_rst.scan_rsp_len,
ESP_BLE_AD_TYPE_NAME_CMPL,
&adv_name_len);
ESP_LOGI(GATTC_TAG, "Searched Device Name Len %d", adv_name_len);
esp_log_buffer_char(GATTC_TAG, adv_name, adv_name_len);
ESP_LOGI(GATTC_TAG, " ");

6
examples/bluetooth/bluedroid/ble/gattc_multi_connect/main/gattc_multi_connect.c
View File

@@ -794,8 +794,10 @@ static void esp_gap_cb(esp_gap_ble_cb_event_t event, esp_ble_gap_cb_param_t *par
case ESP_GAP_SEARCH_INQ_RES_EVT:
esp_log_buffer_hex(GATTC_TAG, scan_result->scan_rst.bda, 6);
ESP_LOGI(GATTC_TAG, "Searched Adv Data Len %d, Scan Response Len %d", scan_result->scan_rst.adv_data_len, scan_result->scan_rst.scan_rsp_len);
adv_name = esp_ble_resolve_adv_data(scan_result->scan_rst.ble_adv,
ESP_BLE_AD_TYPE_NAME_CMPL, &adv_name_len);
adv_name = esp_ble_resolve_adv_data_by_type(scan_result->scan_rst.ble_adv,
scan_result->scan_rst.adv_data_len + scan_result->scan_rst.scan_rsp_len,
ESP_BLE_AD_TYPE_NAME_CMPL,
&adv_name_len);
ESP_LOGI(GATTC_TAG, "Searched Device Name Len %d", adv_name_len);
esp_log_buffer_char(GATTC_TAG, adv_name, adv_name_len);
ESP_LOGI(GATTC_TAG, " ");

6
examples/bluetooth/bluedroid/ble_50/ble50_security_client/main/ble50_sec_gattc_demo.c
View File

@@ -494,8 +494,10 @@ static void esp_gap_cb(esp_gap_ble_cb_event_t event, esp_ble_gap_cb_param_t *par
} else {
ESP_LOGI(GATTC_TAG, "extend adv, adv type 0x%x data len %d", param->ext_adv_report.params.event_type, param->ext_adv_report.params.adv_data_len);
}
adv_name = esp_ble_resolve_adv_data(param->ext_adv_report.params.adv_data,
ESP_BLE_AD_TYPE_NAME_CMPL, &adv_name_len);
adv_name = esp_ble_resolve_adv_data_by_type(param->ext_adv_report.params.adv_data,
param->ext_adv_report.params.adv_data_len,
ESP_BLE_AD_TYPE_NAME_CMPL,
&adv_name_len);
if (!connect && strlen(remote_device_name) == adv_name_len && strncmp((char *)adv_name, remote_device_name, adv_name_len) == 0) {
connect = true;
esp_ble_gap_stop_ext_scan();

5
examples/bluetooth/bluedroid/ble_50/peroidic_sync/main/periodic_sync_demo.c
View File

@@ -108,7 +108,10 @@ static void gap_event_handler(esp_gap_ble_cb_event_t event, esp_ble_gap_cb_param
case ESP_GAP_BLE_EXT_ADV_REPORT_EVT: {
uint8_t *adv_name = NULL;
uint8_t adv_name_len = 0;
adv_name = esp_ble_resolve_adv_data(param->ext_adv_report.params.adv_data, ESP_BLE_AD_TYPE_NAME_CMPL, &adv_name_len);
adv_name = esp_ble_resolve_adv_data_by_type(param->ext_adv_report.params.adv_data,
param->ext_adv_report.params.adv_data_len,
ESP_BLE_AD_TYPE_NAME_CMPL,
&adv_name_len);
if ((adv_name != NULL) && (memcmp(adv_name, "ESP_MULTI_ADV_80MS", adv_name_len) == 0) && !periodic_sync) {
periodic_sync = true;
char adv_temp_name[30] = {'0'};

6
examples/bluetooth/bluedroid/coex/gattc_gatts_coex/main/gattc_gatts_coex.c
View File

@@ -293,8 +293,10 @@ static void gap_event_handler(esp_gap_ble_cb_event_t event, esp_ble_gap_cb_param
esp_ble_gap_cb_param_t *scan_result = (esp_ble_gap_cb_param_t *)param;
switch (scan_result->scan_rst.search_evt) {
case ESP_GAP_SEARCH_INQ_RES_EVT:
adv_name = esp_ble_resolve_adv_data(scan_result->scan_rst.ble_adv,
ESP_BLE_AD_TYPE_NAME_CMPL, &adv_name_len);
adv_name = esp_ble_resolve_adv_data_by_type(scan_result->scan_rst.ble_adv,
scan_result->scan_rst.adv_data_len + scan_result->scan_rst.scan_rsp_len,
ESP_BLE_AD_TYPE_NAME_CMPL,
&adv_name_len);
if (adv_name != NULL) {
if (strlen(remote_device_name) == adv_name_len && strncmp((char *)adv_name, remote_device_name, adv_name_len) == 0) {
if (connect == false) {

2
examples/bluetooth/blufi/README.md
View File

@@ -20,7 +20,7 @@ To test this demo, you need to prepare a mobile phone with blufi application ins
Blufi is completely open source, here is the download link:
* [Blufi source code](https://github.com/espressif/esp-idf/tree/master/examples/bluetooth/blufi)
* [BluFi protocol](https://docs.espressif.com/projects/esp-idf/en/latest/api-guides/blufi.html?highlight=blufi#the-frame-formats-defined-in-blufi)
* [BluFi protocol](https://docs.espressif.com/projects/esp-idf/en/latest/esp32/api-guides/ble/blufi.html)
* [iOS source code](https://github.com/EspressifApp/EspBlufiForiOS)
* [Android source code](https://github.com/EspressifApp/EspBlufi)
* [Bluetooth Network User Guide CN](https://www.espressif.com/sites/default/files/documentation/esp32_bluetooth_networking_user_guide_cn.pdf)

20
examples/bluetooth/esp_hid_device/main/esp_hid_gap.c
View File

@@ -358,22 +358,34 @@ static void handle_ble_device_result(struct ble_scan_result_evt_param *scan_rst)
char name[64] = {0};
uint8_t uuid_len = 0;
uint8_t *uuid_d = esp_ble_resolve_adv_data(scan_rst->ble_adv, ESP_BLE_AD_TYPE_16SRV_CMPL, &uuid_len);
uint8_t *uuid_d = esp_ble_resolve_adv_data_by_type(scan_rst->ble_adv,
scan_rst->adv_data_len + scan_rst->scan_rsp_len,
ESP_BLE_AD_TYPE_16SRV_CMPL,
&uuid_len);
if (uuid_d != NULL && uuid_len) {
uuid = uuid_d[0] + (uuid_d[1] << 8);
}
uint8_t appearance_len = 0;
uint8_t *appearance_d = esp_ble_resolve_adv_data(scan_rst->ble_adv, ESP_BLE_AD_TYPE_APPEARANCE, &appearance_len);
uint8_t *appearance_d = esp_ble_resolve_adv_data_by_type(scan_rst->ble_adv,
scan_rst->adv_data_len + scan_rst->scan_rsp_len,
ESP_BLE_AD_TYPE_APPEARANCE,
&appearance_len);
if (appearance_d != NULL && appearance_len) {
appearance = appearance_d[0] + (appearance_d[1] << 8);
}
uint8_t adv_name_len = 0;
uint8_t *adv_name = esp_ble_resolve_adv_data(scan_rst->ble_adv, ESP_BLE_AD_TYPE_NAME_CMPL, &adv_name_len);
uint8_t *adv_name = esp_ble_resolve_adv_data_by_type(scan_rst->ble_adv,
scan_rst->adv_data_len + scan_rst->scan_rsp_len,
ESP_BLE_AD_TYPE_NAME_CMPL,
&adv_name_len);
if (adv_name == NULL) {
adv_name = esp_ble_resolve_adv_data(scan_rst->ble_adv, ESP_BLE_AD_TYPE_NAME_SHORT, &adv_name_len);
adv_name = esp_ble_resolve_adv_data_by_type(scan_rst->ble_adv,
scan_rst->adv_data_len + scan_rst->scan_rsp_len,
ESP_BLE_AD_TYPE_NAME_SHORT,
&adv_name_len);
}
if (adv_name != NULL && adv_name_len) {

20
examples/bluetooth/esp_hid_host/main/esp_hid_gap.c
View File

@@ -405,22 +405,34 @@ static void handle_ble_device_result(struct ble_scan_result_evt_param *scan_rst)
char name[64] = {0};
uint8_t uuid_len = 0;
uint8_t *uuid_d = esp_ble_resolve_adv_data(scan_rst->ble_adv, ESP_BLE_AD_TYPE_16SRV_CMPL, &uuid_len);
uint8_t *uuid_d = esp_ble_resolve_adv_data_by_type(scan_rst->ble_adv,
scan_rst->adv_data_len + scan_rst->scan_rsp_len,
ESP_BLE_AD_TYPE_16SRV_CMPL,
&uuid_len);
if (uuid_d != NULL && uuid_len) {
uuid = uuid_d[0] + (uuid_d[1] << 8);
}
uint8_t appearance_len = 0;
uint8_t *appearance_d = esp_ble_resolve_adv_data(scan_rst->ble_adv, ESP_BLE_AD_TYPE_APPEARANCE, &appearance_len);
uint8_t *appearance_d = esp_ble_resolve_adv_data_by_type(scan_rst->ble_adv,
scan_rst->adv_data_len + scan_rst->scan_rsp_len,
ESP_BLE_AD_TYPE_APPEARANCE,
&appearance_len);
if (appearance_d != NULL && appearance_len) {
appearance = appearance_d[0] + (appearance_d[1] << 8);
}
uint8_t adv_name_len = 0;
uint8_t *adv_name = esp_ble_resolve_adv_data(scan_rst->ble_adv, ESP_BLE_AD_TYPE_NAME_CMPL, &adv_name_len);
uint8_t *adv_name = esp_ble_resolve_adv_data_by_type(scan_rst->ble_adv,
scan_rst->adv_data_len + scan_rst->scan_rsp_len,
ESP_BLE_AD_TYPE_NAME_CMPL,
&adv_name_len);
if (adv_name == NULL) {
adv_name = esp_ble_resolve_adv_data(scan_rst->ble_adv, ESP_BLE_AD_TYPE_NAME_SHORT, &adv_name_len);
adv_name = esp_ble_resolve_adv_data_by_type(scan_rst->ble_adv,
scan_rst->adv_data_len + scan_rst->scan_rsp_len,
ESP_BLE_AD_TYPE_NAME_SHORT,
&adv_name_len);
}
if (adv_name != NULL && adv_name_len) {