alex/esp-idf
1
0
Fork 0
mirror of https://github.com/espressif/esp-idf.git synced 2025-10-12 23:52:38 +00:00
Code Issues Packages Projects Releases Wiki Activity

fix(bt/bluedroid): Prevent out-of-bounds access and add type check when resolving EIR data

Browse Source
This commit is contained in:
yangfeng
2025-08-11 17:54:32 +08:00
committed by Yang Feng
parent 659ae57c83
commit a0fe68ce45
3 changed files with 54 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

22
components/bt/host/bluedroid/api/esp_gap_bt_api.c
View File

@@ -138,7 +138,27 @@ uint8_t *esp_bt_gap_resolve_eir_data(uint8_t *eir, esp_bt_eir_type_t type, uint8
return NULL;
}
return BTM_CheckEirData(eir, type, length);
switch (type) {
case ESP_BT_EIR_TYPE_FLAGS:
case ESP_BT_EIR_TYPE_INCMPL_16BITS_UUID:
case ESP_BT_EIR_TYPE_CMPL_16BITS_UUID:
case ESP_BT_EIR_TYPE_INCMPL_32BITS_UUID:
case ESP_BT_EIR_TYPE_CMPL_32BITS_UUID:
case ESP_BT_EIR_TYPE_INCMPL_128BITS_UUID:
case ESP_BT_EIR_TYPE_CMPL_128BITS_UUID:
case ESP_BT_EIR_TYPE_SHORT_LOCAL_NAME:
case ESP_BT_EIR_TYPE_CMPL_LOCAL_NAME:
case ESP_BT_EIR_TYPE_TX_POWER_LEVEL:
case ESP_BT_EIR_TYPE_URL:
case ESP_BT_EIR_TYPE_MANU_SPECIFIC: {
return BTM_CheckEirData(eir, type, length);
}
default:
/*Error type*/
break;
}
return NULL;
}
esp_err_t esp_bt_gap_config_eir_data(esp_bt_eir_data_t *eir_data)