From a6730c7da697477ed696148cf737bfb66514a742 Mon Sep 17 00:00:00 2001 From: zhanghaipeng Date: Thu, 27 Nov 2025 19:36:35 +0800 Subject: [PATCH] fix(ble/bluedroid): Add NULL checks in GATT APIs --- .../bt/host/bluedroid/api/esp_gattc_api.c | 36 +++++++++++++++++++ .../bt/host/bluedroid/api/esp_gatts_api.c | 26 +++++++++++++- 2 files changed, 61 insertions(+), 1 deletion(-) diff --git a/components/bt/host/bluedroid/api/esp_gattc_api.c b/components/bt/host/bluedroid/api/esp_gattc_api.c index e483e05123..f54deb8ea2 100644 --- a/components/bt/host/bluedroid/api/esp_gattc_api.c +++ b/components/bt/host/bluedroid/api/esp_gattc_api.c @@ -178,6 +178,10 @@ esp_err_t esp_ble_gattc_enh_open(esp_gatt_if_t gattc_if, esp_ble_gatt_creat_conn #if (BLE_42_FEATURE_SUPPORT == TRUE) esp_err_t esp_ble_gattc_open(esp_gatt_if_t gattc_if, esp_bd_addr_t remote_bda, esp_ble_addr_type_t remote_addr_type, bool is_direct) { + if (remote_bda == NULL) { + return ESP_ERR_INVALID_ARG; + } + esp_ble_gatt_creat_conn_params_t creat_conn_params = {0}; memcpy(creat_conn_params.remote_bda, remote_bda, ESP_BD_ADDR_LEN); creat_conn_params.remote_addr_type = remote_addr_type; @@ -192,6 +196,10 @@ esp_err_t esp_ble_gattc_open(esp_gatt_if_t gattc_if, esp_bd_addr_t remote_bda, e #if (BLE_50_FEATURE_SUPPORT == TRUE) esp_err_t esp_ble_gattc_aux_open(esp_gatt_if_t gattc_if, esp_bd_addr_t remote_bda, esp_ble_addr_type_t remote_addr_type, bool is_direct) { + if (remote_bda == NULL) { + return ESP_ERR_INVALID_ARG; + } + esp_ble_gatt_creat_conn_params_t creat_conn_params = {0}; memcpy(creat_conn_params.remote_bda, remote_bda, ESP_BD_ADDR_LEN); creat_conn_params.remote_addr_type = remote_addr_type; @@ -626,6 +634,10 @@ esp_err_t esp_ble_gattc_read_multiple(esp_gatt_if_t gattc_if, ESP_BLUEDROID_STATUS_CHECK(ESP_BLUEDROID_STATUS_ENABLED); + if (read_multi == NULL) { + return ESP_ERR_INVALID_ARG; + } + tGATT_TCB *p_tcb = gatt_get_tcb_by_idx(conn_id); if (!gatt_check_connection_state_by_tcb(p_tcb)) { LOG_WARN("%s, The connection not created.", __func__); @@ -662,6 +674,10 @@ esp_err_t esp_ble_gattc_read_multiple_variable(esp_gatt_if_t gattc_if, ESP_BLUEDROID_STATUS_CHECK(ESP_BLUEDROID_STATUS_ENABLED); + if (read_multi == NULL) { + return ESP_ERR_INVALID_ARG; + } + tGATT_TCB *p_tcb = gatt_get_tcb_by_idx(conn_id); if (!gatt_check_connection_state_by_tcb(p_tcb)) { LOG_WARN("%s, The connection not created.", __func__); @@ -915,6 +931,10 @@ esp_err_t esp_ble_gattc_register_for_notify (esp_gatt_if_t gattc_if, ESP_BLUEDROID_STATUS_CHECK(ESP_BLUEDROID_STATUS_ENABLED); + if (server_bda == NULL) { + return ESP_ERR_INVALID_ARG; + } + if (handle == 0) { return ESP_GATT_INVALID_HANDLE; } @@ -937,6 +957,10 @@ esp_err_t esp_ble_gattc_unregister_for_notify (esp_gatt_if_t gattc_if, ESP_BLUEDROID_STATUS_CHECK(ESP_BLUEDROID_STATUS_ENABLED); + if (server_bda == NULL) { + return ESP_ERR_INVALID_ARG; + } + if (handle == 0) { return ESP_GATT_INVALID_HANDLE; } @@ -957,6 +981,10 @@ esp_err_t esp_ble_gattc_cache_refresh(esp_bd_addr_t remote_bda) ESP_BLUEDROID_STATUS_CHECK(ESP_BLUEDROID_STATUS_ENABLED); + if (remote_bda == NULL) { + return ESP_ERR_INVALID_ARG; + } + msg.sig = BTC_SIG_API_CALL; msg.pid = BTC_PID_GATTC; msg.act = BTC_GATTC_ACT_CACHE_REFRESH; @@ -972,6 +1000,10 @@ esp_err_t esp_ble_gattc_cache_clean(esp_bd_addr_t remote_bda) ESP_BLUEDROID_STATUS_CHECK(ESP_BLUEDROID_STATUS_ENABLED); + if (remote_bda == NULL) { + return ESP_ERR_INVALID_ARG; + } + msg.sig = BTC_SIG_API_CALL; msg.pid = BTC_PID_GATTC; msg.act = BTC_GATTC_ACT_CACHE_CLEAN; @@ -987,6 +1019,10 @@ esp_err_t esp_ble_gattc_cache_assoc(esp_gatt_if_t gattc_if, esp_bd_addr_t src_ad ESP_BLUEDROID_STATUS_CHECK(ESP_BLUEDROID_STATUS_ENABLED); + if (src_addr == NULL || assoc_addr == NULL) { + return ESP_ERR_INVALID_ARG; + } + msg.sig = BTC_SIG_API_CALL; msg.pid = BTC_PID_GATTC; msg.act = BTC_GATTC_ACT_CACHE_ASSOC; diff --git a/components/bt/host/bluedroid/api/esp_gatts_api.c b/components/bt/host/bluedroid/api/esp_gatts_api.c index 03c8186099..1d7c696126 100644 --- a/components/bt/host/bluedroid/api/esp_gatts_api.c +++ b/components/bt/host/bluedroid/api/esp_gatts_api.c @@ -1,5 +1,5 @@ /* - * SPDX-FileCopyrightText: 2015-2021 Espressif Systems (Shanghai) CO LTD + * SPDX-FileCopyrightText: 2015-2025 Espressif Systems (Shanghai) CO LTD * * SPDX-License-Identifier: Apache-2.0 */ @@ -78,6 +78,10 @@ esp_err_t esp_ble_gatts_create_service(esp_gatt_if_t gatts_if, ESP_BLUEDROID_STATUS_CHECK(ESP_BLUEDROID_STATUS_ENABLED); + if (service_id == NULL) { + return ESP_ERR_INVALID_ARG; + } + msg.sig = BTC_SIG_API_CALL; msg.pid = BTC_PID_GATTS; msg.act = BTC_GATTS_ACT_CREATE_SERVICE; @@ -98,6 +102,10 @@ esp_err_t esp_ble_gatts_create_attr_tab(const esp_gatts_attr_db_t *gatts_attr_db ESP_BLUEDROID_STATUS_CHECK(ESP_BLUEDROID_STATUS_ENABLED); + if (gatts_attr_db == NULL) { + return ESP_ERR_INVALID_ARG; + } + if (max_nb_attr > ESP_GATT_ATTR_HANDLE_MAX) { LOG_ERROR("The number of attribute should not be greater than CONFIG_BT_GATT_MAX_SR_ATTRIBUTES\n"); return ESP_ERR_INVALID_ARG; @@ -143,6 +151,10 @@ esp_err_t esp_ble_gatts_add_char(uint16_t service_handle, esp_bt_uuid_t *char_ ESP_BLUEDROID_STATUS_CHECK(ESP_BLUEDROID_STATUS_ENABLED); + if (char_uuid == NULL) { + return ESP_ERR_INVALID_ARG; + } + /* parameter validation check */ status = esp_ble_gatts_add_char_desc_param_check(char_val, control); if (status != ESP_OK){ @@ -183,6 +195,10 @@ esp_err_t esp_ble_gatts_add_char_descr (uint16_t service_handle, ESP_BLUEDROID_STATUS_CHECK(ESP_BLUEDROID_STATUS_ENABLED); + if (descr_uuid == NULL) { + return ESP_ERR_INVALID_ARG; + } + /* parameter validation check */ status = esp_ble_gatts_add_char_desc_param_check(char_descr_val, control); if (status != ESP_OK){ @@ -344,6 +360,10 @@ esp_gatt_status_t esp_ble_gatts_get_attr_value(uint16_t attr_handle, uint16_t *l { ESP_BLUEDROID_STATUS_CHECK(ESP_BLUEDROID_STATUS_ENABLED); + if (length == NULL || value == NULL) { + return ESP_GATT_INVALID_PDU; + } + if (attr_handle == ESP_GATT_ILLEGAL_HANDLE) { *length = 0; return ESP_GATT_INVALID_HANDLE; @@ -359,6 +379,10 @@ esp_err_t esp_ble_gatts_open(esp_gatt_if_t gatts_if, esp_bd_addr_t remote_bda, b ESP_BLUEDROID_STATUS_CHECK(ESP_BLUEDROID_STATUS_ENABLED); + if (remote_bda == NULL) { + return ESP_ERR_INVALID_ARG; + } + msg.sig = BTC_SIG_API_CALL; msg.pid = BTC_PID_GATTS; msg.act = BTC_GATTS_ACT_OPEN;