espressif/esp-idf
1
0
Fork 0
mirror of https://github.com/espressif/esp-idf.git synced 2026-04-27 19:13:21 +00:00
Code Issues Packages Projects Releases Wiki Activity

fix(bt/bluedroid): fixed an OOB bug in btm_read_local_oob_complete

Browse Source
This commit is contained in:
Jin Cheng
2025-10-11 19:10:42 +08:00
parent 1ff7ffcaf8
commit 3e6a58c3d4
4 changed files with 21 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files
components/bt/host/bluedroid/stack/btm/btm_ble_privacy.c
+1
View File
@@ -227,6 +227,7 @@ void btm_ble_update_resolving_list(BD_ADDR pseudo_bda, BOOLEAN add)
void btm_ble_clear_resolving_list_complete(UINT8 *p, UINT16 evt_len)
{
UINT8 status = 0;
STREAM_TO_UINT8(status, p);
BTM_TRACE_DEBUG("%s status=%d", __func__, status);
components/bt/host/bluedroid/stack/btm/btm_sec.c
+17 -2
View File
@@ -3795,13 +3795,27 @@ void btm_rem_oob_req (UINT8 *p)
** Returns void
**
*******************************************************************************/
void btm_read_local_oob_complete (UINT8 *p)
void btm_read_local_oob_complete (UINT8 *p, UINT16 evt_len)
{
tBTM_SP_LOC_OOB evt_data;
UINT8 status = *p++;
UINT8 status;
if (evt_len < 1) {
BTM_TRACE_ERROR("%s malformatted event packet, too short", __func__);
evt_data.status = BTM_ERR_PROCESSING;
goto err_out;
}
STREAM_TO_UINT8(status, p);
BTM_TRACE_EVENT ("btm_read_local_oob_complete:%d\n", status);
if (status == HCI_SUCCESS) {
if (evt_len < 1 + 32) {
BTM_TRACE_ERROR("%s malformatted event packet, too short", __func__);
evt_data.status = BTM_ERR_PROCESSING;
goto err_out;
}
evt_data.status = BTM_SUCCESS;
STREAM_TO_ARRAY16(evt_data.c, p);
STREAM_TO_ARRAY16(evt_data.r, p);
@@ -3809,6 +3823,7 @@ void btm_read_local_oob_complete (UINT8 *p)
evt_data.status = BTM_ERR_PROCESSING;
}
err_out:
if (btm_cb.api.p_sp_callback) {
(*btm_cb.api.p_sp_callback) (BTM_SP_LOC_OOB_EVT, (tBTM_SP_EVT_DATA *)&evt_data);
}
components/bt/host/bluedroid/stack/btm/include/btm_int.h
+2 -2
View File
@@ -1222,10 +1222,10 @@ tINQ_DB_ENT *btm_inq_db_new (BD_ADDR p_bda);
#if BTM_OOB_INCLUDED == TRUE
void btm_rem_oob_req (UINT8 *p);
void btm_read_local_oob_complete (UINT8 *p);
void btm_read_local_oob_complete (UINT8 *p, UINT16 evt_len);
#else
#define btm_rem_oob_req(p)
#define btm_read_local_oob_complete(p)
#define btm_read_local_oob_complete(p, evt_len)
#endif
void btm_acl_resubmit_page (void);
components/bt/host/bluedroid/stack/btu/btu_hcif.c
+1 -1
View File
@@ -990,7 +990,7 @@ static void btu_hcif_hdl_command_complete (UINT16 opcode, UINT8 *p, UINT16 evt_l
case HCI_READ_LOCAL_OOB_DATA:
#if BTM_OOB_INCLUDED == TRUE && SMP_INCLUDED == TRUE
btm_read_local_oob_complete(p);
btm_read_local_oob_complete(p, evt_len);
#endif
break;