espressif/esp-idf
1
0
Fork 0
mirror of https://github.com/espressif/esp-idf.git synced 2026-04-27 19:13:21 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'bugfix/fix_host_nimble_fixes_v5.3' into 'release/v5.3'

Browse Source 
fix(nimble): Fix various issues for security/vulnerability in host (v5.3)

See merge request espressif/esp-idf!45994
This commit is contained in:
Rahul Tank
2026-02-25 12:48:19 +05:30
parent 7a20c6535b 77e3d0a120
commit 773cb7c129
4 changed files with 14 additions and 22 deletions
Download Patch File Download Diff File Expand all files Collapse all files
components/bt/host/nimble/nimble
+1 -1
Submodule components/bt/host/nimble/nimble updated: 6128c09f0b...88217237df
examples/bluetooth/nimble/ble_htp/htp_cent/main/main.c
+2 -2
View File
@@ -354,8 +354,8 @@ ext_ble_htp_cent_should_connect(const struct ble_gap_ext_disc_desc *disc)
}
/* Search if HTP UUID is advertised */
if (disc->data[offset + 1] == 0x03) {
if (disc->data[offset + 2] == 0x09 && disc->data[offset + 3] == 0x18) {
if (disc->data[offset] == 0x03 && disc->data[offset + 1] == 0x03) {
if ( disc->data[offset + 2] == 0x18 && disc->data[offset + 3] == 0x09 ) {
return 1;
}
}
examples/bluetooth/nimble/ble_phy/phy_cent/main/main.c
+7 -9
View File
@@ -1,5 +1,5 @@
/*
* SPDX-FileCopyrightText: 2021-2025 Espressif Systems (Shanghai) CO LTD
* SPDX-FileCopyrightText: 2021-2026 Espressif Systems (Shanghai) CO LTD
*
* SPDX-License-Identifier: Unlicense OR CC0-1.0
*/
@@ -236,7 +236,6 @@ ext_blecent_should_connect(const struct ble_gap_ext_disc_desc *disc)
int ad_struct_len = 0;
uint8_t test_addr[6];
uint32_t peer_addr[6];
uint8_t type = 0;
memset(peer_addr, 0x0, sizeof peer_addr);
@@ -268,13 +267,12 @@ ext_blecent_should_connect(const struct ble_gap_ext_disc_desc *disc)
if (!ad_struct_len || (offset + ad_struct_len + 1 > disc->length_data)) {
break;
}
type = disc->data[offset + 1];
if ((type == 0x02 || type == 0x03) && ad_struct_len >= 3) {
/* Scan UUID bytes for LE_PHY_UUID16 (little-endian: 0xF2 0xAB) */
for (int i = 2; i + 1 < ad_struct_len; i += 2) {
if (disc->data[offset + i] == 0xF2 && disc->data[offset + i + 1] == 0xAB) {
return 1;
}
/* Search if LE PHY UUID is advertised */
if (disc->data[offset] == 0x03 && disc->data[offset + 1] == 0x03) {
if ( disc->data[offset + 2] == 0xAB && disc->data[offset + 3] == 0xF2 ) {
return 1;
}
}
offset += ad_struct_len + 1;
examples/bluetooth/nimble/ble_proximity_sensor/proximity_sensor_cent/main/main.c
+4 -10
View File
@@ -1,5 +1,5 @@
/*
* SPDX-FileCopyrightText: 2017-2025 Espressif Systems (Shanghai) CO LTD
* SPDX-FileCopyrightText: 2017-2026 Espressif Systems (Shanghai) CO LTD
*
* SPDX-License-Identifier: Apache-2.0
*/
@@ -269,15 +269,9 @@ ext_ble_prox_cent_should_connect(const struct ble_gap_ext_disc_desc *disc)
}
/* Search if Proximity Sensor (Link loss) UUID is advertised */
if (disc->data[offset + 1] == 0x03) {
int uuid_offset = offset + 2;
int uuid_end = offset + 1 + disc->data[offset]; // len includes type+data
while (uuid_offset + 1 < uuid_end) {
// BLE uses little-endian: 0x1803 is stored as 0x03 0x18
if (disc->data[uuid_offset] == 0x03 && disc->data[uuid_offset + 1] == 0x18) {
return 1;
}
uuid_offset += 2;
if (disc->data[offset] == 0x03 && disc->data[offset + 1] == 0x03) {
if ( disc->data[offset + 2] == 0x18 && disc->data[offset + 3] == 0x03 ) {
return 1;
}
}