Skip to content

Commit

Permalink
Merge branch 'bugfix/oversized_SegN_as_valid_v4.4' into 'release/v4.4'
Browse files Browse the repository at this point in the history
ble_mesh: stack: Bugfix for oversized SegN as valid(v4.4)

See merge request espressif/esp-idf!17772
  • Loading branch information
Isl2017 committed Apr 26, 2022
2 parents 75e50e9 + 7a34692 commit c412085
Show file tree
Hide file tree
Showing 2 changed files with 14 additions and 0 deletions.
7 changes: 7 additions & 0 deletions components/bt/esp_ble_mesh/mesh_core/prov.c
Original file line number Diff line number Diff line change
Expand Up @@ -74,6 +74,7 @@

#define START_PAYLOAD_MAX 20
#define CONT_PAYLOAD_MAX 23
#define START_LAST_SEG_MAX 2

#define START_LAST_SEG(gpc) (gpc >> 2)
#define CONT_SEG_INDEX(gpc) (gpc >> 2)
Expand Down Expand Up @@ -1563,6 +1564,12 @@ static void gen_prov_start(struct prov_rx *rx, struct net_buf_simple *buf)
return;
}

if (START_LAST_SEG(rx->gpc) > START_LAST_SEG_MAX) {
BT_ERR("Invalid SegN 0x%02x", START_LAST_SEG(rx->gpc));
prov_send_fail_msg(PROV_ERR_UNEXP_ERR);
return;
}

if (link.rx.buf->len > link.rx.buf->size) {
BT_ERR("Too large provisioning PDU (%u bytes)",
link.rx.buf->len);
Expand Down
7 changes: 7 additions & 0 deletions components/bt/esp_ble_mesh/mesh_core/provisioner_prov.c
Original file line number Diff line number Diff line change
Expand Up @@ -74,6 +74,7 @@ _Static_assert(BLE_MESH_MAX_CONN >= CONFIG_BLE_MESH_PBG_SAME_TIME,

#define START_PAYLOAD_MAX 20
#define CONT_PAYLOAD_MAX 23
#define START_LAST_SEG_MAX 2

#define START_LAST_SEG(gpc) (gpc >> 2)
#define CONT_SEG_INDEX(gpc) (gpc >> 2)
Expand Down Expand Up @@ -2980,6 +2981,12 @@ static void gen_prov_start(const uint8_t idx, struct prov_rx *rx, struct net_buf
return;
}

if (START_LAST_SEG(rx->gpc) > START_LAST_SEG_MAX) {
BT_ERR("Invalid SegN 0x%02x", START_LAST_SEG(rx->gpc));
close_link(idx, CLOSE_REASON_FAILED);
return;
}

if (link[idx].rx.buf->len > link[idx].rx.buf->size) {
BT_ERR("Too large provisioning PDU (%u bytes)",
link[idx].rx.buf->len);
Expand Down

0 comments on commit c412085

Please sign in to comment.