Loading system/stack/smp/smp_act.cc +34 −0 Original line number Diff line number Diff line Loading @@ -520,6 +520,14 @@ void smp_proc_pair_cmd(tSMP_CB* p_cb, tSMP_INT_DATA* p_data) { p_cb->flags |= SMP_PAIR_FLAG_ENC_AFTER_PAIR; if (smp_command_has_invalid_length(p_cb)) { tSMP_INT_DATA smp_int_data; smp_int_data.status = SMP_INVALID_PARAMETERS; android_errorWriteLog(0x534e4554, "111850706"); smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &smp_int_data); return; } STREAM_TO_UINT8(p_cb->peer_io_caps, p); STREAM_TO_UINT8(p_cb->peer_oob_flag, p); STREAM_TO_UINT8(p_cb->peer_auth_req, p); Loading Loading @@ -787,6 +795,14 @@ void smp_br_process_pairing_command(tSMP_CB* p_cb, tSMP_INT_DATA* p_data) { p_cb->flags |= SMP_PAIR_FLAG_ENC_AFTER_PAIR; if (smp_command_has_invalid_length(p_cb)) { tSMP_INT_DATA smp_int_data; smp_int_data.status = SMP_INVALID_PARAMETERS; android_errorWriteLog(0x534e4554, "111213909"); smp_br_state_machine_event(p_cb, SMP_BR_AUTH_CMPL_EVT, &smp_int_data); return; } STREAM_TO_UINT8(p_cb->peer_io_caps, p); STREAM_TO_UINT8(p_cb->peer_oob_flag, p); STREAM_TO_UINT8(p_cb->peer_auth_req, p); Loading Loading @@ -985,6 +1001,15 @@ void smp_proc_id_addr(tSMP_CB* p_cb, tSMP_INT_DATA* p_data) { tBTM_LE_KEY_VALUE pid_key; SMP_TRACE_DEBUG("%s", __func__); if (smp_command_has_invalid_parameters(p_cb)) { tSMP_INT_DATA smp_int_data; smp_int_data.status = SMP_INVALID_PARAMETERS; android_errorWriteLog(0x534e4554, "111214770"); smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &smp_int_data); return; } smp_update_key_mask(p_cb, SMP_SEC_KEY_TYPE_ID, true); STREAM_TO_UINT8(pid_key.pid_key.identity_addr_type, p); Loading @@ -1008,6 +1033,15 @@ void smp_proc_srk_info(tSMP_CB* p_cb, tSMP_INT_DATA* p_data) { tBTM_LE_KEY_VALUE le_key; SMP_TRACE_DEBUG("%s", __func__); if (smp_command_has_invalid_parameters(p_cb)) { tSMP_INT_DATA smp_int_data; smp_int_data.status = SMP_INVALID_PARAMETERS; android_errorWriteLog(0x534e4554, "111214470"); smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &smp_int_data); return; } smp_update_key_mask(p_cb, SMP_SEC_KEY_TYPE_CSRK, true); /* save CSRK to security record */ Loading system/stack/smp/smp_int.h +1 −0 Original line number Diff line number Diff line Loading @@ -448,6 +448,7 @@ extern void smp_convert_string_to_tk(Octet16* tk, uint32_t passkey); extern void smp_mask_enc_key(uint8_t loc_enc_size, Octet16* p_data); extern void smp_rsp_timeout(void* data); extern void smp_delayed_auth_complete_timeout(void* data); extern bool smp_command_has_invalid_length(tSMP_CB* p_cb); extern bool smp_command_has_invalid_parameters(tSMP_CB* p_cb); extern void smp_reject_unexpected_pairing_command(const RawAddress& bd_addr); extern tSMP_ASSO_MODEL smp_select_association_model(tSMP_CB* p_cb); Loading system/stack/smp/smp_utils.cc +27 −0 Original line number Diff line number Diff line Loading @@ -921,6 +921,33 @@ void smp_proc_pairing_cmpl(tSMP_CB* p_cb) { if (p_callback) (*p_callback)(SMP_COMPLT_EVT, pairing_bda, &evt_data); } /******************************************************************************* * * Function smp_command_has_invalid_length * * Description Checks if the received SMP command has invalid length * It returns true if the command has invalid length. * * Returns true if the command has invalid length, false otherwise. * ******************************************************************************/ bool smp_command_has_invalid_length(tSMP_CB* p_cb) { uint8_t cmd_code = p_cb->rcvd_cmd_code; if ((cmd_code > (SMP_OPCODE_MAX + 1 /* for SMP_OPCODE_PAIR_COMMITM */)) || (cmd_code < SMP_OPCODE_MIN)) { SMP_TRACE_WARNING("%s: Received command with RESERVED code 0x%02x", __func__, cmd_code); return true; } if (!smp_command_has_valid_fixed_length(p_cb)) { return true; } return false; } /******************************************************************************* * * Function smp_command_has_invalid_parameters Loading Loading
system/stack/smp/smp_act.cc +34 −0 Original line number Diff line number Diff line Loading @@ -520,6 +520,14 @@ void smp_proc_pair_cmd(tSMP_CB* p_cb, tSMP_INT_DATA* p_data) { p_cb->flags |= SMP_PAIR_FLAG_ENC_AFTER_PAIR; if (smp_command_has_invalid_length(p_cb)) { tSMP_INT_DATA smp_int_data; smp_int_data.status = SMP_INVALID_PARAMETERS; android_errorWriteLog(0x534e4554, "111850706"); smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &smp_int_data); return; } STREAM_TO_UINT8(p_cb->peer_io_caps, p); STREAM_TO_UINT8(p_cb->peer_oob_flag, p); STREAM_TO_UINT8(p_cb->peer_auth_req, p); Loading Loading @@ -787,6 +795,14 @@ void smp_br_process_pairing_command(tSMP_CB* p_cb, tSMP_INT_DATA* p_data) { p_cb->flags |= SMP_PAIR_FLAG_ENC_AFTER_PAIR; if (smp_command_has_invalid_length(p_cb)) { tSMP_INT_DATA smp_int_data; smp_int_data.status = SMP_INVALID_PARAMETERS; android_errorWriteLog(0x534e4554, "111213909"); smp_br_state_machine_event(p_cb, SMP_BR_AUTH_CMPL_EVT, &smp_int_data); return; } STREAM_TO_UINT8(p_cb->peer_io_caps, p); STREAM_TO_UINT8(p_cb->peer_oob_flag, p); STREAM_TO_UINT8(p_cb->peer_auth_req, p); Loading Loading @@ -985,6 +1001,15 @@ void smp_proc_id_addr(tSMP_CB* p_cb, tSMP_INT_DATA* p_data) { tBTM_LE_KEY_VALUE pid_key; SMP_TRACE_DEBUG("%s", __func__); if (smp_command_has_invalid_parameters(p_cb)) { tSMP_INT_DATA smp_int_data; smp_int_data.status = SMP_INVALID_PARAMETERS; android_errorWriteLog(0x534e4554, "111214770"); smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &smp_int_data); return; } smp_update_key_mask(p_cb, SMP_SEC_KEY_TYPE_ID, true); STREAM_TO_UINT8(pid_key.pid_key.identity_addr_type, p); Loading @@ -1008,6 +1033,15 @@ void smp_proc_srk_info(tSMP_CB* p_cb, tSMP_INT_DATA* p_data) { tBTM_LE_KEY_VALUE le_key; SMP_TRACE_DEBUG("%s", __func__); if (smp_command_has_invalid_parameters(p_cb)) { tSMP_INT_DATA smp_int_data; smp_int_data.status = SMP_INVALID_PARAMETERS; android_errorWriteLog(0x534e4554, "111214470"); smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &smp_int_data); return; } smp_update_key_mask(p_cb, SMP_SEC_KEY_TYPE_CSRK, true); /* save CSRK to security record */ Loading
system/stack/smp/smp_int.h +1 −0 Original line number Diff line number Diff line Loading @@ -448,6 +448,7 @@ extern void smp_convert_string_to_tk(Octet16* tk, uint32_t passkey); extern void smp_mask_enc_key(uint8_t loc_enc_size, Octet16* p_data); extern void smp_rsp_timeout(void* data); extern void smp_delayed_auth_complete_timeout(void* data); extern bool smp_command_has_invalid_length(tSMP_CB* p_cb); extern bool smp_command_has_invalid_parameters(tSMP_CB* p_cb); extern void smp_reject_unexpected_pairing_command(const RawAddress& bd_addr); extern tSMP_ASSO_MODEL smp_select_association_model(tSMP_CB* p_cb); Loading
system/stack/smp/smp_utils.cc +27 −0 Original line number Diff line number Diff line Loading @@ -921,6 +921,33 @@ void smp_proc_pairing_cmpl(tSMP_CB* p_cb) { if (p_callback) (*p_callback)(SMP_COMPLT_EVT, pairing_bda, &evt_data); } /******************************************************************************* * * Function smp_command_has_invalid_length * * Description Checks if the received SMP command has invalid length * It returns true if the command has invalid length. * * Returns true if the command has invalid length, false otherwise. * ******************************************************************************/ bool smp_command_has_invalid_length(tSMP_CB* p_cb) { uint8_t cmd_code = p_cb->rcvd_cmd_code; if ((cmd_code > (SMP_OPCODE_MAX + 1 /* for SMP_OPCODE_PAIR_COMMITM */)) || (cmd_code < SMP_OPCODE_MIN)) { SMP_TRACE_WARNING("%s: Received command with RESERVED code 0x%02x", __func__, cmd_code); return true; } if (!smp_command_has_valid_fixed_length(p_cb)) { return true; } return false; } /******************************************************************************* * * Function smp_command_has_invalid_parameters Loading
