Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 3d7de746 authored by Hui Peng's avatar Hui Peng Committed by Automerger Merge Worker
Browse files

Merge "Add validation on sdp attr type and size in hidh_api.cc" into tm-dev... 

Merge "Add validation on sdp attr type and size in hidh_api.cc" into tm-dev am: 114f8039 am: ae8a371b

Original change: https://googleplex-android-review.googlesource.com/c/platform/packages/modules/Bluetooth/+/24638584



Change-Id: I03e2da1462730ded6a866be5a0463618a59aba0a
Signed-off-by: default avatarAutomerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
parents 9b8c9970 ae8a371b

system/stack/hid/hidh_api.cc

+44 −13
Original line number Diff line number Diff line
@@ -88,6 +88,7 @@ void hidh_get_str_attr(tSDP_DISC_REC* p_rec, uint16_t attr_id, uint16_t max_len, 


  p_attr = SDP_FindAttributeInRec(p_rec, attr_id);

  if (p_attr != NULL) {

    if (SDP_DISC_ATTR_TYPE(p_attr->attr_len_type) == TEXT_STR_DESC_TYPE) {

      name_len = SDP_DISC_ATTR_LEN(p_attr->attr_len_type);

      if (name_len < max_len) {

        memcpy(str, (char*)p_attr->attr_value.v.array, name_len);
@@ -96,6 +97,10 @@ void hidh_get_str_attr(tSDP_DISC_REC* p_rec, uint16_t attr_id, uint16_t max_len, 
        memcpy(str, (char*)p_attr->attr_value.v.array, max_len - 1);

        str[max_len - 1] = '\0';

      }

    } else {

      str[0] = '\0';

      LOG_ERROR("attr type not str!!");

    }

  } else

    str[0] = '\0';

}
@@ -144,36 +149,48 @@ static void hidh_search_callback(tSDP_RESULT sdp_result) { 


  if (((p_attr = SDP_FindAttributeInRec(p_rec, ATTR_ID_HID_VIRTUAL_CABLE)) !=

       NULL) &&

      SDP_DISC_ATTR_TYPE(p_attr->attr_len_type) == BOOLEAN_DESC_TYPE &&

      SDP_DISC_ATTR_LEN(p_attr->attr_len_type) >= 1 &&

      (p_attr->attr_value.v.u8)) {

    attr_mask |= HID_VIRTUAL_CABLE;

  }



  if (((p_attr = SDP_FindAttributeInRec(

            p_rec, ATTR_ID_HID_RECONNECT_INITIATE)) != NULL) &&

      SDP_DISC_ATTR_TYPE(p_attr->attr_len_type) == BOOLEAN_DESC_TYPE &&

      SDP_DISC_ATTR_LEN(p_attr->attr_len_type) >= 1 &&

      (p_attr->attr_value.v.u8)) {

    attr_mask |= HID_RECONN_INIT;

  }



  if (((p_attr = SDP_FindAttributeInRec(

            p_rec, ATTR_ID_HID_NORMALLY_CONNECTABLE)) != NULL) &&

      SDP_DISC_ATTR_TYPE(p_attr->attr_len_type) == BOOLEAN_DESC_TYPE &&

      SDP_DISC_ATTR_LEN(p_attr->attr_len_type) >= 1 &&

      (p_attr->attr_value.v.u8)) {

    attr_mask |= HID_NORMALLY_CONNECTABLE;

  }



  if (((p_attr = SDP_FindAttributeInRec(p_rec, ATTR_ID_HID_SDP_DISABLE)) !=

       NULL) &&

      SDP_DISC_ATTR_TYPE(p_attr->attr_len_type) == BOOLEAN_DESC_TYPE &&

      SDP_DISC_ATTR_LEN(p_attr->attr_len_type) >= 1 &&

      (p_attr->attr_value.v.u8)) {

    attr_mask |= HID_SDP_DISABLE;

  }



  if (((p_attr = SDP_FindAttributeInRec(p_rec, ATTR_ID_HID_BATTERY_POWER)) !=

       NULL) &&

      SDP_DISC_ATTR_TYPE(p_attr->attr_len_type) == BOOLEAN_DESC_TYPE &&

      SDP_DISC_ATTR_LEN(p_attr->attr_len_type) >= 1 &&

      (p_attr->attr_value.v.u8)) {

    attr_mask |= HID_BATTERY_POWER;

  }



  if (((p_attr = SDP_FindAttributeInRec(p_rec, ATTR_ID_HID_REMOTE_WAKE)) !=

       NULL) &&

      SDP_DISC_ATTR_TYPE(p_attr->attr_len_type) == BOOLEAN_DESC_TYPE &&

      SDP_DISC_ATTR_LEN(p_attr->attr_len_type) >= 1 &&

      (p_attr->attr_value.v.u8)) {

    attr_mask |= HID_REMOTE_WAKE;

  }
@@ -186,40 +203,54 @@ static void hidh_search_callback(tSDP_RESULT sdp_result) { 
                    p_nvi->prov_name);



  if (((p_attr = SDP_FindAttributeInRec(p_rec, ATTR_ID_HID_DEVICE_RELNUM)) !=

       NULL)) {

       NULL) &&

      SDP_DISC_ATTR_TYPE(p_attr->attr_len_type) == UINT_DESC_TYPE &&

      SDP_DISC_ATTR_LEN(p_attr->attr_len_type) >= 2) {

    p_nvi->rel_num = p_attr->attr_value.v.u16;

  }



  if (((p_attr = SDP_FindAttributeInRec(p_rec, ATTR_ID_HID_COUNTRY_CODE)) !=

       NULL)) {

       NULL) &&

      SDP_DISC_ATTR_TYPE(p_attr->attr_len_type) == UINT_DESC_TYPE &&

      SDP_DISC_ATTR_LEN(p_attr->attr_len_type) >= 1) {

    p_nvi->ctry_code = p_attr->attr_value.v.u8;

  }



  if (((p_attr = SDP_FindAttributeInRec(p_rec, ATTR_ID_HID_DEVICE_SUBCLASS)) !=

       NULL)) {

       NULL) &&

      SDP_DISC_ATTR_TYPE(p_attr->attr_len_type) == UINT_DESC_TYPE &&

      SDP_DISC_ATTR_LEN(p_attr->attr_len_type) >= 1) {

    p_nvi->sub_class = p_attr->attr_value.v.u8;

  }



  if (((p_attr = SDP_FindAttributeInRec(p_rec, ATTR_ID_HID_PARSER_VERSION)) !=

       NULL)) {

       NULL) &&

      SDP_DISC_ATTR_TYPE(p_attr->attr_len_type) == UINT_DESC_TYPE &&

      SDP_DISC_ATTR_LEN(p_attr->attr_len_type) >= 2) {

    p_nvi->hpars_ver = p_attr->attr_value.v.u16;

  }



  if (((p_attr = SDP_FindAttributeInRec(

            p_rec, ATTR_ID_HID_LINK_SUPERVISION_TO)) != NULL)) {

            p_rec, ATTR_ID_HID_LINK_SUPERVISION_TO)) != NULL) &&

      SDP_DISC_ATTR_TYPE(p_attr->attr_len_type) == UINT_DESC_TYPE &&

      SDP_DISC_ATTR_LEN(p_attr->attr_len_type) >= 2) {

    attr_mask |= HID_SUP_TOUT_AVLBL;

    p_nvi->sup_timeout = p_attr->attr_value.v.u16;

  }



  if (((p_attr = SDP_FindAttributeInRec(p_rec, ATTR_ID_HID_SSR_HOST_MAX_LAT)) !=

       NULL)) {

       NULL) &&

      SDP_DISC_ATTR_TYPE(p_attr->attr_len_type) == UINT_DESC_TYPE &&

      SDP_DISC_ATTR_LEN(p_attr->attr_len_type) >= 2) {

    attr_mask |= HID_SSR_MAX_LATENCY;

    p_nvi->ssr_max_latency = p_attr->attr_value.v.u16;

  } else

    p_nvi->ssr_max_latency = HID_SSR_PARAM_INVALID;



  if (((p_attr = SDP_FindAttributeInRec(

            p_rec, ATTR_ID_HID_SSR_HOST_MIN_TOUT)) != NULL)) {

            p_rec, ATTR_ID_HID_SSR_HOST_MIN_TOUT)) != NULL) &&

      SDP_DISC_ATTR_TYPE(p_attr->attr_len_type) == UINT_DESC_TYPE &&

      SDP_DISC_ATTR_LEN(p_attr->attr_len_type) >= 2) {

    attr_mask |= HID_SSR_MIN_TOUT;

    p_nvi->ssr_min_tout = p_attr->attr_value.v.u16;

  } else