From c4719101745322683a28f9e14040ac4e89a390b3 Mon Sep 17 00:00:00 2001 From: Nebojsa Cvetkovic Date: Sat, 28 Sep 2024 11:12:18 -0700 Subject: [PATCH] fix(ble/bluedroid): Prevent esp_ble_gatts_send_indicate() with value_len > 512 --- components/bt/host/bluedroid/api/esp_gatts_api.c | 7 ++++++- .../bt/host/bluedroid/api/include/api/esp_gatts_api.h | 2 +- 2 files changed, 7 insertions(+), 2 deletions(-) diff --git a/components/bt/host/bluedroid/api/esp_gatts_api.c b/components/bt/host/bluedroid/api/esp_gatts_api.c index 66fa5c66175..03c81860995 100644 --- a/components/bt/host/bluedroid/api/esp_gatts_api.c +++ b/components/bt/host/bluedroid/api/esp_gatts_api.c @@ -260,6 +260,11 @@ esp_err_t esp_ble_gatts_stop_service(uint16_t service_handle) esp_err_t esp_ble_gatts_send_indicate(esp_gatt_if_t gatts_if, uint16_t conn_id, uint16_t attr_handle, uint16_t value_len, uint8_t *value, bool need_confirm) { + if (value_len > ESP_GATT_MAX_ATTR_LEN) { + LOG_ERROR("%s, value_len > ESP_GATT_MAX_ATTR_LEN.", __func__); + return ESP_ERR_INVALID_SIZE; + } + btc_msg_t msg = {0}; btc_ble_gatts_args_t arg; @@ -272,7 +277,7 @@ esp_err_t esp_ble_gatts_send_indicate(esp_gatt_if_t gatts_if, uint16_t conn_id, } if (L2CA_CheckIsCongest(L2CAP_ATT_CID, p_tcb->peer_bda)) { - LOG_DEBUG("%s, the l2cap chanel is congest.", __func__); + LOG_DEBUG("%s, the l2cap channel is congest.", __func__); return ESP_FAIL; } diff --git a/components/bt/host/bluedroid/api/include/api/esp_gatts_api.h b/components/bt/host/bluedroid/api/include/api/esp_gatts_api.h index 72ff694e4b6..dc26462cb04 100644 --- a/components/bt/host/bluedroid/api/include/api/esp_gatts_api.h +++ b/components/bt/host/bluedroid/api/include/api/esp_gatts_api.h @@ -475,7 +475,7 @@ esp_err_t esp_ble_gatts_stop_service(uint16_t service_handle); /** * @brief Send indicate or notify to GATT client. * Set param need_confirm as false will send notification, otherwise indication. - * Note: the size of indicate or notify data need less than MTU size,see "esp_ble_gattc_send_mtu_req". + * Note: value_len must be less than min(512, MTU - 3), see "esp_ble_gattc_send_mtu_req". * * @param[in] gatts_if: GATT server access interface * @param[in] conn_id - connection id to indicate.