Skip to content

Commit

Permalink
nimble/gatts: Add check for RFU bits
Browse files Browse the repository at this point in the history
  • Loading branch information
Roshan23699 authored and sjanc committed Dec 22, 2023
1 parent 44e0ccc commit 64067f5
Show file tree
Hide file tree
Showing 3 changed files with 17 additions and 4 deletions.
3 changes: 3 additions & 0 deletions nimble/host/include/host/ble_att.h
Original file line number Diff line number Diff line change
Expand Up @@ -110,6 +110,9 @@ struct os_mbuf;
/**Insufficient Resources to complete the request. */
#define BLE_ATT_ERR_INSUFFICIENT_RES 0x11

/**Requested value is not allowed. */
#define BLE_ATT_ERR_VALUE_NOT_ALLOWED 0x13

/** @} */

/**
Expand Down
5 changes: 5 additions & 0 deletions nimble/host/src/ble_gatt_priv.h
Original file line number Diff line number Diff line change
Expand Up @@ -89,6 +89,11 @@ extern STATS_SECT_DECL(ble_gatts_stats) ble_gatts_stats;
#define BLE_GATT_CHR_DECL_SZ_16 5
#define BLE_GATT_CHR_DECL_SZ_128 19
#define BLE_GATT_CHR_CLI_SUP_FEAT_SZ 1
/**
* For now only 3 bits in first octet are defined
*
*/
#define BLE_GATT_CHR_CLI_SUP_FEAT_MASK 7

typedef uint8_t ble_gatts_conn_flags;

Expand Down
13 changes: 9 additions & 4 deletions nimble/host/src/ble_gatts.c
Original file line number Diff line number Diff line change
Expand Up @@ -1620,20 +1620,20 @@ ble_gatts_peer_cl_sup_feat_update(uint16_t conn_handle, struct os_mbuf *om)
BLE_HS_LOG(DEBUG, "");

if (!om) {
return BLE_HS_EINVAL;
return BLE_ATT_ERR_INSUFFICIENT_RES;
}

ble_hs_lock();
conn = ble_hs_conn_find(conn_handle);
if (conn == NULL) {
rc = BLE_HS_ENOTCONN;
rc = BLE_ATT_ERR_UNLIKELY;
goto done;
}
if (om->om_len == 0) {
/* Nothing to do */
goto done;
} else if (os_mbuf_len(om) > BLE_ATT_ATTR_MAX_LEN) {
rc = BLE_HS_ENOMEM;
rc = BLE_ATT_ERR_INSUFFICIENT_RES;
goto done;
}

Expand All @@ -1647,10 +1647,15 @@ ble_gatts_peer_cl_sup_feat_update(uint16_t conn_handle, struct os_mbuf *om)
*/
if (conn->bhc_gatt_svr.peer_cl_sup_feat[feat_idx] >
om->om_data[i]) {
rc = BLE_HS_EINVAL;
rc = BLE_ATT_ERR_VALUE_NOT_ALLOWED;
goto done;
}

/* All RFU bits should be unset */
if (feat_idx == 0) {
om->om_data[i] &= BLE_GATT_CHR_CLI_SUP_FEAT_MASK;
}

conn->bhc_gatt_svr.peer_cl_sup_feat[feat_idx] |= om->om_data[i];

feat_idx++;
Expand Down

0 comments on commit 64067f5

Please sign in to comment.