You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@mynewt.apache.org by GitBox <gi...@apache.org> on 2018/09/24 18:32:11 UTC

[GitHub] simonratner commented on issue #193: nimble/host: Improve BLE uuid comparison, handle invalid uuid's

simonratner commented on issue #193: nimble/host: Improve BLE uuid comparison, handle invalid uuid's
URL: https://github.com/apache/mynewt-nimble/pull/193#issuecomment-424078337
 
 
   @andrzej-kaczmarek This is something we saw in field deployment tests, so unfortunately we do not have a capture of request/response to go with this. Here's what I did do:
   * Track down the problem to the `verify_uuid` check inside `ble_uuid_cmp`, based on `pc` values and stack traces from the field.
   * Test a local reproduction by running an app that advertises a 16-bit-in-128-bit UUID, which is invalid, and observe nearby mynewt devices fail. Note that this is not necessarily the only way in which this can fail, but it was just one incarnation we could repro (I had to disable some of the checks you mention to make mynewt advertise an invalid UUID in the first place.)
   * Test a local fix whereby every call to `ble_uuid_cmp` that operates on external data (as opposed to app-generated data) is guarded by a check for UUID validity; this is the change you see here.
   * Confirm that deploying this change to the field has stopped the problem.
   
   Again, I want to emphasize that I have no guarantee that 16-bit-in-128-bit UUID advertisement is the only way this can fail. In theory, any input that would result in `ble_uuid_cmp` asserting in a debug build will be a problem, and should be addressed. Verifying that there are no other entry points for an invalid external UUID is not something I could grep for, so your input here would be appreciated. Some things that spring to mind: disc of service by UUID, disc of characteristic by UUID (incl. read/write by UUID), as well as their gatt server counterparts whereby a peer requests a read/write of an invalid UUID.
   
   So with this information, what would you suggest as an appropriate fix?

----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on GitHub and use the
URL above to go to the specific comment.
 
For queries about this service, please contact Infrastructure at:
users@infra.apache.org


With regards,
Apache Git Services