You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@mynewt.apache.org by cc...@apache.org on 2016/11/17 21:24:52 UTC

incubator-mynewt-core git commit: BLE Host - Don't allow ATT tx to unconnected peer

Repository: incubator-mynewt-core
Updated Branches:
  refs/heads/1_0_0_b1_dev 20f6e518b -> 68e8ec557


BLE Host - Don't allow ATT tx to unconnected peer

The ATT client transmit function (ble_att_clt_tx_req) assumed the
specified connection handle was valid, and proceded to dereference some
null pointers.

Now, the function returns BLE_HS_ENOTCONN immediately if the specified
connection handle is not valid.


Project: http://git-wip-us.apache.org/repos/asf/incubator-mynewt-core/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-mynewt-core/commit/68e8ec55
Tree: http://git-wip-us.apache.org/repos/asf/incubator-mynewt-core/tree/68e8ec55
Diff: http://git-wip-us.apache.org/repos/asf/incubator-mynewt-core/diff/68e8ec55

Branch: refs/heads/1_0_0_b1_dev
Commit: 68e8ec557151dff701b3014146c6682b1364d52d
Parents: 20f6e51
Author: Christopher Collins <cc...@apache.org>
Authored: Thu Nov 17 11:22:23 2016 -0800
Committer: Christopher Collins <cc...@apache.org>
Committed: Thu Nov 17 12:40:13 2016 -0800

----------------------------------------------------------------------
 net/nimble/host/src/ble_att_clt.c | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/incubator-mynewt-core/blob/68e8ec55/net/nimble/host/src/ble_att_clt.c
----------------------------------------------------------------------
diff --git a/net/nimble/host/src/ble_att_clt.c b/net/nimble/host/src/ble_att_clt.c
index a4a6988..e03f6fe 100644
--- a/net/nimble/host/src/ble_att_clt.c
+++ b/net/nimble/host/src/ble_att_clt.c
@@ -71,8 +71,12 @@ ble_att_clt_tx_req(uint16_t conn_handle, struct os_mbuf *txom)
     ble_hs_lock();
 
     ble_att_conn_chan_find(conn_handle, &conn, &chan);
-    ble_att_truncate_to_mtu(chan, txom);
-    rc = ble_l2cap_tx(conn, chan, txom);
+    if (chan == NULL) {
+        rc = BLE_HS_ENOTCONN;
+    } else {
+        ble_att_truncate_to_mtu(chan, txom);
+        rc = ble_l2cap_tx(conn, chan, txom);
+    }
 
     ble_hs_unlock();