You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@mynewt.apache.org by we...@apache.org on 2017/03/24 23:15:59 UTC
[37/50] [abbrv] incubator-mynewt-core git commit: nimble/controller:
Fix handling incorrect LL opcode
nimble/controller: Fix handling incorrect LL opcode
According to BT specification v5.0 Vol.6 Part B, 2.4.2
If an LL Control PDU is:
* not supported
* not used
* invalid i.e. set to value that is Reserved for Future use
or CtrlData is invalid, the Link Layer shall respond with an
LL_UNKNOWN_RSP PDU.
This closes #633
Project: http://git-wip-us.apache.org/repos/asf/incubator-mynewt-core/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-mynewt-core/commit/f5b3bf68
Tree: http://git-wip-us.apache.org/repos/asf/incubator-mynewt-core/tree/f5b3bf68
Diff: http://git-wip-us.apache.org/repos/asf/incubator-mynewt-core/diff/f5b3bf68
Branch: refs/heads/nrf_cputime
Commit: f5b3bf68445d645866366bd8c25ce2031215770f
Parents: 0f10379
Author: \u0141ukasz Rymanowski <lu...@codecoup.pl>
Authored: Wed Mar 22 14:15:53 2017 +0100
Committer: William San Filippo <wi...@runtime.io>
Committed: Wed Mar 22 09:47:56 2017 -0700
----------------------------------------------------------------------
net/nimble/controller/src/ble_ll_ctrl.c | 23 ++++++++++++++---------
1 file changed, 14 insertions(+), 9 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/incubator-mynewt-core/blob/f5b3bf68/net/nimble/controller/src/ble_ll_ctrl.c
----------------------------------------------------------------------
diff --git a/net/nimble/controller/src/ble_ll_ctrl.c b/net/nimble/controller/src/ble_ll_ctrl.c
index 1ba93bd..f933922 100644
--- a/net/nimble/controller/src/ble_ll_ctrl.c
+++ b/net/nimble/controller/src/ble_ll_ctrl.c
@@ -1522,6 +1522,7 @@ ble_ll_ctrl_rx_pdu(struct ble_ll_conn_sm *connsm, struct os_mbuf *om)
#if (MYNEWT_VAL(BLE_LL_CFG_FEAT_LE_ENCRYPTION) == 1)
int restart_encryption;
#endif
+ int rc = 0;
/* XXX: where do we validate length received and packet header length?
* do this in LL task when received. Someplace!!! What I mean
@@ -1558,10 +1559,14 @@ ble_ll_ctrl_rx_pdu(struct ble_ll_conn_sm *connsm, struct os_mbuf *om)
ble_ll_log(BLE_LL_LOG_ID_LL_CTRL_RX, opcode, len, 0);
- /* opcode must be good */
+ /* If opcode comes from reserved value or CtrlData fields is invalid
+ * we shall respond with LL_UNKNOWN_RSP
+ */
if ((opcode >= BLE_LL_CTRL_OPCODES) ||
(len != g_ble_ll_ctrl_pkt_lengths[opcode])) {
- goto rx_malformed_ctrl;
+ rc = -1;
+ rsp_opcode = BLE_LL_CTRL_UNKNOWN_RSP;
+ goto ll_ctrl_send_rsp;
}
#if (MYNEWT_VAL(BLE_LL_CFG_FEAT_LE_ENCRYPTION) == 1)
@@ -1626,7 +1631,9 @@ ble_ll_ctrl_rx_pdu(struct ble_ll_conn_sm *connsm, struct os_mbuf *om)
case BLE_LL_CTRL_LENGTH_REQ:
/* Extract parameters and check if valid */
if (ble_ll_ctrl_len_proc(connsm, dptr)) {
- goto rx_malformed_ctrl;
+ rc = -1;
+ rsp_opcode = BLE_LL_CTRL_UNKNOWN_RSP;
+ goto ll_ctrl_send_rsp;
}
/*
@@ -1647,7 +1654,9 @@ ble_ll_ctrl_rx_pdu(struct ble_ll_conn_sm *connsm, struct os_mbuf *om)
if (connsm->cur_ctrl_proc == BLE_LL_CTRL_PROC_DATA_LEN_UPD) {
/* Process the received data */
if (ble_ll_ctrl_len_proc(connsm, dptr)) {
- goto rx_malformed_ctrl;
+ rc = -1;
+ rsp_opcode = BLE_LL_CTRL_UNKNOWN_RSP;
+ goto ll_ctrl_send_rsp;
}
/* Stop the control procedure */
@@ -1743,11 +1752,7 @@ ll_ctrl_send_rsp:
}
#endif
}
- return 0;
-
-rx_malformed_ctrl:
- os_mbuf_free_chain(om);
- return -1;
+ return rc;
}
/**