diff options
| author | Luiz Augusto von Dentz <luiz.von.dentz@intel.com> | 2022-03-31 15:25:10 -0700 |
|---|---|---|
| committer | Luiz Augusto von Dentz <luiz.von.dentz@intel.com> | 2022-04-01 16:24:55 -0700 |
| commit | 6d15315570a43375ab98fa01841e5d957de1724c (patch) | |
| tree | 889a1e2c75bcf540eb2e932fc5258c0aaf0cc42b /emulator | |
| parent | ff35b1d2e97e68f67cc556f85005636b65a190cb (diff) | |
| download | bluez-6d15315570a43375ab98fa01841e5d957de1724c.tar.gz | |
btdev: Check parameter for CIG related commands
This checks if the parameters given to Set CIG Parameters and Remove CIG
are in the valid range.
Diffstat (limited to 'emulator')
| -rw-r--r-- | emulator/btdev.c | 60 |
1 files changed, 59 insertions, 1 deletions
diff --git a/emulator/btdev.c b/emulator/btdev.c index 0651a28e2..9dc7b1e90 100644 --- a/emulator/btdev.c +++ b/emulator/btdev.c @@ -5718,6 +5718,8 @@ static int cmd_set_cig_params(struct btdev *dev, const void *data, uint16_t handle[CIS_SIZE]; } __attribute__ ((packed)) rsp; int i = 0; + uint32_t interval; + uint16_t latency; memset(&rsp, 0, sizeof(rsp)); @@ -5726,6 +5728,56 @@ static int cmd_set_cig_params(struct btdev *dev, const void *data, goto done; } + if (cmd->cig_id > 0xef) { + rsp.params.status = BT_HCI_ERR_INVALID_PARAMETERS; + goto done; + } + + interval = get_le24(cmd->c_interval); + if (interval < 0x0000ff || interval > 0x0fffff) { + rsp.params.status = BT_HCI_ERR_INVALID_PARAMETERS; + goto done; + } + + interval = get_le24(cmd->p_interval); + if (interval < 0x0000ff || interval > 0x0fffff) { + rsp.params.status = BT_HCI_ERR_INVALID_PARAMETERS; + goto done; + } + + if (cmd->sca > 0x07) { + rsp.params.status = BT_HCI_ERR_INVALID_PARAMETERS; + goto done; + } + + if (cmd->packing > 0x01) { + rsp.params.status = BT_HCI_ERR_INVALID_PARAMETERS; + goto done; + } + + if (cmd->framing > 0x01) { + rsp.params.status = BT_HCI_ERR_INVALID_PARAMETERS; + goto done; + } + + latency = cpu_to_le16(cmd->c_latency); + if (latency < 0x0005 || latency > 0x0fa0) { + rsp.params.status = BT_HCI_ERR_INVALID_PARAMETERS; + goto done; + } + + latency = cpu_to_le16(cmd->p_latency); + if (latency < 0x0005 || latency > 0x0fa0) { + rsp.params.status = BT_HCI_ERR_INVALID_PARAMETERS; + goto done; + } + + if (dev->le_cig.params.cig_id != 0xff && + dev->le_cig.params.cig_id != cmd->cig_id) { + rsp.params.status = BT_HCI_ERR_INVALID_PARAMETERS; + goto done; + } + memcpy(&dev->le_cig, data, len); rsp.params.status = BT_HCI_ERR_SUCCESS; @@ -5849,8 +5901,13 @@ static int cmd_remove_cig(struct btdev *dev, const void *data, uint8_t len) memset(&dev->le_cig, 0, sizeof(dev->le_cig)); memset(&rsp, 0, sizeof(rsp)); - rsp.status = BT_HCI_ERR_SUCCESS; rsp.cig_id = cmd->cig_id; + + if (dev->le_cig.params.cig_id == cmd->cig_id) + rsp.status = BT_HCI_ERR_SUCCESS; + else + rsp.status = BT_HCI_ERR_UNKNOWN_CONN_ID; + cmd_complete(dev, BT_HCI_CMD_LE_REMOVE_CIG, &rsp, sizeof(rsp)); return 0; @@ -6777,6 +6834,7 @@ struct btdev *btdev_create(enum btdev_type type, uint16_t id) btdev->iso_mtu = 251; btdev->iso_max_pkt = 1; + btdev->le_cig.params.cig_id = 0xff; btdev->country_code = 0x00; |