This is an automated email from the ASF dual-hosted git repository.

janc pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/mynewt-nimble.git


The following commit(s) were added to refs/heads/master by this push:
     new 6f5b33ca0 nimble/audio/bass: Add data length check in BASS remote scan
6f5b33ca0 is described below

commit 6f5b33ca0c33fd2c1421ffde61e096cff54c112e
Author: Szymon Czapracki <szymon.czapra...@codecoup.pl>
AuthorDate: Thu Aug 8 15:39:06 2024 +0200

    nimble/audio/bass: Add data length check in BASS remote scan
    
    This commit adds data length checks to remote scan operations.
    Now any data coming with remote scan start/stop will result
    in instant ATT error.
---
 nimble/host/audio/services/bass/src/ble_audio_svc_bass.c | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/nimble/host/audio/services/bass/src/ble_audio_svc_bass.c 
b/nimble/host/audio/services/bass/src/ble_audio_svc_bass.c
index 87e4da211..dfad886bb 100644
--- a/nimble/host/audio/services/bass/src/ble_audio_svc_bass.c
+++ b/nimble/host/audio/services/bass/src/ble_audio_svc_bass.c
@@ -251,6 +251,10 @@ ble_svc_audio_bass_receive_state_free(struct 
ble_svc_audio_bass_rcv_state_entry
 static int
 ble_svc_audio_bass_remote_scan_stopped(uint8_t *data, uint16_t data_len, 
uint16_t conn_handle)
 {
+    if (data_len > 1) {
+        return BLE_ATT_ERR_WRITE_REQ_REJECTED;
+    }
+
     struct ble_audio_event ev = {
         .type = BLE_AUDIO_EVENT_BASS_REMOTE_SCAN_STOPPED
     };
@@ -264,6 +268,10 @@ ble_svc_audio_bass_remote_scan_stopped(uint8_t *data, 
uint16_t data_len, uint16_
 static int
 ble_svc_audio_bass_remote_scan_started(uint8_t *data, uint16_t data_len, 
uint16_t conn_handle)
 {
+    if (data_len > 1) {
+        return BLE_ATT_ERR_WRITE_REQ_REJECTED;
+    }
+
     struct ble_audio_event ev = {
         .type = BLE_AUDIO_EVENT_BASS_REMOTE_SCAN_STARTED
     };

Reply via email to