[mynewt-nimble] 01/02: host: l2cap: check connection parameters in ble_l2cap_sig_update_req_rx

Thu, 21 Apr 2022 04:48:09 -0700 

This is an automated email from the ASF dual-hosted git repository.

janc pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/mynewt-nimble.git

commit 65755d5e405b853e69317a2519284a0c2d9b4c4a
Author: Krzysztof Kopyściński <krzysztof.kopyscin...@codecoup.pl>
AuthorDate: Wed Apr 20 12:28:28 2022 +0200

    host: l2cap: check connection parameters in ble_l2cap_sig_update_req_rx
    
    This should be done before asking application.
---
 nimble/host/src/ble_l2cap_sig.c | 41 +++++++++++++++++++++++++++++++++++++++++
 1 file changed, 41 insertions(+)

diff --git a/nimble/host/src/ble_l2cap_sig.c b/nimble/host/src/ble_l2cap_sig.c
index 52638527..05f5829f 100644
--- a/nimble/host/src/ble_l2cap_sig.c
+++ b/nimble/host/src/ble_l2cap_sig.c
@@ -373,6 +373,40 @@ ble_l2cap_sig_update_call_cb(struct ble_l2cap_sig_proc 
*proc, int status)
     }
 }
 
+static int
+ble_l2cap_sig_check_conn_params(const struct ble_gap_upd_params *params)
+{
+    /* Check connection interval min */
+    if ((params->itvl_min < BLE_HCI_CONN_ITVL_MIN) ||
+        (params->itvl_min > BLE_HCI_CONN_ITVL_MAX)) {
+        return BLE_ERR_INV_HCI_CMD_PARMS;
+    }
+    /* Check connection interval max */
+    if ((params->itvl_max < BLE_HCI_CONN_ITVL_MIN) ||
+        (params->itvl_max > BLE_HCI_CONN_ITVL_MAX) ||
+        (params->itvl_max < params->itvl_min)) {
+        return BLE_ERR_INV_HCI_CMD_PARMS;
+    }
+
+    /* Check connection latency */
+    if (params->latency > BLE_HCI_CONN_LATENCY_MAX) {
+        return BLE_ERR_INV_HCI_CMD_PARMS;
+    }
+
+    /* Check supervision timeout */
+    if ((params->supervision_timeout < BLE_HCI_CONN_SPVN_TIMEOUT_MIN) ||
+        (params->supervision_timeout > BLE_HCI_CONN_SPVN_TIMEOUT_MAX)) {
+        return BLE_ERR_INV_HCI_CMD_PARMS;
+    }
+
+    /* Check connection event length */
+    if (params->min_ce_len > params->max_ce_len) {
+        return BLE_ERR_INV_HCI_CMD_PARMS;
+    }
+
+    return 0;
+}
+
 int
 ble_l2cap_sig_update_req_rx(uint16_t conn_handle,
                             struct ble_l2cap_sig_hdr *hdr,
@@ -414,6 +448,12 @@ ble_l2cap_sig_update_req_rx(uint16_t conn_handle,
     params.min_ce_len = BLE_GAP_INITIAL_CONN_MIN_CE_LEN;
     params.max_ce_len = BLE_GAP_INITIAL_CONN_MAX_CE_LEN;
 
+    rc = ble_l2cap_sig_check_conn_params(&params);
+    if (rc != 0) {
+        /* Invalid parameters */
+        goto result;
+    }
+
     /* Ask application if slave's connection parameters are acceptable. */
     rc = ble_gap_rx_l2cap_update_req(conn_handle, &params);
     if (rc == 0) {
@@ -421,6 +461,7 @@ ble_l2cap_sig_update_req_rx(uint16_t conn_handle,
         rc = ble_gap_update_params(conn_handle, &params);
     }
 
+result:
     if (rc == 0) {
         l2cap_result = BLE_L2CAP_SIG_UPDATE_RSP_RESULT_ACCEPT;
     } else {

Reply via email to