hci.c - OpenGrok cross reference for /btstack/src/hci.c

Deleted Added

sdiffudifftextold (acadfdd0..)new (72cf8859..)

hci.c (acadfdd023cdfb4d03a2593b356ce08efbe34b20)	hci.c (72cf8859b1e1fd6d954b0d294cc004d0375f8055)
1/* 2 * Copyright (C) 2014 BlueKitchen GmbH 3 * 4 * Redistribution and use in source and binary forms, with or without 5 * modification, are permitted provided that the following conditions 6 * are met: 7 * 8 * 1. Redistributions of source code must retain the above copyright --- 2520 unchanged lines hidden (view full) --- 2529 case HCI_EVENT_REMOTE_NAME_REQUEST_COMPLETE: 2530 if (hci_stack->remote_name_state == GAP_REMOTE_NAME_STATE_W4_COMPLETE){ 2531 hci_stack->remote_name_state = GAP_REMOTE_NAME_STATE_IDLE; 2532 } 2533 break; 2534 case HCI_EVENT_CONNECTION_REQUEST: 2535 reverse_bd_addr(&packet[2], addr); 2536 link_type = (hci_link_type_t) packet[11];	1/* 2 * Copyright (C) 2014 BlueKitchen GmbH 3 * 4 * Redistribution and use in source and binary forms, with or without 5 * modification, are permitted provided that the following conditions 6 * are met: 7 * 8 * 1. Redistributions of source code must retain the above copyright --- 2520 unchanged lines hidden (view full) --- 2529 case HCI_EVENT_REMOTE_NAME_REQUEST_COMPLETE: 2530 if (hci_stack->remote_name_state == GAP_REMOTE_NAME_STATE_W4_COMPLETE){ 2531 hci_stack->remote_name_state = GAP_REMOTE_NAME_STATE_IDLE; 2532 } 2533 break; 2534 case HCI_EVENT_CONNECTION_REQUEST: 2535 reverse_bd_addr(&packet[2], addr); 2536 link_type = (hci_link_type_t) packet[11];
	2537 2538 // CVE-2020-26555: reject incoming connection from device with same BD ADDR 2539 if (memcmp(hci_stack->local_bd_addr, addr, 6) == 0){ 2540 hci_stack->decline_reason = ERROR_CODE_CONNECTION_REJECTED_DUE_TO_UNACCEPTABLE_BD_ADDR; 2541 bd_addr_copy(hci_stack->decline_addr, addr); 2542 break; 2543 } 2544
2537 if (hci_stack->gap_classic_accept_callback != NULL){ 2538 if ((hci_stack->gap_classic_accept_callback)(addr, link_type) == 0){ 2539 hci_stack->decline_reason = ERROR_CODE_CONNECTION_REJECTED_DUE_TO_UNACCEPTABLE_BD_ADDR; 2540 bd_addr_copy(hci_stack->decline_addr, addr); 2541 break; 2542 } 2543 } 2544 --- 2416 unchanged lines hidden* (view full) --- 4961 hci_stack->loopback_mode = packet[3]; 4962 break; 4963 4964#ifdef ENABLE_CLASSIC 4965 case HCI_OPCODE_HCI_CREATE_CONNECTION: 4966 reverse_bd_addr(&packet[3], addr); 4967 log_info("Create_connection to %s", bd_addr_to_str(addr)); 4968	2545 if (hci_stack->gap_classic_accept_callback != NULL){ 2546 if ((hci_stack->gap_classic_accept_callback)(addr, link_type) == 0){ 2547 hci_stack->decline_reason = ERROR_CODE_CONNECTION_REJECTED_DUE_TO_UNACCEPTABLE_BD_ADDR; 2548 bd_addr_copy(hci_stack->decline_addr, addr); 2549 break; 2550 } 2551 } 2552 --- 2416 unchanged lines hidden* (view full) --- 4969 hci_stack->loopback_mode = packet[3]; 4970 break; 4971 4972#ifdef ENABLE_CLASSIC 4973 case HCI_OPCODE_HCI_CREATE_CONNECTION: 4974 reverse_bd_addr(&packet[3], addr); 4975 log_info("Create_connection to %s", bd_addr_to_str(addr)); 4976
	4977 // CVE-2020-26555: reject outgoing connection to device with same BD ADDR 4978 if (memcmp(hci_stack->local_bd_addr, addr, 6) == 0) { 4979 hci_emit_connection_complete(addr, conn->con_handle, ERROR_CODE_CONNECTION_REJECTED_DUE_TO_UNACCEPTABLE_BD_ADDR); 4980 return -1; 4981 } 4982
4969 conn = hci_connection_for_bd_addr_and_type(addr, BD_ADDR_TYPE_ACL); 4970 if (!conn) { 4971 conn = create_connection_for_bd_addr_and_type(addr, BD_ADDR_TYPE_ACL); 4972 if (!conn) { 4973 // notify client that alloc failed 4974 hci_emit_connection_complete(addr, 0, BTSTACK_MEMORY_ALLOC_FAILED); 4975 return -1; // packet not sent to controller 4976 } 4977 conn->state = SEND_CREATE_CONNECTION; 4978 conn->role = HCI_ROLE_MASTER; 4979 } 4980 log_info("conn state %u", conn->state); 4981 switch (conn->state) { 4982 // if connection active exists 4983 case OPEN: 4984 // and OPEN, emit connection complete command	4983 conn = hci_connection_for_bd_addr_and_type(addr, BD_ADDR_TYPE_ACL); 4984 if (!conn) { 4985 conn = create_connection_for_bd_addr_and_type(addr, BD_ADDR_TYPE_ACL); 4986 if (!conn) { 4987 // notify client that alloc failed 4988 hci_emit_connection_complete(addr, 0, BTSTACK_MEMORY_ALLOC_FAILED); 4989 return -1; // packet not sent to controller 4990 } 4991 conn->state = SEND_CREATE_CONNECTION; 4992 conn->role = HCI_ROLE_MASTER; 4993 } 4994 log_info("conn state %u", conn->state); 4995 switch (conn->state) { 4996 // if connection active exists 4997 case OPEN: 4998 // and OPEN, emit connection complete command
4985 hci_emit_connection_complete(addr, conn->con_handle, 0);	4999 hci_emit_connection_complete(addr, conn->con_handle, ERROR_CODE_SUCCESS);
4986 return -1; // packet not sent to controller 4987 case RECEIVED_DISCONNECTION_COMPLETE: 4988 // create connection triggered in disconnect complete event, let's do it now 4989 break; 4990 case SEND_CREATE_CONNECTION: 4991 // connection created by hci, e.g. dedicated bonding, but not executed yet, let's do it now 4992 break; 4993 default: --- 1736 unchanged lines hidden ---	5000 return -1; // packet not sent to controller 5001 case RECEIVED_DISCONNECTION_COMPLETE: 5002 // create connection triggered in disconnect complete event, let's do it now 5003 break; 5004 case SEND_CREATE_CONNECTION: 5005 // connection created by hci, e.g. dedicated bonding, but not executed yet, let's do it now 5006 break; 5007 default: --- 1736 unchanged lines hidden ---