diff options
author | Jakub Pawlowski <jpawlowski@google.com> | 2018-05-23 10:19:53 -0700 |
---|---|---|
committer | Tim Schumacher <timschumi@gmx.de> | 2018-09-09 00:28:22 +0200 |
commit | 7d67bf35bc3b06e16c154ac8819841466f7fb135 (patch) | |
tree | d75673dff0124937e9b42fcc7543e43e5eeb8c88 | |
parent | a924846623f320051ee92d1e5b0ee67c36cdfc16 (diff) | |
download | android_system_bt-7d67bf35bc3b06e16c154ac8819841466f7fb135.tar.gz android_system_bt-7d67bf35bc3b06e16c154ac8819841466f7fb135.tar.bz2 android_system_bt-7d67bf35bc3b06e16c154ac8819841466f7fb135.zip |
GATT: Handle too short Error Response PDU
Since the spec is not clear what to do in this case, use one of
reserved error codes as a failure reason, and pass it to upper layers.
Bug: 79591688
Change-Id: Ie6a53e9c8e4ceb8f1e5a75aee44baa5f4a798c4f
Merged-In: Ie6a53e9c8e4ceb8f1e5a75aee44baa5f4a798c4f
(cherry picked from commit f63c4b652b3231c2b4907bffd13410c6eb2aa760)
-rw-r--r-- | stack/gatt/gatt_cl.c | 22 |
1 files changed, 19 insertions, 3 deletions
diff --git a/stack/gatt/gatt_cl.c b/stack/gatt/gatt_cl.c index aab2d7157..998a50b94 100644 --- a/stack/gatt/gatt_cl.c +++ b/stack/gatt/gatt_cl.c @@ -31,6 +31,7 @@ #include "gki.h" #include "gatt_int.h" #include "l2c_int.h" +#include "log/log.h" #define GATT_WRITE_LONG_HDR_SIZE 5 /* 1 opcode + 2 handle + 2 offset */ #define GATT_READ_CHAR_VALUE_HDL (GATT_READ_CHAR_VALUE | 0x80) @@ -566,9 +567,24 @@ void gatt_process_error_rsp(tGATT_TCB *p_tcb, tGATT_CLCB *p_clcb, UINT8 op_code, UNUSED(len); GATT_TRACE_DEBUG("gatt_process_error_rsp "); - STREAM_TO_UINT8(opcode, p); - STREAM_TO_UINT16(handle, p); - STREAM_TO_UINT8(reason, p); + + if (len < 4) { + android_errorWriteLog(0x534e4554, "79591688"); + GATT_TRACE_ERROR("Error response too short"); + // Specification does not clearly define what should happen if error + // response is too short. General rule in BT Spec 5.0 Vol 3, Part F 3.4.1.1 + // is: "If an error code is received in the Error Response that is not + // understood by the client, for example an error code that was reserved for + // future use that is now being used in a future version of this + // specification, then the Error Response shall still be considered to state + // that the given request cannot be performed for an unknown reason." + opcode = handle = 0; + reason = 0x7F; + } else { + STREAM_TO_UINT8(opcode, p); + STREAM_TO_UINT16(handle, p); + STREAM_TO_UINT8(reason, p); + } if (p_clcb->operation == GATTC_OPTYPE_DISCOVERY) { |