| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Added error check and handling code in gatts_process_read_req to
make sure that the packet length is correct.
Please note that there is another earlier CL that is reverted and this
is the updated one.
Bug: 73172115
Test: Run the test program, poc, that was attached in the bug report
Merged-In: Ia9b4e502fa8f8384bf9767e68f73b48a0915141b
Change-Id: Ia9b4e502fa8f8384bf9767e68f73b48a0915141b
(cherry picked from commit cc9c7330d1c3507d745170ae7b2e0546197b7acb)
(cherry picked from commit 16f4c21be5bd0ea1968eee8a0f00648b1e326253)
CVE-2018-9358
|
| |
|
|
|
|
|
|
| |
Validates whether the PDU length of GATT Write requests
satisfy the minimum length requirements of GATT write
attribute request format.
Change-Id: I5136f468e823248a5b1301b5c3146257b0563842
|
| |
|
|
|
|
|
|
|
| |
Included support for LE data packet extension feature according
to BT 4.2 spec. This patch checks if the controller supports LE
packet extension and provides functions to set the PDU length.
Bug: 20013956
Change-Id: I6a92970fede2f793ad48c9fa2e0247ad00297533
|
| |\
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
e07ad10 merge in m-wireless-internal-release history after reset to d232721ae5e5b6949a5249f0d116408b8a3c5f1d
d232721 L2CAP socket - fix merge errors
899b771 BR/EDR secure connections support
7fb0da6 Support numeric comparison in SMP
aa351f2 merge in m-wireless-internal-release history after reset to 399e89150b3df87172bdf92d54712b379324b149
399e891 Fix for AVRCP CTRL stops sending pass through command
daddea9 Free Avrcp Controller callbacks on Cleanup
764babe Protect reset of out stream with mutex
444a8da LE Privacy 1.2 and LE secure connections
8372aa5 L2CAP and SDP Search API for BT profiles (2/2)
fd422a7 Update Service Availability.
2a0652a merge in m-wireless-internal-release history after reset to 0b47e0a35c16f5b7d77c30ec1c095ed92ff4fd74
78d0f4c merge in m-wireless-internal-release history after reset to m-wireless-internal-dev
0b47e0a Avoid duplicate disconnection callbacks for fixed channel connections
5646973 Add a section on assertions to the style guide.
d768767 Merge "Avoid null-pointer dereference in l2c_release_lcb()" into m-wireless-dev
ef92b53 Avoid null-pointer dereference in l2c_release_lcb()
4bf68bf merge in m-wireless-internal-release history after reset to f538707fe64c62b1dbb8e4210e4a1bfa0bab2b56
de6ac86 Add a 'Bluedroid conventions' section to the style guide.
1b80439 Add a section to the style guide on variable declarations.
485f19e merge in m-wireless-internal-release history after reset to 4540f59bc447dc2b7b31a3e974b74a60b2417e7d
bef8940 merge in m-wireless-internal-release history after reset to 841c9103cad1898ceca87b734acd4d4537f9f452
ab4c38c merge in m-wireless-internal-release history after reset to a7e698f5a9e062f62e21bc435643975c30bab846
2807a74 merge in m-wireless-internal-release history after reset to a7e698f5a9e062f62e21bc435643975c30bab846
99dbe9a merge in m-wireless-internal-release history after reset to 78c0b060f29b7b7014adddb2f98bf6ae9755c488
f7f8399 merge in m-wireless-internal-release history after reset to a5371c238b4e874d8313ac56a23451e7345ff541
3aa60d7 Make A2DP audio HAL a shared library again
3256a31 Move unused include file out of hci_audio.h
b866b69 Add option for schedule_next_instance to force rescheduling
4ae5e3e Ensure alarms are called back when they expire in the past
a7bd03e Rewrite alarms to use a single posix timer instance
88e7b15 Resolved hardware error observed during SCO Connection setup
Change-Id: Ib9a0a2ffca1d4811a9a9e56674bf43275d8b2205
|
| | |
| |
| |
| |
| |
| | |
Bug: 19816438
Original author: Chaojing Sun <cjsun@broadcom.com>
Change-Id: I5951f4d4e038f8348a62aa6d19b2111bae0b3ecc
|
| |\|
| |
| |
| | |
Change-Id: Iaaec1ea0bf3009b7e32a9a60f697631a3f56e889
|
| | |
| |
| |
| | |
Also add another API GKI_queue_length(BUFFER_Q *)
|
| | |
| |
| |
| |
| |
| |
| |
| |
| | |
This patch removes a slew of unused variables and some unused functions,
fixes some incomplete initializations of structs and an sprintf
parameter mismatching the format string.
Change-Id: I35f22fdccc8350f885cd357d3685b869224fa433
Signed-off-by: Bernhard Rosenkränzer <Bernhard.Rosenkranzer@linaro.org>
|
| |\ \
| |/
|/|
| |
| | |
* commit '8b52f5f2f0eb1e3748a19af4438147872cba1cd2':
Suppress the warning compiled with gcc-4.9
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Fix the warning below:
gatt_sr.c: In function 'gatt_sr_process_app_rsp':
gatt_sr.c:175:27: warning: 'p_rsp' may be used uninitialized in this function [-Wmaybe-uninitialized]
p_rsp = (tGATTS_RSP *)GKI_getnext (p_rsp);
^
gatt_sr.c:125:23: note: 'p_rsp' was declared here
tGATTS_RSP *p_rsp;
^
Change-Id: I894495ed7893e958f009778e629525b85d56b2f6
|
| | |
| |
| |
| |
| | |
Bug: 16560957
Change-Id: I085a2218644615bc13f5a0d0d78fc2afe0605a04
|
| | |
| |
| |
| | |
Change-Id: I6d1e61ff023b5fd19f144955cff16831cc18c6e6
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
The features include:
- LE Peripheral Mode
- Link Layer topology (LE Central & Peripheral Concurrency)
- Dual Mode Topology (Ability to choose LE transport when connecting with
other Dual Mode devices)
- Fast advertising Interval
- Limited Discovery Time Changes
- GAP Authentication and Lost Bond
- Dual Mode Addressing
- Common Profile and Service Error Code
- 32 bit UUIDs
Change-Id: Ic6701da4cf6aaa390ff2c8816b43157f36b7fb42
|
| | |
| |
| |
| |
| | |
bug:13568537
Change-Id: If1a4e93b7ef53662bd740da0d3bb91fe747de031
|
| |/
|
|
|
|
|
|
|
|
|
|
| |
Mostly fixing unused parameter warnings.
A few other warnings also fixed like possible use of
unitialized variables (no real issue found, just compiler couldn't
follow the path), signed vs unsigned warning.
Also fixed some typos, indent issues, removal of dead code, etc.
Change-Id: I95eb887aefc4d559d7921f71a0af5f3bfb01ac01
Signed-off-by: Mike J. Chen <mjchen@google.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Do additional length checks when handling malformed messages. These
messages are never valid, and should be dropped if seen.
Before starting to parse out PDU content, it is verified that the
buffer contains sufficient bytes and error condition is returned
if this is not the case.
Bug: 11045073
Change-Id: Ifb792d1575e0514f33e75ed73247ea638807901e
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This change fixes the following issues:
- Second GATT-over-BR/EDR channel cannot be established when there
already is an existing GATT-over-BR/EDR channel
- If encryption fails for an LE connection due to a missing key,
the security state is not being cleared and blocks all further
security processing
- When DM discovery of an LE Peripheral device fails with a
connection timeout, no further discovery requests can be made
- GATT service discovery can get into endless loop when duplicate descriptor
definitions are found on the remote device
- When GATT over BR/EDR fails, BTA does not give a connection
callback to the application initiating the connection
- BR/EDR connection to remote platform does not generate API callbacks
- Stack crash discovered during UPF after remote disconnects
- The host is sending HCI disconnect to invalid HCI handle when
SMP fails because of a connection timeout
- Possible race condition:
If a disconnect is immediately followed by a connection complete,
the connection complete cannot be processed in the BTA GATT state
machine
- Write Complete event is not triggered for Prepare Write requests
Change-Id: I539cdedd68007818ff4f0d0213cee1c913f72d0f
Conflicts:
bta/gatt/bta_gatts_act.c
|
| |
|
|
|
|
|
|
| |
Check requested MTU sizes to ensure a minimum MTU size. Otherwise remote
devices may request an MTU that's too small, preventing any further
communication with the remote device.
Change-Id: I3ba97cf6e6c464825778a8c8902f99f6662c3762
|
| |
|
|
| |
Change-Id: I9825a5cef9be2559c34c2a529b211b7d471147cf
|
|
|
Change-Id: Ia2de32ccb97a9641462c72363b0a8c4288f4f36d
|
