diff --git a/components/bt/host/bluedroid/api/esp_gattc_api.c b/components/bt/host/bluedroid/api/esp_gattc_api.c index 9c1f00b65a..edb48edd56 100644 --- a/components/bt/host/bluedroid/api/esp_gattc_api.c +++ b/components/bt/host/bluedroid/api/esp_gattc_api.c @@ -352,7 +352,7 @@ esp_err_t esp_ble_gattc_read_char (esp_gatt_if_t gattc_if, ESP_BLUEDROID_STATUS_CHECK(ESP_BLUEDROID_STATUS_ENABLED); tGATT_TCB *p_tcb = gatt_get_tcb_by_idx(conn_id); - if (!p_tcb) { + if (!gatt_check_connection_state_by_tcb(p_tcb)) { LOG_WARN("%s, The connection not created.", __func__); return ESP_ERR_INVALID_STATE; } @@ -389,7 +389,7 @@ esp_err_t esp_ble_gattc_read_by_type (esp_gatt_if_t gattc_if, } tGATT_TCB *p_tcb = gatt_get_tcb_by_idx(conn_id); - if (!p_tcb) { + if (!gatt_check_connection_state_by_tcb(p_tcb)) { LOG_WARN("%s, The connection not created.", __func__); return ESP_ERR_INVALID_STATE; } @@ -421,7 +421,7 @@ esp_err_t esp_ble_gattc_read_multiple(esp_gatt_if_t gattc_if, ESP_BLUEDROID_STATUS_CHECK(ESP_BLUEDROID_STATUS_ENABLED); tGATT_TCB *p_tcb = gatt_get_tcb_by_idx(conn_id); - if (!p_tcb) { + if (!gatt_check_connection_state_by_tcb(p_tcb)) { LOG_WARN("%s, The connection not created.", __func__); return ESP_ERR_INVALID_STATE; } @@ -458,7 +458,7 @@ esp_err_t esp_ble_gattc_read_char_descr (esp_gatt_if_t gattc_if, ESP_BLUEDROID_STATUS_CHECK(ESP_BLUEDROID_STATUS_ENABLED); tGATT_TCB *p_tcb = gatt_get_tcb_by_idx(conn_id); - if (!p_tcb) { + if (!gatt_check_connection_state_by_tcb(p_tcb)) { LOG_WARN("%s, The connection not created.", __func__); return ESP_ERR_INVALID_STATE; } @@ -491,7 +491,7 @@ esp_err_t esp_ble_gattc_write_char(esp_gatt_if_t gattc_if, ESP_BLUEDROID_STATUS_CHECK(ESP_BLUEDROID_STATUS_ENABLED); tGATT_TCB *p_tcb = gatt_get_tcb_by_idx(conn_id); - if (!p_tcb) { + if (!gatt_check_connection_state_by_tcb(p_tcb)) { LOG_WARN("%s, The connection not created.", __func__); return ESP_ERR_INVALID_STATE; } @@ -529,7 +529,7 @@ esp_err_t esp_ble_gattc_write_char_descr (esp_gatt_if_t gattc_if, ESP_BLUEDROID_STATUS_CHECK(ESP_BLUEDROID_STATUS_ENABLED); tGATT_TCB *p_tcb = gatt_get_tcb_by_idx(conn_id); - if (!p_tcb) { + if (!gatt_check_connection_state_by_tcb(p_tcb)) { LOG_WARN("%s, The connection not created.", __func__); return ESP_ERR_INVALID_STATE; } @@ -567,7 +567,7 @@ esp_err_t esp_ble_gattc_prepare_write(esp_gatt_if_t gattc_if, ESP_BLUEDROID_STATUS_CHECK(ESP_BLUEDROID_STATUS_ENABLED); tGATT_TCB *p_tcb = gatt_get_tcb_by_idx(conn_id); - if (!p_tcb) { + if (!gatt_check_connection_state_by_tcb(p_tcb)) { LOG_WARN("%s, The connection not created.", __func__); return ESP_ERR_INVALID_STATE; } @@ -603,7 +603,7 @@ esp_err_t esp_ble_gattc_prepare_write_char_descr(esp_gatt_if_t gattc_if, ESP_BLUEDROID_STATUS_CHECK(ESP_BLUEDROID_STATUS_ENABLED); tGATT_TCB *p_tcb = gatt_get_tcb_by_idx(conn_id); - if (!p_tcb) { + if (!gatt_check_connection_state_by_tcb(p_tcb)) { LOG_WARN("%s, The connection not created.", __func__); return ESP_ERR_INVALID_STATE; } diff --git a/components/bt/host/bluedroid/api/esp_gatts_api.c b/components/bt/host/bluedroid/api/esp_gatts_api.c index f6585dd99f..881aec7fe7 100644 --- a/components/bt/host/bluedroid/api/esp_gatts_api.c +++ b/components/bt/host/bluedroid/api/esp_gatts_api.c @@ -254,7 +254,7 @@ esp_err_t esp_ble_gatts_send_indicate(esp_gatt_if_t gatts_if, uint16_t conn_id, ESP_BLUEDROID_STATUS_CHECK(ESP_BLUEDROID_STATUS_ENABLED); tGATT_TCB *p_tcb = gatt_get_tcb_by_idx(conn_id); - if (!p_tcb) { + if (!gatt_check_connection_state_by_tcb(p_tcb)) { LOG_WARN("%s, The connection not created.", __func__); return ESP_ERR_INVALID_STATE; } @@ -287,6 +287,12 @@ esp_err_t esp_ble_gatts_send_response(esp_gatt_if_t gatts_if, uint16_t conn_id, ESP_BLUEDROID_STATUS_CHECK(ESP_BLUEDROID_STATUS_ENABLED); + tGATT_TCB *p_tcb = gatt_get_tcb_by_idx(conn_id); + if (!gatt_check_connection_state_by_tcb(p_tcb)) { + LOG_WARN("%s, The connection not created.", __func__); + return ESP_ERR_INVALID_STATE; + } + msg.sig = BTC_SIG_API_CALL; msg.pid = BTC_PID_GATTS; msg.act = BTC_GATTS_ACT_SEND_RESPONSE; diff --git a/components/bt/host/bluedroid/stack/gatt/att_protocol.c b/components/bt/host/bluedroid/stack/gatt/att_protocol.c index 15ca89f915..52ac13da1e 100644 --- a/components/bt/host/bluedroid/stack/gatt/att_protocol.c +++ b/components/bt/host/bluedroid/stack/gatt/att_protocol.c @@ -312,6 +312,12 @@ BT_HDR *attp_build_value_cmd (UINT16 payload_size, UINT8 op_code, UINT16 handle, p_buf->len += 2; } + if(payload_size < GATT_DEF_BLE_MTU_SIZE || payload_size > GATT_MAX_MTU_SIZE) { + GATT_TRACE_ERROR("invalid payload_size %d", payload_size); + osi_free(p_buf); + return NULL; + } + if (len > 0 && p_data != NULL) { /* ensure data not exceed MTU size */ if (payload_size - p_buf->len < len) { diff --git a/components/bt/host/bluedroid/stack/gatt/gatt_api.c b/components/bt/host/bluedroid/stack/gatt/gatt_api.c index 50a01251f4..1d60319033 100644 --- a/components/bt/host/bluedroid/stack/gatt/gatt_api.c +++ b/components/bt/host/bluedroid/stack/gatt/gatt_api.c @@ -583,7 +583,7 @@ tGATT_STATUS GATTS_HandleValueIndication (UINT16 conn_id, UINT16 attr_handle, U return (tGATT_STATUS) GATT_INVALID_CONN_ID; } - if ((GATT_CH_OPEN != gatt_get_ch_state(p_tcb)) || (p_tcb->payload_size == 0)) { + if (!gatt_check_connection_state_by_tcb(p_tcb)) { GATT_TRACE_ERROR("connection not established\n"); return GATT_WRONG_STATE; } @@ -655,7 +655,7 @@ tGATT_STATUS GATTS_HandleValueNotification (UINT16 conn_id, UINT16 attr_handle, return (tGATT_STATUS) GATT_INVALID_CONN_ID; } - if ((GATT_CH_OPEN != gatt_get_ch_state(p_tcb)) || (p_tcb->payload_size == 0)) { + if (!gatt_check_connection_state_by_tcb(p_tcb)) { GATT_TRACE_ERROR("connection not established\n"); return GATT_WRONG_STATE; } @@ -707,6 +707,11 @@ tGATT_STATUS GATTS_SendRsp (UINT16 conn_id, UINT32 trans_id, return (tGATT_STATUS) GATT_INVALID_CONN_ID; } + if (!gatt_check_connection_state_by_tcb(p_tcb)) { + GATT_TRACE_ERROR("connection not established\n"); + return GATT_WRONG_STATE; + } + if (p_tcb->sr_cmd.trans_id != trans_id) { GATT_TRACE_ERROR ("GATTS_SendRsp conn_id: %u waiting for op_code = %02x\n", conn_id, p_tcb->sr_cmd.op_code); @@ -828,6 +833,11 @@ tGATT_STATUS GATTC_ConfigureMTU (UINT16 conn_id) return GATT_ILLEGAL_PARAMETER; } + if (!gatt_check_connection_state_by_tcb(p_tcb)) { + GATT_TRACE_ERROR("connection not established\n"); + return GATT_ERROR; + } + /* Validate that the link is BLE, not BR/EDR */ if (p_tcb->transport != BT_TRANSPORT_LE) { return GATT_ERROR; @@ -880,6 +890,10 @@ tGATT_STATUS GATTC_Discover (UINT16 conn_id, tGATT_DISC_TYPE disc_type, return GATT_ILLEGAL_PARAMETER; } + if (!gatt_check_connection_state_by_tcb(p_tcb)) { + GATT_TRACE_ERROR("connection not established\n"); + return GATT_ERROR; + } if (gatt_is_clcb_allocated(conn_id)) { GATT_TRACE_ERROR("GATTC_Discover GATT_BUSY conn_id = %d", conn_id); @@ -942,6 +956,11 @@ tGATT_STATUS GATTC_Read (UINT16 conn_id, tGATT_READ_TYPE type, tGATT_READ_PARAM return GATT_ILLEGAL_PARAMETER; } + if (!gatt_check_connection_state_by_tcb(p_tcb)) { + GATT_TRACE_ERROR("connection not established\n"); + return GATT_ERROR; + } + if (gatt_is_clcb_allocated(conn_id)) { GATT_TRACE_ERROR("GATTC_Read GATT_BUSY conn_id = %d", conn_id); return GATT_BUSY; @@ -1020,6 +1039,11 @@ tGATT_STATUS GATTC_Write (UINT16 conn_id, tGATT_WRITE_TYPE type, tGATT_VALUE *p_ return GATT_ILLEGAL_PARAMETER; } + if (!gatt_check_connection_state_by_tcb(p_tcb)) { + GATT_TRACE_ERROR("connection not established\n"); + return GATT_ERROR; + } + if (gatt_is_clcb_allocated(conn_id)) { GATT_TRACE_ERROR("GATTC_Write GATT_BUSY conn_id = %d", conn_id); return GATT_BUSY; @@ -1086,6 +1110,11 @@ tGATT_STATUS GATTC_ExecuteWrite (UINT16 conn_id, BOOLEAN is_execute) return GATT_ILLEGAL_PARAMETER; } + if (!gatt_check_connection_state_by_tcb(p_tcb)) { + GATT_TRACE_ERROR("connection not established\n"); + return GATT_ERROR; + } + if (gatt_is_clcb_allocated(conn_id)) { GATT_TRACE_ERROR("GATTC_Write GATT_BUSY conn_id = %d", conn_id); return GATT_BUSY; diff --git a/components/bt/host/bluedroid/stack/gatt/gatt_utils.c b/components/bt/host/bluedroid/stack/gatt/gatt_utils.c index 111a27cacf..a7b823cd8b 100644 --- a/components/bt/host/bluedroid/stack/gatt/gatt_utils.c +++ b/components/bt/host/bluedroid/stack/gatt/gatt_utils.c @@ -900,6 +900,27 @@ BOOLEAN gatt_is_bda_connected(BD_ADDR bda) } return connected; } + +/******************************************************************************* +** +** Function gatt_check_connection_state_by_tcb +** +** Description +** +** Returns TRUE if connected. Otherwise connection not established. +** +*******************************************************************************/ +BOOLEAN gatt_check_connection_state_by_tcb(tGATT_TCB *p_tcb) +{ + BOOLEAN connected = FALSE; + + if(p_tcb && gatt_get_ch_state(p_tcb) == GATT_CH_OPEN) { + connected = TRUE; + } + + return connected; +} + /******************************************************************************* ** ** Function gatt_find_i_tcb_by_addr diff --git a/components/bt/host/bluedroid/stack/gatt/include/gatt_int.h b/components/bt/host/bluedroid/stack/gatt/include/gatt_int.h index 6bb1d8a0d1..31c2ce479a 100644 --- a/components/bt/host/bluedroid/stack/gatt/include/gatt_int.h +++ b/components/bt/host/bluedroid/stack/gatt/include/gatt_int.h @@ -754,6 +754,8 @@ extern tGATT_STATUS gatts_read_attr_perm_check(tGATT_SVC_DB *p_db, BOOLEAN is_lo extern void gatts_update_srv_list_elem(UINT8 i_sreg, UINT16 handle, BOOLEAN is_primary); extern tBT_UUID *gatts_get_service_uuid (tGATT_SVC_DB *p_db); +extern BOOLEAN gatt_check_connection_state_by_tcb(tGATT_TCB *p_tcb); + extern void gatt_reset_bgdev_list(void); extern uint16_t gatt_get_local_mtu(void); extern void gatt_set_local_mtu(uint16_t mtu); diff --git a/components/bt/host/bluedroid/stack/l2cap/l2c_api.c b/components/bt/host/bluedroid/stack/l2cap/l2c_api.c index a3dddca13d..0c64eedc27 100644 --- a/components/bt/host/bluedroid/stack/l2cap/l2c_api.c +++ b/components/bt/host/bluedroid/stack/l2cap/l2c_api.c @@ -2330,7 +2330,7 @@ void l2ble_update_att_acl_pkt_num(UINT8 type, tl2c_buff_param_t *param) break; } - if ((GATT_CH_OPEN != gatt_get_ch_state(p_tcb)) || (p_tcb->payload_size == 0)) { + if (!gatt_check_connection_state_by_tcb(p_tcb)) { L2CAP_TRACE_ERROR("connection not established\n"); xSemaphoreGive(buff_semaphore); break;