| sdp_server.c (84e3541e4b5ea68a774e8e8a4f738501f48cf864) | sdp_server.c (c1ab6cc1beb14b16b46e74a3723644016d8c3cc7) |
|---|---|
| 1/* 2 * Copyright (C) 2014 BlueKitchen GmbH 3 * 4 * Redistribution and use in source and binary forms, with or without 5 * modification, are permitted provided that the following conditions 6 * are met: 7 * 8 * 1. Redistributions of source code must retain the above copyright --- 181 unchanged lines hidden (view full) --- 190 // assert max record count is contained 191 if (param_len < 2) return 0; 192 uint16_t maximumServiceRecordCount = big_endian_read_16(packet, 5 + serviceSearchPatternLen); 193 param_len -= 2; 194 // assert continuation state len is contained in param_len 195 if (param_len < 1) return 0; 196 uint8_t * continuationState = &packet[5+serviceSearchPatternLen+2]; 197 // assert continuation state is contained in param_len | 1/* 2 * Copyright (C) 2014 BlueKitchen GmbH 3 * 4 * Redistribution and use in source and binary forms, with or without 5 * modification, are permitted provided that the following conditions 6 * are met: 7 * 8 * 1. Redistributions of source code must retain the above copyright --- 181 unchanged lines hidden (view full) --- 190 // assert max record count is contained 191 if (param_len < 2) return 0; 192 uint16_t maximumServiceRecordCount = big_endian_read_16(packet, 5 + serviceSearchPatternLen); 193 param_len -= 2; 194 // assert continuation state len is contained in param_len 195 if (param_len < 1) return 0; 196 uint8_t * continuationState = &packet[5+serviceSearchPatternLen+2]; 197 // assert continuation state is contained in param_len |
| 198 if (1 + continuationState[0] > param_len) return 0; | 198 if ((1 + continuationState[0]) > param_len) return 0; |
| 199 200 // calc maximumServiceRecordCount based on remote MTU 201 uint16_t maxNrServiceRecordsPerResponse = (remote_mtu - (9+3))/4; 202 203 // continuation state contains index of next service record to examine 204 int continuation = 0; 205 uint16_t continuation_index = 0; 206 if (continuationState[0] == 2){ --- 71 unchanged lines hidden (view full) --- 278 uint16_t attributeIDListLen = de_get_len_safe(attributeIDList, param_len); 279 // assert attributeIDList are in param_len 280 if (!attributeIDListLen) return 0; 281 param_len -= attributeIDListLen; 282 // assert continuation state len is contained in param_len 283 if (param_len < 1) return 0; 284 uint8_t * continuationState = &packet[11+attributeIDListLen]; 285 // assert continuation state is contained in param_len | 199 200 // calc maximumServiceRecordCount based on remote MTU 201 uint16_t maxNrServiceRecordsPerResponse = (remote_mtu - (9+3))/4; 202 203 // continuation state contains index of next service record to examine 204 int continuation = 0; 205 uint16_t continuation_index = 0; 206 if (continuationState[0] == 2){ --- 71 unchanged lines hidden (view full) --- 278 uint16_t attributeIDListLen = de_get_len_safe(attributeIDList, param_len); 279 // assert attributeIDList are in param_len 280 if (!attributeIDListLen) return 0; 281 param_len -= attributeIDListLen; 282 // assert continuation state len is contained in param_len 283 if (param_len < 1) return 0; 284 uint8_t * continuationState = &packet[11+attributeIDListLen]; 285 // assert continuation state is contained in param_len |
| 286 if (1 + continuationState[0] > param_len) return 0; | 286 if ((1 + continuationState[0]) > param_len) return 0; |
| 287 288 // calc maximumAttributeByteCount based on remote MTU 289 uint16_t maximumAttributeByteCount2 = remote_mtu - (7+3); 290 if (maximumAttributeByteCount2 < maximumAttributeByteCount) { 291 maximumAttributeByteCount = maximumAttributeByteCount2; 292 } 293 294 // continuation state contains the offset into the complete response --- 83 unchanged lines hidden (view full) --- 378 uint8_t * attributeIDList = &packet[5+serviceSearchPatternLen+2]; 379 uint16_t attributeIDListLen = de_get_len_safe(attributeIDList, param_len); 380 // assert attributeIDList is contained in param_len 381 if (!attributeIDListLen) return 0; 382 // assert continuation state len is contained in param_len 383 if (param_len < 1) return 0; 384 uint8_t * continuationState = &packet[5+serviceSearchPatternLen+2+attributeIDListLen]; 385 // assert continuation state is contained in param_len | 287 288 // calc maximumAttributeByteCount based on remote MTU 289 uint16_t maximumAttributeByteCount2 = remote_mtu - (7+3); 290 if (maximumAttributeByteCount2 < maximumAttributeByteCount) { 291 maximumAttributeByteCount = maximumAttributeByteCount2; 292 } 293 294 // continuation state contains the offset into the complete response --- 83 unchanged lines hidden (view full) --- 378 uint8_t * attributeIDList = &packet[5+serviceSearchPatternLen+2]; 379 uint16_t attributeIDListLen = de_get_len_safe(attributeIDList, param_len); 380 // assert attributeIDList is contained in param_len 381 if (!attributeIDListLen) return 0; 382 // assert continuation state len is contained in param_len 383 if (param_len < 1) return 0; 384 uint8_t * continuationState = &packet[5+serviceSearchPatternLen+2+attributeIDListLen]; 385 // assert continuation state is contained in param_len |
| 386 if (1 + continuationState[0] > param_len) return 0; | 386 if ((1 + continuationState[0]) > param_len) return 0; |
| 387 388 // calc maximumAttributeByteCount based on remote MTU, SDP header and reserved Continuation block 389 uint16_t maximumAttributeByteCount2 = remote_mtu - 12; 390 if (maximumAttributeByteCount2 < maximumAttributeByteCount) { 391 maximumAttributeByteCount = maximumAttributeByteCount2; 392 } 393 394 // continuation state contains: index of next service record to examine --- 6 unchanged lines hidden (view full) --- 401 } 402 403 // log_info("--> sdp_handle_service_search_attribute_request, cont %u/%u, max %u", continuation_service_index, continuation_offset, maximumAttributeByteCount); 404 405 // AttributeLists - starts at offset 7 406 uint16_t pos = 7; 407 408 // add DES with total size for first request | 387 388 // calc maximumAttributeByteCount based on remote MTU, SDP header and reserved Continuation block 389 uint16_t maximumAttributeByteCount2 = remote_mtu - 12; 390 if (maximumAttributeByteCount2 < maximumAttributeByteCount) { 391 maximumAttributeByteCount = maximumAttributeByteCount2; 392 } 393 394 // continuation state contains: index of next service record to examine --- 6 unchanged lines hidden (view full) --- 401 } 402 403 // log_info("--> sdp_handle_service_search_attribute_request, cont %u/%u, max %u", continuation_service_index, continuation_offset, maximumAttributeByteCount); 404 405 // AttributeLists - starts at offset 7 406 uint16_t pos = 7; 407 408 // add DES with total size for first request |
| 409 if (continuation_service_index == 0 && continuation_offset == 0){ | 409 if ((continuation_service_index == 0) && (continuation_offset == 0)){ |
| 410 uint16_t total_response_size = sdp_get_size_for_service_search_attribute_response(serviceSearchPattern, attributeIDList); 411 de_store_descriptor_with_len(&sdp_response_buffer[pos], DE_DES, DE_SIZE_VAR_16, total_response_size); 412 // log_info("total response size %u", total_response_size); 413 pos += 3; 414 maximumAttributeByteCount -= 3; 415 } 416 417 // create attribute list --- 8 unchanged lines hidden (view full) --- 426 if (!sdp_record_matches_service_search_pattern(item->service_record, serviceSearchPattern)) continue; 427 428 if (continuation_offset == 0){ 429 430 // get size of this record 431 uint16_t filtered_attributes_size = spd_get_filtered_size(item->service_record, attributeIDList); 432 433 // stop if complete record doesn't fits into response but we already have a partial response | 410 uint16_t total_response_size = sdp_get_size_for_service_search_attribute_response(serviceSearchPattern, attributeIDList); 411 de_store_descriptor_with_len(&sdp_response_buffer[pos], DE_DES, DE_SIZE_VAR_16, total_response_size); 412 // log_info("total response size %u", total_response_size); 413 pos += 3; 414 maximumAttributeByteCount -= 3; 415 } 416 417 // create attribute list --- 8 unchanged lines hidden (view full) --- 426 if (!sdp_record_matches_service_search_pattern(item->service_record, serviceSearchPattern)) continue; 427 428 if (continuation_offset == 0){ 429 430 // get size of this record 431 uint16_t filtered_attributes_size = spd_get_filtered_size(item->service_record, attributeIDList); 432 433 // stop if complete record doesn't fits into response but we already have a partial response |
| 434 if ((filtered_attributes_size + 3 > maximumAttributeByteCount) && !first_answer) { | 434 if (((filtered_attributes_size + 3) > maximumAttributeByteCount) && !first_answer) { |
| 435 continuation = 1; 436 break; 437 } 438 439 // store DES 440 de_store_descriptor_with_len(&sdp_response_buffer[pos], DE_DES, DE_SIZE_VAR_16, filtered_attributes_size); 441 pos += 3; 442 maximumAttributeByteCount -= 3; --- 79 unchanged lines hidden (view full) --- 522 transaction_id = big_endian_read_16(packet, 1); 523 param_len = big_endian_read_16(packet, 3); 524 remote_mtu = l2cap_get_remote_mtu_for_local_cid(channel); 525 // account for our buffer 526 if (remote_mtu > SDP_RESPONSE_BUFFER_SIZE){ 527 remote_mtu = SDP_RESPONSE_BUFFER_SIZE; 528 } 529 // validate parm_len against packet size | 435 continuation = 1; 436 break; 437 } 438 439 // store DES 440 de_store_descriptor_with_len(&sdp_response_buffer[pos], DE_DES, DE_SIZE_VAR_16, filtered_attributes_size); 441 pos += 3; 442 maximumAttributeByteCount -= 3; --- 79 unchanged lines hidden (view full) --- 522 transaction_id = big_endian_read_16(packet, 1); 523 param_len = big_endian_read_16(packet, 3); 524 remote_mtu = l2cap_get_remote_mtu_for_local_cid(channel); 525 // account for our buffer 526 if (remote_mtu > SDP_RESPONSE_BUFFER_SIZE){ 527 remote_mtu = SDP_RESPONSE_BUFFER_SIZE; 528 } 529 // validate parm_len against packet size |
| 530 if (param_len + 5 > size) { | 530 if ((param_len + 5) > size) { |
| 531 // just clear pdu_id 532 pdu_id = SDP_ErrorResponse; 533 } 534 535 // log_info("SDP Request: type %u, transaction id %u, len %u, mtu %u", pdu_id, transaction_id, param_len, remote_mtu); 536 switch (pdu_id){ 537 538 case SDP_ServiceSearchRequest: --- 84 unchanged lines hidden --- | 531 // just clear pdu_id 532 pdu_id = SDP_ErrorResponse; 533 } 534 535 // log_info("SDP Request: type %u, transaction id %u, len %u, mtu %u", pdu_id, transaction_id, param_len, remote_mtu); 536 switch (pdu_id){ 537 538 case SDP_ServiceSearchRequest: --- 84 unchanged lines hidden --- |