blufi: When the format of the received data packet is wrong, reply with an error response

This commit is contained in:
wangcheng 2020-06-08 19:56:55 +08:00
parent 29bc65e719
commit ae64d9e738
2 changed files with 11 additions and 2 deletions

View file

@ -83,6 +83,7 @@ typedef enum {
ESP_BLUFI_DH_PARAM_ERROR, ESP_BLUFI_DH_PARAM_ERROR,
ESP_BLUFI_READ_PARAM_ERROR, ESP_BLUFI_READ_PARAM_ERROR,
ESP_BLUFI_MAKE_PUBLIC_ERROR, ESP_BLUFI_MAKE_PUBLIC_ERROR,
ESP_BLUFI_DATA_FORMAT_ERROR,
} esp_blufi_error_state_t; } esp_blufi_error_state_t;
/** /**

View file

@ -433,11 +433,19 @@ static void btc_blufi_recv_handler(uint8_t *data, int len)
blufi_env.aggr_buf = osi_malloc(blufi_env.total_len); blufi_env.aggr_buf = osi_malloc(blufi_env.total_len);
if (blufi_env.aggr_buf == NULL) { if (blufi_env.aggr_buf == NULL) {
BTC_TRACE_ERROR("%s no mem, len %d\n", __func__, blufi_env.total_len); BTC_TRACE_ERROR("%s no mem, len %d\n", __func__, blufi_env.total_len);
btc_blufi_report_error(ESP_BLUFI_DH_MALLOC_ERROR);
return; return;
} }
} }
memcpy(blufi_env.aggr_buf + blufi_env.offset, hdr->data + 2, hdr->data_len - 2); if (blufi_env.offset + hdr->data_len - 2 <= blufi_env.total_len){
blufi_env.offset += (hdr->data_len - 2); memcpy(blufi_env.aggr_buf + blufi_env.offset, hdr->data + 2, hdr->data_len - 2);
blufi_env.offset += (hdr->data_len - 2);
} else {
BTC_TRACE_ERROR("%s payload is longer than packet length, len %d \n", __func__, blufi_env.total_len);
btc_blufi_report_error(ESP_BLUFI_DATA_FORMAT_ERROR);
return;
}
} else { } else {
if (blufi_env.offset > 0) { /* if previous pkt is frag */ if (blufi_env.offset > 0) { /* if previous pkt is frag */
memcpy(blufi_env.aggr_buf + blufi_env.offset, hdr->data, hdr->data_len); memcpy(blufi_env.aggr_buf + blufi_env.offset, hdr->data, hdr->data_len);