pioduino/esp-idf
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
46,517 Commits 1 Branch 0 Tags
2cf13e5c6dc3cb41f73a6f313bfbbf150e07cfd2
Commit Graph

523 Commits

Author SHA1 Message Date
Zhang Hai Peng 2cf13e5c6d fix(ble/bluedroid): Fix multiple out-of-bounds read vulnerabilities in GATT PDU handlers 
(cherry picked from commit 643d9c2387f9fc677025e66faf714667a7e75f85)

Co-authored-by: zhanghaipeng <zhanghaipeng@espressif.com>
 2026-01-07 19:28:30 +08:00
Zhang Hai Peng fa99ba7f72 fix(ble/bluedroid): Fix out-of-bounds read in l2cble_process_sig_cmd 
(cherry picked from commit 93cfbb8522c8e4cf3c56378fe97f2a7d10a2e5e3)

Co-authored-by: zhanghaipeng <zhanghaipeng@espressif.com>
 2026-01-07 19:28:30 +08:00
Zhang Hai Peng 00e6211ff8 fix(ble/bluedroid): Fix integer underflow in gatt_process_read_by_type_rsp 
(cherry picked from commit 597fc6e5c1b4a0448ad3d43185d9d48624085a0c)

Co-authored-by: zhanghaipeng <zhanghaipeng@espressif.com>
 2026-01-07 19:28:30 +08:00
Island 2a8fd3c4eb Merge branch 'feat/support_bluedroid_host_smp_with_psa_tinycrypt_v5.5' into 'release/v5.5' 
Feat/support bluedroid host smp with psa tinycrypt v5.5

See merge request espressif/esp-idf!44787
 2026-01-07 14:23:54 +08:00
Island b4a987ae30 Merge branch 'feat/support_bhost2025_44_v5.5' into 'release/v5.5' 
feat(ble/bluedroid): Add more debug log for bluedroid (v5.5)

See merge request espressif/esp-idf!43366
 2026-01-06 14:18:46 +08:00
zhiweijian a48590a9f4 fix(ble/bluedroid): Replaced the psa_ api with the mbedtls_ api 2026-01-05 11:23:31 +08:00
zhiweijian fe7b658652 feat(ble/bluedroid): Support bluedroid encrypted advertising data 2026-01-05 10:49:16 +08:00
zhiweijian 6b754fbfcf feat(ble/bluedroid): Move the TinyCrypt and mbedTLS configuration items to the bt common path 2026-01-05 10:48:56 +08:00
zhiweijian c04036d6bf feat(ble/bluedroid): Supported Bludroid host encryption using TinyCrypt 2026-01-05 10:48:45 +08:00
zhiweijian 1906584c89 feat(ble/bluedroid): Supported Bludroid host encryption using mbedtls 2026-01-05 10:48:32 +08:00
zhanghaipeng f1f1392a4d fix(ble/bluedroid): Fix array index in set_periodic_adv_subevt_data 2026-01-05 10:20:05 +08:00
zhanghaipeng 1c56fad5d0 fix(ble/bluedroid): Remove duplicate filter_policy in ext_conn_v2 HCI cmd 2026-01-05 10:19:53 +08:00
Zhi Wei Jian 267368bbcc fix(ble/bluedroid): optimize bluedroid some code 
(cherry picked from commit 6b09de6dbf4039b1e489aff6869ce40ee70de3a3)

Co-authored-by: zhiweijian <zhiweijian@espressif.com>
 2026-01-05 10:07:28 +08:00
chenjianhua 027290be82 feat(ble/bluedroid): Add more debug log for bluedroid 2026-01-04 18:57:46 +08:00
chenjianhua 1de00c8ac9 fix(ble/bluedroid): Fixed GATT response timeout setting 2026-01-04 18:57:46 +08:00
zhiweijian 383bedae88 fix(ble/bluedroid): Fixed CTE IQ sample data copy error 2025-12-30 10:41:09 +08:00
zhiweijian c432820a5e fix(ble/bluedroid): Optimize some bluedroid code 2025-12-30 10:17:25 +08:00
zhiweijian 2c88b12e16 fix(ble/bluedroid): Fixed big event status error 2025-12-30 10:17:14 +08:00
zhiweijian 831e9e7721 feat(ble/bluedroid): support bluedroid host channel sounding feature 2025-12-30 10:17:04 +08:00
zhiweijian 692c2b02e5 feat(ble/bluedroid): Supported BLE bluedroid host pawr connection 2025-12-30 10:16:52 +08:00
zhiweijian a3f994315f feat(ble/bluedroid): Support LE Security Levels Characteristic 2025-12-30 10:16:43 +08:00
zhiweijian cd156796d8 feat(ble/bluedroid): Add bluedroid host Advertising Coding Selection feature 2025-12-30 10:16:33 +08:00
zhiweijian 382174fdf0 feat(ble/bluedroid): Add bluedroid host PAwR feature 2025-12-30 10:16:22 +08:00
Island 5bee13a621 Merge branch 'opt/opt_ble_log_v5.5' into 'release/v5.5' 
feat(ble/bluedroid): Added BLE debug LOG for bluedroid (v5.5)

See merge request espressif/esp-idf!42270
 2025-12-29 12:11:36 +08:00
Wang Meng Yang dae755c78c Merge branch 'bugfix/sync_security_fix_from_flouride_v5.5' into 'release/v5.5' 
fix: synchronized several security-related fixes from Google Fluoride (v5.5)

See merge request espressif/esp-idf!44407
 2025-12-26 21:32:23 +08:00
Wang Meng Yang 8c47552a4c Merge branch 'change/bt_bluedroid_avrcp_version_v5.5' into 'release/v5.5' 
change(bt/bluedroid): Change AVRCP version according to feature enabled (v5.5)

See merge request espressif/esp-idf!44200
 2025-12-26 10:32:43 +08:00
Wang Meng Yang 1e9f63183b Merge branch 'bugfix/l2c_fcr_clone_buf_v5.5' into 'release/v5.5' 
fix(bt/bluedroid): fixed possible access to NULL in l2c_fcr_clone_buf

See merge request espressif/esp-idf!44263
 2025-12-26 10:32:04 +08:00
Jin Cheng 66b2214a0d fix(bt/bluedroid): cleaned the code according to the tool cppcheck 2025-12-19 16:56:25 +08:00
Jin Cheng cf5a568dc0 fix(bt/bluedroid): fixed possible OOB read in smp_br_data_received 2025-12-19 16:52:31 +08:00
Jin Cheng 8fe4c35994 fix(bt/bluedroid): drop connection when atttempting to disable encryption 2025-12-19 16:52:31 +08:00
Jin Cheng 991486fa02 fix(bt/bluedroid): fixed an integer overflow bug in attp_build_read_multi_cmd 2025-12-19 16:52:31 +08:00
Jin Cheng fa22e34f56 fix(bt/bluedroid): fixed an integer overflow bug in avdt_msg_asmbl 2025-12-19 16:52:31 +08:00
Jin Cheng f7c0f92556 fix(bt/bluedroid): fixed an OOB bug in btm_read_rssi_complete 2025-12-19 16:52:31 +08:00
Jin Cheng 514bcb41a2 fix(bt/bluedroid): fixed an OOB bug in btm_delete_stored_link_key_complete 2025-12-19 16:52:31 +08:00
Jin Cheng 04219e5fd4 fix(bt/bluedroid): fixed an OOB bug in btm_read_tx_power_complete 2025-12-19 16:52:31 +08:00
Jin Cheng 08a593d801 fix(bt/bluedroid): fixed an OOB bug in btm_create_conn_cancel_complete 2025-12-19 16:52:31 +08:00
Jin Cheng a73e2e4d6c fix(bt/bluedroid): fixed an OOB bug in btm_read_local_oob_complete 2025-12-19 16:52:31 +08:00
Jin Cheng 5a2b29fe82 fix(bt/bluedroid): fixed an OOB write in SDP_AddAttribute 2025-12-19 16:52:31 +08:00
Jin Cheng 11eea1b4de fix(bt/bluedroid): added negative length check in process_service_search_rsp 2025-12-19 16:52:31 +08:00
Jin Cheng be25062b0d fix(bt/bluedroid): fixed OOB read in SDP server continuation length 2025-12-19 16:52:31 +08:00
Jin Cheng 4df287c536 fix(bt/bluedroid): added length check when copy AVDTP packet 2025-12-19 16:52:31 +08:00
Jin Cheng 158519cf8c fix(bt/bluedroid): added boundary check when reading SDP attribute response packet 2025-12-19 16:52:31 +08:00
Jin Cheng 173747750d fix(bt/bluedroid): fixed potential OOB read in the avrc_pars_vendor_rsp 2025-12-19 16:52:31 +08:00
Jin Cheng 4cb6ccc6f6 fix(bt/bluedroid): fixed potential OOB read in the reporting handler 
Thanks to Luigino Camastra and Pavel Kohout from Aisle Research as
co-reporters for discovering and reporting this issue.
 2025-12-19 16:52:31 +08:00
Jin Cheng f15fe75f24 fix(bt/bluedroid): fixed a potential overflow about the media payload offset 
This variable is uint16_t, and is possible to overflow when the length
of headder extension is larger. Here we compare with the data length to
prevent any exceptions.
 2025-12-19 16:52:31 +08:00
Jin Cheng 15e0c748e5 fix(bt/bluedroid): fixed p_data null dereference in l2c_csm_open 2025-12-19 16:52:31 +08:00
Jin Cheng 70f82a5607 fix(bt/bluedroid): fixed Use-After-Free in btm_sec_[dis]connected 2025-12-19 16:52:31 +08:00
Jin Cheng 5b7c17cfc7 fix(bt/bluedroid): reject device with same address in legacy paring 2025-12-19 16:52:31 +08:00
Jin Cheng 0fc2109ec7 fix(bt/bluedroid): ignore AVCT commands that are too long 2025-12-19 16:52:31 +08:00
Jin Cheng 9095d1cd25 fix(bt/bluedroid): use osi_calloc to zero reserved fields in AVRCP 2025-12-19 16:52:31 +08:00