pioduino/esp-idf
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
46,400 Commits 1 Branch 0 Tags
32895539f2f961673094de4c92812fe0571fb142
Commit Graph

500 Commits

Author SHA1 Message Date
Island 5bee13a621 Merge branch 'opt/opt_ble_log_v5.5' into 'release/v5.5' 
feat(ble/bluedroid): Added BLE debug LOG for bluedroid (v5.5)

See merge request espressif/esp-idf!42270
 2025-12-29 12:11:36 +08:00
Wang Meng Yang dae755c78c Merge branch 'bugfix/sync_security_fix_from_flouride_v5.5' into 'release/v5.5' 
fix: synchronized several security-related fixes from Google Fluoride (v5.5)

See merge request espressif/esp-idf!44407
 2025-12-26 21:32:23 +08:00
Wang Meng Yang 8c47552a4c Merge branch 'change/bt_bluedroid_avrcp_version_v5.5' into 'release/v5.5' 
change(bt/bluedroid): Change AVRCP version according to feature enabled (v5.5)

See merge request espressif/esp-idf!44200
 2025-12-26 10:32:43 +08:00
Wang Meng Yang 1e9f63183b Merge branch 'bugfix/l2c_fcr_clone_buf_v5.5' into 'release/v5.5' 
fix(bt/bluedroid): fixed possible access to NULL in l2c_fcr_clone_buf

See merge request espressif/esp-idf!44263
 2025-12-26 10:32:04 +08:00
Jin Cheng 66b2214a0d fix(bt/bluedroid): cleaned the code according to the tool cppcheck 2025-12-19 16:56:25 +08:00
Jin Cheng cf5a568dc0 fix(bt/bluedroid): fixed possible OOB read in smp_br_data_received 2025-12-19 16:52:31 +08:00
Jin Cheng 8fe4c35994 fix(bt/bluedroid): drop connection when atttempting to disable encryption 2025-12-19 16:52:31 +08:00
Jin Cheng 991486fa02 fix(bt/bluedroid): fixed an integer overflow bug in attp_build_read_multi_cmd 2025-12-19 16:52:31 +08:00
Jin Cheng fa22e34f56 fix(bt/bluedroid): fixed an integer overflow bug in avdt_msg_asmbl 2025-12-19 16:52:31 +08:00
Jin Cheng f7c0f92556 fix(bt/bluedroid): fixed an OOB bug in btm_read_rssi_complete 2025-12-19 16:52:31 +08:00
Jin Cheng 514bcb41a2 fix(bt/bluedroid): fixed an OOB bug in btm_delete_stored_link_key_complete 2025-12-19 16:52:31 +08:00
Jin Cheng 04219e5fd4 fix(bt/bluedroid): fixed an OOB bug in btm_read_tx_power_complete 2025-12-19 16:52:31 +08:00
Jin Cheng 08a593d801 fix(bt/bluedroid): fixed an OOB bug in btm_create_conn_cancel_complete 2025-12-19 16:52:31 +08:00
Jin Cheng a73e2e4d6c fix(bt/bluedroid): fixed an OOB bug in btm_read_local_oob_complete 2025-12-19 16:52:31 +08:00
Jin Cheng 5a2b29fe82 fix(bt/bluedroid): fixed an OOB write in SDP_AddAttribute 2025-12-19 16:52:31 +08:00
Jin Cheng 11eea1b4de fix(bt/bluedroid): added negative length check in process_service_search_rsp 2025-12-19 16:52:31 +08:00
Jin Cheng be25062b0d fix(bt/bluedroid): fixed OOB read in SDP server continuation length 2025-12-19 16:52:31 +08:00
Jin Cheng 4df287c536 fix(bt/bluedroid): added length check when copy AVDTP packet 2025-12-19 16:52:31 +08:00
Jin Cheng 158519cf8c fix(bt/bluedroid): added boundary check when reading SDP attribute response packet 2025-12-19 16:52:31 +08:00
Jin Cheng 173747750d fix(bt/bluedroid): fixed potential OOB read in the avrc_pars_vendor_rsp 2025-12-19 16:52:31 +08:00
Jin Cheng 4cb6ccc6f6 fix(bt/bluedroid): fixed potential OOB read in the reporting handler 
Thanks to Luigino Camastra and Pavel Kohout from Aisle Research as
co-reporters for discovering and reporting this issue.
 2025-12-19 16:52:31 +08:00
Jin Cheng f15fe75f24 fix(bt/bluedroid): fixed a potential overflow about the media payload offset 
This variable is uint16_t, and is possible to overflow when the length
of headder extension is larger. Here we compare with the data length to
prevent any exceptions.
 2025-12-19 16:52:31 +08:00
Jin Cheng 15e0c748e5 fix(bt/bluedroid): fixed p_data null dereference in l2c_csm_open 2025-12-19 16:52:31 +08:00
Jin Cheng 70f82a5607 fix(bt/bluedroid): fixed Use-After-Free in btm_sec_[dis]connected 2025-12-19 16:52:31 +08:00
Jin Cheng 5b7c17cfc7 fix(bt/bluedroid): reject device with same address in legacy paring 2025-12-19 16:52:31 +08:00
Jin Cheng 0fc2109ec7 fix(bt/bluedroid): ignore AVCT commands that are too long 2025-12-19 16:52:31 +08:00
Jin Cheng 9095d1cd25 fix(bt/bluedroid): use osi_calloc to zero reserved fields in AVRCP 2025-12-19 16:52:31 +08:00
Jin Cheng 1ba8aaaff8 fix(bt/bluedroid): check event ID if of register notification from remote to avoid OOB write 2025-12-19 16:52:31 +08:00
Jin Cheng 33af3a0aa6 fix(bt/blurdoird): check Classic key before cross-key derivation 2025-12-19 16:52:31 +08:00
Island 8789584388 Merge branch 'bugfix/bug_ble_max_device_record_v5.5' into 'release/v5.5' 
fix(ble/bluedroid): Fixed BLE incorrect device record count issue (v5.5)

See merge request espressif/esp-idf!43597
 2025-12-18 14:29:52 +08:00
Island a63ae743b1 Merge branch 'bugfix/fix_reconnect_failed_with_extend_adv_v5.5' into 'release/v5.5' 
fix(ble/bluedroid): Fixed the issue that extend advertising might not restart if the connection fails (v5.5)

See merge request espressif/esp-idf!44251
 2025-12-18 14:26:44 +08:00
zhanghaipeng c4cc87501b fix(ble/bledroid): fix codespell issues in bluedroid code 2025-12-17 17:10:58 +08:00
Jin Cheng b70e8ae903 fix(bt/bluedroid): fixed possible access to NULL in l2c_fcr_clone_buf 2025-12-16 11:38:55 +08:00
Zhi Wei Jian 5452adbcb9 fix(ble/bluedroid): Fixed reconnection failed with extend adv 
(cherry picked from commit ec4052c1c7125ab1bc4223bc507e6e778d37728c)

Co-authored-by: zhiweijian <zhiweijian@espressif.com>
 2025-12-15 21:23:25 +08:00
linruihao d569b7df6b change(bt/bluedroid): Change AVRCP version according to feature enabled 
- Version will be set to 1.6 if Cover Art feature enabled
- Otherwise, version will be set to 1.5
 2025-12-12 20:11:15 +08:00
Zhang Hai Peng d28b874e35 fix(ble/bluedroid): Fix security issues in GATT module 
(cherry picked from commit f502b2aab1cfd0002f66e5978771ecbd9c1113ed)

Co-authored-by: zhanghaipeng <zhanghaipeng@espressif.com>
 2025-12-03 11:54:24 +08:00
Zhang Hai Peng 7c7f30aa09 fix(ble/bluedroid): Fix security issues in GAP module 
(cherry picked from commit 1ed5a4465dbb0f6a36e0514ad1b2162616d356ca)

Co-authored-by: zhanghaipeng <zhanghaipeng@espressif.com>
 2025-12-03 11:54:22 +08:00
Zhang Hai Peng 569854b55a fix(ble/bluedroid): Add length check in prepare write response 
(cherry picked from commit b03ff3cf218c3974b798a700cf1ede95641fe7af)

Co-authored-by: zhanghaipeng <zhanghaipeng@espressif.com>
 2025-12-03 11:54:22 +08:00
Zhang Hai Peng 1936ba80d7 fix(ble/bluedroid): Add boundary check for adv_handle in btm_ble_adv_set_terminated_evt 
(cherry picked from commit d2baf3b0d4b8695abec90fa3fc1d46ce1bdab47b)

Co-authored-by: zhanghaipeng <zhanghaipeng@espressif.com>
 2025-12-03 11:54:21 +08:00
Zhang Hai Peng 316c5a589a fix(ble/bluedroid): Fix potential out-of-bounds issue 
- add length check in hci_hal_h4_hdl_rx_packet to prevent OOB
- add adv data length check in btm_ble_cache_adv_data
- add indicate data length check in BTA_GATTS_HandleValueIndication
- add report length check in bta_hh_parse_keybd_rpt
- add report length check in BTA_HdSendReport
- add descriptor length check in BTA_HdRegisterApp
- prevent buffer overflow in attribute processing


(cherry picked from commit 71efec78c59ccc3894012797ff6354435e8ed7b9)

Co-authored-by: zhanghaipeng <zhanghaipeng@espressif.com>
 2025-12-02 00:04:40 +08:00
Zhang Hai Peng 1d22e44e51 fix(ble/bluedroid): Fix potential CVE-2024-0039 out-of-bounds write in attp_build_value_cmd 
- Reference: https://source.android.com/docs/security/bulletin/2024-03-01?hl=zh-cn


(cherry picked from commit e1d39f630f7a5a8a3390429c42cd53329c4d0bb3)

Co-authored-by: zhanghaipeng <zhanghaipeng@espressif.com>
 2025-12-02 00:04:40 +08:00
Zhang Hai Peng 131322d502 fix(ble/bluedroid): Fixed missing BLE connect and disconnect events 
(cherry picked from commit 2dcbd64616a27668e6f2f7083681452b36091b24)

Co-authored-by: zhanghaipeng <zhanghaipeng@espressif.com>
 2025-11-21 21:53:24 +08:00
zhanghaipeng 7c6d8e4761 feat(ble/bluedroid): Added BLE debug LOG for bluedroid 2025-11-14 11:17:17 +08:00
liqigan 38ea9357b8 fix(bt/bluedroid): Fixed HID memory leak 2025-11-13 17:44:14 +08:00
JinCheng 79ae28fbb7 fix(bt/bluedroid): update the COD before enabling inquiry scan 2025-11-11 16:17:30 +08:00
Jin Cheng b9ba1e29b6 fix(bt/bluedroid): fixed potential OOB in AVRCP vendor command composition 2025-10-28 10:17:04 +08:00
Zhang Hai Peng 8487639a87 feat(ble/bluedroid): add API to get local BLE IRK 
(cherry picked from commit 3c68650d7e0853ad8880db1608c35007c8edf1af)

Co-authored-by: zhanghaipeng <zhanghaipeng@espressif.com>
 2025-10-21 17:53:20 +08:00
Zhang Hai Peng fc1d5a8f9a fix(ble/bluedroid): fix memory leak during deinit when service table is created but not started 
(cherry picked from commit ddd12f2498282e147044d1fe532a51aeb18875f9)

Co-authored-by: zhanghaipeng <zhanghaipeng@espressif.com>
 2025-10-17 16:45:50 +08:00
Zhang Hai Peng 181cd0bee9 fix(ble/bluedroid): Fixed resolve adv data crash if host deinitialized or disabled 
(cherry picked from commit 7ce921ed95b85ec94b6b2f3542548aa589d77bf8)

Co-authored-by: zhanghaipeng <zhanghaipeng@espressif.com>
 2025-10-14 21:53:50 +08:00
yangfeng 1f4e41d2ac fix(bt/bluedroid): Fix the boundary conditions when checking EIR data 2025-10-13 11:43:50 +08:00