Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly
Appearance settings

Commit b16bfcb

Browse filesBrowse files
woskwosk
committed
Fix mem corruption around adv_name size
1 parent ae97420 commit b16bfcb
Copy full SHA for b16bfcb

File tree

Expand file treeCollapse file tree

4 files changed

+14
-13
lines changed
Filter options
Expand file treeCollapse file tree

4 files changed

+14
-13
lines changed

‎firmware/targets/f7/api_symbols.csv

Copy file name to clipboardExpand all lines: firmware/targets/f7/api_symbols.csv
+1-1Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1079,7 +1079,7 @@ Function,+,furi_hal_bt_serial_start,void,
10791079
Function,+,furi_hal_bt_serial_stop,void,
10801080
Function,+,furi_hal_bt_serial_tx,_Bool,"uint8_t*, uint16_t"
10811081
Function,+,furi_hal_bt_set_key_storage_change_callback,void,"BleGlueKeyStorageChangedCallback, void*"
1082-
Function,+,furi_hal_bt_set_profile_adv_name,void,"FuriHalBtProfile, const char[( 18 + 1 )]"
1082+
Function,+,furi_hal_bt_set_profile_adv_name,void,"FuriHalBtProfile, const char[( ( 1 + 8 + ( 8 + 1 ) ) + 1 )]"
10831083
Function,+,furi_hal_bt_set_profile_mac_addr,void,"FuriHalBtProfile, const uint8_t[( 6 )]"
10841084
Function,+,furi_hal_bt_set_profile_pairing_method,void,"FuriHalBtProfile, GapPairing"
10851085
Function,+,furi_hal_bt_start_advertising,void,

‎firmware/targets/f7/ble_glue/gap.h

Copy file name to clipboardExpand all lines: firmware/targets/f7/ble_glue/gap.h
+1-1Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -67,7 +67,7 @@ typedef struct {
6767
bool bonding_mode;
6868
GapPairing pairing_method;
6969
uint8_t mac_address[GAP_MAC_ADDR_SIZE];
70-
char adv_name[FURI_HAL_VERSION_DEVICE_NAME_LENGTH];
70+
char adv_name[FURI_HAL_BT_ADV_NAME_LENGTH];
7171
GapConnectionParamsRequest conn_param;
7272
} GapConfig;
7373

‎firmware/targets/f7/furi_hal/furi_hal_bt.c

Copy file name to clipboardExpand all lines: firmware/targets/f7/furi_hal/furi_hal_bt.c
+10-10Lines changed: 10 additions & 10 deletions
Original file line numberDiff line numberDiff line change
@@ -238,7 +238,7 @@ bool furi_hal_bt_start_app(FuriHalBtProfile profile, GapEventCallback event_cb,
238238
strlcpy(
239239
config->adv_name,
240240
furi_hal_version_get_ble_local_device_name_ptr(),
241-
FURI_HAL_VERSION_DEVICE_NAME_LENGTH);
241+
FURI_HAL_BT_ADV_NAME_LENGTH);
242242

243243
config->adv_service_uuid |= furi_hal_version_get_hw_color();
244244
} else if(profile == FuriHalBtProfileHidKeyboard) {
@@ -252,14 +252,14 @@ bool furi_hal_bt_start_app(FuriHalBtProfile profile, GapEventCallback event_cb,
252252
config->mac_address[2]++;
253253
}
254254
// Change name Flipper -> Control
255-
if(strnlen(config->adv_name, FURI_HAL_VERSION_DEVICE_NAME_LENGTH) < 2 ||
256-
strnlen(config->adv_name + 1, FURI_HAL_VERSION_DEVICE_NAME_LENGTH) < 1) {
255+
if(strnlen(config->adv_name, FURI_HAL_BT_ADV_NAME_LENGTH) < 2 ||
256+
strnlen(config->adv_name + 1, FURI_HAL_BT_ADV_NAME_LENGTH - 1) < 1) {
257257
snprintf(
258258
config->adv_name,
259-
FURI_HAL_VERSION_DEVICE_NAME_LENGTH,
259+
FURI_HAL_BT_ADV_NAME_LENGTH,
260260
"%cControl %s",
261261
*furi_hal_version_get_ble_local_device_name_ptr(),
262-
furi_hal_version_get_ble_local_device_name_ptr() + 9);
262+
furi_hal_version_get_name_ptr());
263263
}
264264
}
265265
if(!gap_init(config, event_cb, context)) {
@@ -492,13 +492,13 @@ void furi_hal_bt_set_profile_adv_name(
492492
furi_assert(name);
493493

494494
if(strlen(name) == 0) {
495-
memset(
496-
&(profile_config[profile].config.adv_name[1]),
497-
0,
498-
strlen(&(profile_config[profile].config.adv_name[1])));
495+
memset(&(profile_config[profile].config.adv_name[1]), 0, FURI_HAL_BT_ADV_NAME_LENGTH - 1);
499496
} else {
500497
profile_config[profile].config.adv_name[0] = AD_TYPE_COMPLETE_LOCAL_NAME;
501-
memcpy(&(profile_config[profile].config.adv_name[1]), name, FURI_HAL_BT_ADV_NAME_LENGTH);
498+
strlcpy(
499+
&(profile_config[profile].config.adv_name[1]),
500+
name,
501+
FURI_HAL_BT_ADV_NAME_LENGTH - 1 /* BLE symbol */);
502502
}
503503
}
504504

‎firmware/targets/furi_hal_include/furi_hal_version.h

Copy file name to clipboardExpand all lines: firmware/targets/furi_hal_include/furi_hal_version.h
+2-1Lines changed: 2 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -16,9 +16,10 @@ extern "C" {
1616

1717
#define FURI_HAL_VERSION_NAME_LENGTH 8
1818
#define FURI_HAL_VERSION_ARRAY_NAME_LENGTH (FURI_HAL_VERSION_NAME_LENGTH + 1)
19-
#define FURI_HAL_BT_ADV_NAME_LENGTH (18 + 1) // 18 characters + null terminator
2019
/** BLE symbol + "Flipper " + name */
2120
#define FURI_HAL_VERSION_DEVICE_NAME_LENGTH (1 + 8 + FURI_HAL_VERSION_ARRAY_NAME_LENGTH)
21+
// 18 characters + null terminator
22+
#define FURI_HAL_BT_ADV_NAME_LENGTH (FURI_HAL_VERSION_DEVICE_NAME_LENGTH + 1)
2223

2324
/** OTP Versions enum */
2425
typedef enum {

0 commit comments

Comments
0 (0)
Morty Proxy This is a proxified and sanitized view of the page, visit original site.