michaelh/zephyr
1
0
Fork 0
Code Releases Activity

Bluetooth: Mesh: Fixes wrong prov pointer clear

Browse source 
The structure pointer was wrongly cleared before,
`bearer` and `role` in `bt_mesh_prov_link` structure
resulting in illegal pointer access.

Signed-off-by: Lingao Meng <menglingao@xiaomi.com>
This commit is contained in:
Lingao Meng 2020-11-13 19:55:34 -08:00 committed by Johan Hedberg
commit 109d6d4d8c
2 changed files with 6 additions and 5 deletions
Download patch file Download diff file Expand all files Collapse all files

1
subsys/bluetooth/mesh/prov.c
View file

@ -59,6 +59,7 @@ int bt_mesh_prov_reset_state(void (*func)(const uint8_t key[64]))
bt_mesh_attention(NULL, 0);
}
atomic_clear(bt_mesh_prov_link.flags);
(void)memset((uint8_t *)&bt_mesh_prov_link + offset, 0,
sizeof(bt_mesh_prov_link) - offset);

10
subsys/bluetooth/mesh/prov.h
View file

@ -91,6 +91,11 @@ struct bt_mesh_prov_role {
};
struct bt_mesh_prov_link {
ATOMIC_DEFINE(flags, NUM_FLAGS);
const struct prov_bearer *bearer;
const struct bt_mesh_prov_role *role;
uint8_t oob_method; /* Authen method */
uint8_t oob_action; /* Authen action */
uint8_t oob_size; /* Authen size */
@ -106,11 +111,6 @@ struct bt_mesh_prov_link {
uint8_t conf_key[16]; /* ConfirmationKey */
uint8_t conf_inputs[145]; /* ConfirmationInputs */
uint8_t prov_salt[16]; /* Provisioning Salt */
const struct prov_bearer *bearer;
const struct bt_mesh_prov_role *role;
ATOMIC_DEFINE(flags, NUM_FLAGS);
};
extern struct bt_mesh_prov_link bt_mesh_prov_link;