From 714718a33d30713bec28ce6dedc83223b9ce0b82 Mon Sep 17 00:00:00 2001 From: Arkadiusz Lichwa Date: Wed, 21 Dec 2016 12:20:40 +0100 Subject: [PATCH] Bluetooth: SDP: Validate Transaction ID of PDU Adds check on receiving side whether current SDP PDU response matches correcponding SDP PDU request. Jira: ZEP-1112 Change-Id: Ide8da54fe38f12d3bcb1e7d056050c038b7ec065 Signed-off-by: Arkadiusz Lichwa --- subsys/bluetooth/host/sdp.c | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/subsys/bluetooth/host/sdp.c b/subsys/bluetooth/host/sdp.c index 9559308d652..0173e4b01cf 100644 --- a/subsys/bluetooth/host/sdp.c +++ b/subsys/bluetooth/host/sdp.c @@ -421,8 +421,6 @@ static void sdp_client_receive(struct bt_l2cap_chan *chan, struct net_buf *buf) struct bt_sdp_hdr *hdr = (void *)buf->data; uint16_t len, tid; - ARG_UNUSED(session); - BT_DBG("session %p buf %p", session, buf); if (buf->len < sizeof(*hdr)) { @@ -445,6 +443,11 @@ static void sdp_client_receive(struct bt_l2cap_chan *chan, struct net_buf *buf) BT_ERR("SDP PDU length mismatch (%u != %u)", buf->len, len); return; } + + if (tid != session->tid) { + BT_ERR("Mismatch transaction ID value in SDP PDU"); + return; + } } static int sdp_client_chan_connect(struct bt_sdp_client *session)