From a63c51567991ded3939bbda4f82bcb8c44228331 Mon Sep 17 00:00:00 2001 From: Pavel Vasilyev Date: Tue, 26 Apr 2022 11:20:12 +0200 Subject: [PATCH] Bluetooth: Mesh: Check SegN when receiving Transaction Start PDU When receiving Transaction Start PDU, assure that number of segments needed to send a Provisioning PDU with TotalLength size is equal to SegN value provided in the Transaction Start PDU. Signed-off-by: Pavel Vasilyev --- subsys/bluetooth/mesh/pb_adv.c | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/subsys/bluetooth/mesh/pb_adv.c b/subsys/bluetooth/mesh/pb_adv.c index 015df3e96e8..b7df81c1fa3 100644 --- a/subsys/bluetooth/mesh/pb_adv.c +++ b/subsys/bluetooth/mesh/pb_adv.c @@ -149,7 +149,7 @@ static struct bt_mesh_send_cb buf_sent_cb = { .end = buf_sent, }; -static uint8_t last_seg(uint8_t len) +static uint8_t last_seg(uint16_t len) { if (len <= START_PAYLOAD_MAX) { return 0; @@ -482,6 +482,13 @@ static void gen_prov_start(struct prov_rx *rx, struct net_buf_simple *buf) return; } + if (START_LAST_SEG(rx->gpc) != last_seg(link.rx.buf->len)) { + BT_ERR("Invalid SegN (%u, calculated %u)", START_LAST_SEG(rx->gpc), + last_seg(link.rx.buf->len)); + prov_failed(PROV_ERR_NVAL_FMT); + return; + } + prov_clear_tx(); link.rx.last_seg = START_LAST_SEG(rx->gpc);