From ca53e86f67c5bf0e21ec5ed6701f1a1801d8766a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Micha=C5=82=20Narajowski?= Date: Tue, 27 Apr 2021 15:59:54 +0200 Subject: [PATCH] Bluetooth: Mesh: Add msg length check for Cfg and Health models MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit According to spec we should ignore messages with incorrect msg size. This patch adds a check to every opcode handler. Signed-off-by: MichaƂ Narajowski --- include/bluetooth/mesh/access.h | 14 ++- subsys/bluetooth/mesh/access.c | 6 +- subsys/bluetooth/mesh/cfg_cli.c | 103 +++++++++++-------- subsys/bluetooth/mesh/cfg_srv.c | 159 ++++++++++++++++++++--------- subsys/bluetooth/mesh/health_cli.c | 8 +- subsys/bluetooth/mesh/health_srv.c | 36 ++++--- 6 files changed, 215 insertions(+), 111 deletions(-) diff --git a/include/bluetooth/mesh/access.h b/include/bluetooth/mesh/access.h index fd7c7a4abe8..e9f387bf51a 100644 --- a/include/bluetooth/mesh/access.h +++ b/include/bluetooth/mesh/access.h @@ -166,8 +166,13 @@ struct bt_mesh_model_op { /** OpCode encoded using the BT_MESH_MODEL_OP_* macros */ const uint32_t opcode; - /** Minimum required message length */ - const size_t min_len; + /** Message length. If the message has variable length then this value + * indicates minimum message length and should be positive. Handler + * function should verify precise length based on the contents of the + * message. If the message has fixed length then this value should + * be negative. Use BT_MESH_LEN_* macros when defining this value. + */ + const ssize_t len; /** @brief Handler function for this opcode. * @@ -187,6 +192,11 @@ struct bt_mesh_model_op { #define BT_MESH_MODEL_OP_2(b0, b1) (((b0) << 8) | (b1)) #define BT_MESH_MODEL_OP_3(b0, cid) ((((b0) << 16) | 0xc00000) | (cid)) +/** Macro for encoding exact message length for fixed-length messages. */ +#define BT_MESH_LEN_EXACT(len) (-len) +/** Macro for encoding minimum message length for variable-length messages. */ +#define BT_MESH_LEN_MIN(len) (len) + /** End of the opcode list. Must always be present. */ #define BT_MESH_MODEL_OP_END { 0, 0, NULL } /** Helper to define an empty opcode list. */ diff --git a/subsys/bluetooth/mesh/access.c b/subsys/bluetooth/mesh/access.c index f71292d06d1..16717fdcfac 100644 --- a/subsys/bluetooth/mesh/access.c +++ b/subsys/bluetooth/mesh/access.c @@ -660,9 +660,13 @@ void bt_mesh_model_recv(struct bt_mesh_net_rx *rx, struct net_buf_simple *buf) continue; } - if (buf->len < op->min_len) { + if ((op->len >= 0) && (buf->len < (size_t)op->len)) { BT_ERR("Too short message for OpCode 0x%08x", opcode); continue; + } else if ((op->len < 0) && (buf->len != (size_t)(-op->len))) { + BT_ERR("Invalid message size for OpCode 0x%08x", + opcode); + continue; } /* The callback will likely parse the buffer, so diff --git a/subsys/bluetooth/mesh/cfg_cli.c b/subsys/bluetooth/mesh/cfg_cli.c index 3a0b9db74e1..60245b8a4a0 100644 --- a/subsys/bluetooth/mesh/cfg_cli.c +++ b/subsys/bluetooth/mesh/cfg_cli.c @@ -149,22 +149,7 @@ static int net_transmit_status(struct bt_mesh_model *model, struct bt_mesh_msg_ctx *ctx, struct net_buf_simple *buf) { - uint8_t *status; - - BT_DBG("net_idx 0x%04x app_idx 0x%04x src 0x%04x len %u: %s", - ctx->net_idx, ctx->app_idx, ctx->addr, buf->len, - bt_hex(buf->data, buf->len)); - - if (!bt_mesh_msg_ack_ctx_match(&cli->ack_ctx, OP_NET_TRANSMIT_STATUS, ctx->addr, - (void **)&status)) { - return -ENOENT; - } - - *status = net_buf_simple_pull_u8(buf); - - bt_mesh_msg_ack_ctx_rx(&cli->ack_ctx); - - return 0; + return state_status_u8(model, ctx, buf, OP_NET_TRANSMIT_STATUS); } struct net_key_param { @@ -235,6 +220,11 @@ static int net_key_list(struct bt_mesh_model *model, param->keys[i++] = net_buf_simple_pull_le16(buf) & 0xfff; } + if (buf->len > 0) { + BT_ERR("The message size for the application opcode is incorrect."); + return -EMSGSIZE; + } + *param->key_cnt = i; bt_mesh_msg_ack_ctx_rx(&cli->ack_ctx); @@ -247,11 +237,11 @@ static int node_reset_status(struct bt_mesh_model *model, struct net_buf_simple *buf) { bool *param = NULL; - BT_DBG("net_idx 0x%04x app_idx 0x%04x src 0x%04x", - ctx->net_idx, ctx->app_idx, ctx->addr); + BT_DBG("net_idx 0x%04x app_idx 0x%04x src 0x%04x", ctx->net_idx, + ctx->app_idx, ctx->addr); - if (!bt_mesh_msg_ack_ctx_match(&cli->ack_ctx, OP_NODE_RESET_STATUS, ctx->addr, - (void **)¶m)) { + if (!bt_mesh_msg_ack_ctx_match(&cli->ack_ctx, OP_NODE_RESET_STATUS, + ctx->addr, (void **)¶m)) { return -ENOENT; } @@ -344,6 +334,11 @@ static int app_key_list(struct bt_mesh_model *model, param->keys[i++] = net_buf_simple_pull_le16(buf) & 0xfff; } + if (buf->len > 0U) { + BT_ERR("The message size for the application opcode is incorrect."); + return -EINVAL; + } + *param->key_cnt = i; if (param->status) { *param->status = status; @@ -374,6 +369,11 @@ static int mod_app_status(struct bt_mesh_model *model, ctx->net_idx, ctx->app_idx, ctx->addr, buf->len, bt_hex(buf->data, buf->len)); + if ((buf->len != 7U) && (buf->len != 9U)) { + BT_ERR("The message size for the application opcode is incorrect."); + return -EMSGSIZE; + } + if (!bt_mesh_msg_ack_ctx_match(&cli->ack_ctx, OP_MOD_APP_STATUS, ctx->addr, (void **)¶m)) { return -ENOENT; @@ -424,6 +424,11 @@ static int mod_member_list_handle(struct bt_mesh_msg_ctx *ctx, uint8_t status; int i; + if ((vnd && buf->len < 7U) || (buf->len < 5U)) { + BT_ERR("The message size for the application opcode is incorrect."); + return -EMSGSIZE; + } + status = net_buf_simple_pull_u8(buf); elem_addr = net_buf_simple_pull_le16(buf); if (vnd) { @@ -438,9 +443,9 @@ static int mod_member_list_handle(struct bt_mesh_msg_ctx *ctx, return -ENOENT; } - if (buf->len % 2) { - BT_WARN("Model Member List invalid length"); - return -EINVAL; + if (buf->len % 2U) { + BT_ERR("Model Member List invalid length"); + return -EMSGSIZE; } for (i = 0; i < *param->member_cnt && buf->len; i++) { @@ -513,6 +518,11 @@ static int mod_pub_status(struct bt_mesh_model *model, ctx->net_idx, ctx->app_idx, ctx->addr, buf->len, bt_hex(buf->data, buf->len)); + if ((buf->len != 12U) && (buf->len != 14U)) { + BT_ERR("The message size for the application opcode is incorrect."); + return -EINVAL; + } + if (!bt_mesh_msg_ack_ctx_match(&cli->ack_ctx, OP_MOD_PUB_STATUS, ctx->addr, (void **)¶m)) { return -ENOENT; @@ -590,6 +600,11 @@ static int mod_sub_status(struct bt_mesh_model *model, ctx->net_idx, ctx->app_idx, ctx->addr, buf->len, bt_hex(buf->data, buf->len)); + if ((buf->len != 7U) && (buf->len != 9U)) { + BT_ERR("The message size for the application opcode is incorrect."); + return -EINVAL; + } + if (!bt_mesh_msg_ack_ctx_match(&cli->ack_ctx, OP_MOD_SUB_STATUS, ctx->addr, (void **)¶m)) { return -ENOENT; @@ -734,27 +749,27 @@ static int hb_pub_status(struct bt_mesh_model *model, } const struct bt_mesh_model_op bt_mesh_cfg_cli_op[] = { - { OP_DEV_COMP_DATA_STATUS, 15, comp_data_status }, - { OP_BEACON_STATUS, 1, beacon_status }, - { OP_DEFAULT_TTL_STATUS, 1, ttl_status }, - { OP_FRIEND_STATUS, 1, friend_status }, - { OP_GATT_PROXY_STATUS, 1, gatt_proxy_status }, - { OP_RELAY_STATUS, 2, relay_status }, - { OP_NET_TRANSMIT_STATUS, 1, net_transmit_status }, - { OP_NET_KEY_STATUS, 3, net_key_status }, - { OP_NET_KEY_LIST, 0, net_key_list }, - { OP_APP_KEY_STATUS, 4, app_key_status }, - { OP_APP_KEY_LIST, 3, app_key_list }, - { OP_MOD_APP_STATUS, 7, mod_app_status }, - { OP_SIG_MOD_APP_LIST, 5, mod_app_list }, - { OP_VND_MOD_APP_LIST, 7, mod_app_list_vnd }, - { OP_MOD_PUB_STATUS, 12, mod_pub_status }, - { OP_MOD_SUB_STATUS, 7, mod_sub_status }, - { OP_MOD_SUB_LIST, 5, mod_sub_list }, - { OP_MOD_SUB_LIST_VND, 7, mod_sub_list_vnd }, - { OP_HEARTBEAT_SUB_STATUS, 9, hb_sub_status }, - { OP_HEARTBEAT_PUB_STATUS, 10, hb_pub_status }, - { OP_NODE_RESET_STATUS, 0, node_reset_status }, + { OP_DEV_COMP_DATA_STATUS, BT_MESH_LEN_MIN(15), comp_data_status }, + { OP_BEACON_STATUS, BT_MESH_LEN_EXACT(1), beacon_status }, + { OP_DEFAULT_TTL_STATUS, BT_MESH_LEN_EXACT(1), ttl_status }, + { OP_FRIEND_STATUS, BT_MESH_LEN_EXACT(1), friend_status }, + { OP_GATT_PROXY_STATUS, BT_MESH_LEN_EXACT(1), gatt_proxy_status }, + { OP_RELAY_STATUS, BT_MESH_LEN_EXACT(2), relay_status }, + { OP_NET_TRANSMIT_STATUS, BT_MESH_LEN_EXACT(1), net_transmit_status }, + { OP_NET_KEY_STATUS, BT_MESH_LEN_EXACT(3), net_key_status }, + { OP_NET_KEY_LIST, BT_MESH_LEN_MIN(0), net_key_list }, + { OP_APP_KEY_STATUS, BT_MESH_LEN_EXACT(4), app_key_status }, + { OP_APP_KEY_LIST, BT_MESH_LEN_MIN(3), app_key_list }, + { OP_MOD_APP_STATUS, BT_MESH_LEN_MIN(7), mod_app_status }, + { OP_SIG_MOD_APP_LIST, BT_MESH_LEN_MIN(5), mod_app_list }, + { OP_VND_MOD_APP_LIST, BT_MESH_LEN_MIN(7), mod_app_list_vnd }, + { OP_MOD_PUB_STATUS, BT_MESH_LEN_MIN(12), mod_pub_status }, + { OP_MOD_SUB_STATUS, BT_MESH_LEN_MIN(7), mod_sub_status }, + { OP_MOD_SUB_LIST, BT_MESH_LEN_MIN(5), mod_sub_list }, + { OP_MOD_SUB_LIST_VND, BT_MESH_LEN_MIN(7), mod_sub_list_vnd }, + { OP_HEARTBEAT_SUB_STATUS, BT_MESH_LEN_EXACT(9), hb_sub_status }, + { OP_HEARTBEAT_PUB_STATUS, BT_MESH_LEN_EXACT(10), hb_pub_status }, + { OP_NODE_RESET_STATUS, BT_MESH_LEN_EXACT(0), node_reset_status }, BT_MESH_MODEL_OP_END, }; diff --git a/subsys/bluetooth/mesh/cfg_srv.c b/subsys/bluetooth/mesh/cfg_srv.c index b468f8f0930..302879019ec 100644 --- a/subsys/bluetooth/mesh/cfg_srv.c +++ b/subsys/bluetooth/mesh/cfg_srv.c @@ -750,6 +750,11 @@ static int mod_pub_get(struct bt_mesh_model *model, struct bt_mesh_msg_ctx *ctx, uint8_t *mod_id, status; bool vnd; + if ((buf->len != 4U) && (buf->len != 6U)) { + BT_ERR("The message size for the application opcode is incorrect."); + return -EMSGSIZE; + } + elem_addr = net_buf_simple_pull_le16(buf); if (!BT_MESH_ADDR_IS_UNICAST(elem_addr)) { BT_WARN("Prohibited element address"); @@ -798,6 +803,11 @@ static int mod_pub_set(struct bt_mesh_model *model, uint8_t *mod_id; bool vnd; + if ((buf->len != 11U) && (buf->len != 13U)) { + BT_ERR("The message size for the application opcode is incorrect."); + return -EMSGSIZE; + } + elem_addr = net_buf_simple_pull_le16(buf); if (!BT_MESH_ADDR_IS_UNICAST(elem_addr)) { BT_WARN("Prohibited element address"); @@ -893,6 +903,11 @@ static int mod_pub_va_set(struct bt_mesh_model *model, uint8_t *mod_id; bool vnd; + if ((buf->len != 25U) && (buf->len != 27U)) { + BT_ERR("The message size for the application opcode is incorrect."); + return -EMSGSIZE; + } + elem_addr = net_buf_simple_pull_le16(buf); if (!BT_MESH_ADDR_IS_UNICAST(elem_addr)) { BT_WARN("Prohibited element address"); @@ -993,6 +1008,11 @@ static int mod_sub_add(struct bt_mesh_model *model, uint16_t *entry; bool vnd; + if ((buf->len != 6U) && (buf->len != 8U)) { + BT_ERR("The message size for the application opcode is incorrect."); + return -EMSGSIZE; + } + elem_addr = net_buf_simple_pull_le16(buf); if (!BT_MESH_ADDR_IS_UNICAST(elem_addr)) { BT_WARN("Prohibited element address"); @@ -1066,6 +1086,11 @@ static int mod_sub_del(struct bt_mesh_model *model, uint8_t status; bool vnd; + if ((buf->len != 6U) && (buf->len != 8U)) { + BT_ERR("The message size for the application opcode is incorrect."); + return -EMSGSIZE; + } + elem_addr = net_buf_simple_pull_le16(buf); if (!BT_MESH_ADDR_IS_UNICAST(elem_addr)) { BT_WARN("Prohibited element address"); @@ -1143,6 +1168,11 @@ static int mod_sub_overwrite(struct bt_mesh_model *model, uint8_t status; bool vnd; + if ((buf->len != 6U) && (buf->len != 8U)) { + BT_ERR("The message size for the application opcode is incorrect."); + return -EMSGSIZE; + } + elem_addr = net_buf_simple_pull_le16(buf); if (!BT_MESH_ADDR_IS_UNICAST(elem_addr)) { BT_WARN("Prohibited element address"); @@ -1210,6 +1240,11 @@ static int mod_sub_del_all(struct bt_mesh_model *model, uint8_t status; bool vnd; + if ((buf->len != 4U) && (buf->len != 6U)) { + BT_ERR("The message size for the application opcode is incorrect."); + return -EMSGSIZE; + } + elem_addr = net_buf_simple_pull_le16(buf); if (!BT_MESH_ADDR_IS_UNICAST(elem_addr)) { BT_WARN("Prohibited element address"); @@ -1414,6 +1449,11 @@ static int mod_sub_va_add(struct bt_mesh_model *model, uint8_t status; bool vnd; + if ((buf->len != 20U) && (buf->len != 22U)) { + BT_ERR("The message size for the application opcode is incorrect."); + return -EMSGSIZE; + } + elem_addr = net_buf_simple_pull_le16(buf); if (!BT_MESH_ADDR_IS_UNICAST(elem_addr)) { BT_WARN("Prohibited element address"); @@ -1491,6 +1531,11 @@ static int mod_sub_va_del(struct bt_mesh_model *model, uint8_t status; bool vnd; + if ((buf->len != 20U) && (buf->len != 22U)) { + BT_ERR("The message size for the application opcode is incorrect."); + return -EMSGSIZE; + } + elem_addr = net_buf_simple_pull_le16(buf); if (!BT_MESH_ADDR_IS_UNICAST(elem_addr)) { BT_WARN("Prohibited element address"); @@ -1558,6 +1603,11 @@ static int mod_sub_va_overwrite(struct bt_mesh_model *model, uint8_t status; bool vnd; + if ((buf->len != 20U) && (buf->len != 22U)) { + BT_ERR("The message size for the application opcode is incorrect."); + return -EMSGSIZE; + } + elem_addr = net_buf_simple_pull_le16(buf); if (!BT_MESH_ADDR_IS_UNICAST(elem_addr)) { BT_WARN("Prohibited element address"); @@ -1833,6 +1883,11 @@ static int mod_app_bind(struct bt_mesh_model *model, uint8_t *mod_id, status; bool vnd; + if ((buf->len != 6U) && (buf->len != 8U)) { + BT_ERR("The message size for the application opcode is incorrect."); + return -EMSGSIZE; + } + elem_addr = net_buf_simple_pull_le16(buf); if (!BT_MESH_ADDR_IS_UNICAST(elem_addr)) { BT_WARN("Prohibited element address"); @@ -1892,6 +1947,11 @@ static int mod_app_unbind(struct bt_mesh_model *model, uint8_t *mod_id, status; bool vnd; + if ((buf->len != 6U) && (buf->len != 8U)) { + BT_ERR("The message size for the application opcode is incorrect."); + return -EMSGSIZE; + } + elem_addr = net_buf_simple_pull_le16(buf); if (!BT_MESH_ADDR_IS_UNICAST(elem_addr)) { BT_WARN("Prohibited element address"); @@ -1950,6 +2010,11 @@ static int mod_app_get(struct bt_mesh_model *model, uint16_t elem_addr; bool vnd; + if ((buf->len != 4U) && (buf->len != 6U)) { + BT_ERR("The message size for the application opcode is incorrect."); + return -EMSGSIZE; + } + elem_addr = net_buf_simple_pull_le16(buf); if (!BT_MESH_ADDR_IS_UNICAST(elem_addr)) { BT_WARN("Prohibited element address"); @@ -2404,53 +2469,53 @@ static int heartbeat_sub_set(struct bt_mesh_model *model, } const struct bt_mesh_model_op bt_mesh_cfg_srv_op[] = { - { OP_DEV_COMP_DATA_GET, 1, dev_comp_data_get }, - { OP_APP_KEY_ADD, 19, app_key_add }, - { OP_APP_KEY_UPDATE, 19, app_key_update }, - { OP_APP_KEY_DEL, 3, app_key_del }, - { OP_APP_KEY_GET, 2, app_key_get }, - { OP_BEACON_GET, 0, beacon_get }, - { OP_BEACON_SET, 1, beacon_set }, - { OP_DEFAULT_TTL_GET, 0, default_ttl_get }, - { OP_DEFAULT_TTL_SET, 1, default_ttl_set }, - { OP_GATT_PROXY_GET, 0, gatt_proxy_get }, - { OP_GATT_PROXY_SET, 1, gatt_proxy_set }, - { OP_NET_TRANSMIT_GET, 0, net_transmit_get }, - { OP_NET_TRANSMIT_SET, 1, net_transmit_set }, - { OP_RELAY_GET, 0, relay_get }, - { OP_RELAY_SET, 2, relay_set }, - { OP_MOD_PUB_GET, 4, mod_pub_get }, - { OP_MOD_PUB_SET, 11, mod_pub_set }, - { OP_MOD_PUB_VA_SET, 24, mod_pub_va_set }, - { OP_MOD_SUB_ADD, 6, mod_sub_add }, - { OP_MOD_SUB_VA_ADD, 20, mod_sub_va_add }, - { OP_MOD_SUB_DEL, 6, mod_sub_del }, - { OP_MOD_SUB_VA_DEL, 20, mod_sub_va_del }, - { OP_MOD_SUB_OVERWRITE, 6, mod_sub_overwrite }, - { OP_MOD_SUB_VA_OVERWRITE, 20, mod_sub_va_overwrite }, - { OP_MOD_SUB_DEL_ALL, 4, mod_sub_del_all }, - { OP_MOD_SUB_GET, 4, mod_sub_get }, - { OP_MOD_SUB_GET_VND, 6, mod_sub_get_vnd }, - { OP_NET_KEY_ADD, 18, net_key_add }, - { OP_NET_KEY_UPDATE, 18, net_key_update }, - { OP_NET_KEY_DEL, 2, net_key_del }, - { OP_NET_KEY_GET, 0, net_key_get }, - { OP_NODE_IDENTITY_GET, 2, node_identity_get }, - { OP_NODE_IDENTITY_SET, 3, node_identity_set }, - { OP_MOD_APP_BIND, 6, mod_app_bind }, - { OP_MOD_APP_UNBIND, 6, mod_app_unbind }, - { OP_SIG_MOD_APP_GET, 4, mod_app_get }, - { OP_VND_MOD_APP_GET, 6, mod_app_get }, - { OP_NODE_RESET, 0, node_reset }, - { OP_FRIEND_GET, 0, friend_get }, - { OP_FRIEND_SET, 1, friend_set }, - { OP_LPN_TIMEOUT_GET, 2, lpn_timeout_get }, - { OP_KRP_GET, 2, krp_get }, - { OP_KRP_SET, 3, krp_set }, - { OP_HEARTBEAT_PUB_GET, 0, heartbeat_pub_get }, - { OP_HEARTBEAT_PUB_SET, 9, heartbeat_pub_set }, - { OP_HEARTBEAT_SUB_GET, 0, heartbeat_sub_get }, - { OP_HEARTBEAT_SUB_SET, 5, heartbeat_sub_set }, + { OP_DEV_COMP_DATA_GET, BT_MESH_LEN_EXACT(1), dev_comp_data_get }, + { OP_APP_KEY_ADD, BT_MESH_LEN_EXACT(19), app_key_add }, + { OP_APP_KEY_UPDATE, BT_MESH_LEN_EXACT(19), app_key_update }, + { OP_APP_KEY_DEL, BT_MESH_LEN_EXACT(3), app_key_del }, + { OP_APP_KEY_GET, BT_MESH_LEN_EXACT(2), app_key_get }, + { OP_BEACON_GET, BT_MESH_LEN_EXACT(0), beacon_get }, + { OP_BEACON_SET, BT_MESH_LEN_EXACT(1), beacon_set }, + { OP_DEFAULT_TTL_GET, BT_MESH_LEN_EXACT(0), default_ttl_get }, + { OP_DEFAULT_TTL_SET, BT_MESH_LEN_EXACT(1), default_ttl_set }, + { OP_GATT_PROXY_GET, BT_MESH_LEN_EXACT(0), gatt_proxy_get }, + { OP_GATT_PROXY_SET, BT_MESH_LEN_EXACT(1), gatt_proxy_set }, + { OP_NET_TRANSMIT_GET, BT_MESH_LEN_EXACT(0), net_transmit_get }, + { OP_NET_TRANSMIT_SET, BT_MESH_LEN_EXACT(1), net_transmit_set }, + { OP_RELAY_GET, BT_MESH_LEN_EXACT(0), relay_get }, + { OP_RELAY_SET, BT_MESH_LEN_EXACT(2), relay_set }, + { OP_MOD_PUB_GET, BT_MESH_LEN_MIN(4), mod_pub_get }, + { OP_MOD_PUB_SET, BT_MESH_LEN_MIN(11), mod_pub_set }, + { OP_MOD_PUB_VA_SET, BT_MESH_LEN_MIN(25), mod_pub_va_set }, + { OP_MOD_SUB_ADD, BT_MESH_LEN_MIN(6), mod_sub_add }, + { OP_MOD_SUB_VA_ADD, BT_MESH_LEN_MIN(20), mod_sub_va_add }, + { OP_MOD_SUB_DEL, BT_MESH_LEN_MIN(6), mod_sub_del }, + { OP_MOD_SUB_VA_DEL, BT_MESH_LEN_MIN(20), mod_sub_va_del }, + { OP_MOD_SUB_OVERWRITE, BT_MESH_LEN_MIN(6), mod_sub_overwrite }, + { OP_MOD_SUB_VA_OVERWRITE, BT_MESH_LEN_MIN(20), mod_sub_va_overwrite }, + { OP_MOD_SUB_DEL_ALL, BT_MESH_LEN_MIN(4), mod_sub_del_all }, + { OP_MOD_SUB_GET, BT_MESH_LEN_EXACT(4), mod_sub_get }, + { OP_MOD_SUB_GET_VND, BT_MESH_LEN_EXACT(6), mod_sub_get_vnd }, + { OP_NET_KEY_ADD, BT_MESH_LEN_EXACT(18), net_key_add }, + { OP_NET_KEY_UPDATE, BT_MESH_LEN_EXACT(18), net_key_update }, + { OP_NET_KEY_DEL, BT_MESH_LEN_EXACT(2), net_key_del }, + { OP_NET_KEY_GET, BT_MESH_LEN_EXACT(0), net_key_get }, + { OP_NODE_IDENTITY_GET, BT_MESH_LEN_EXACT(2), node_identity_get }, + { OP_NODE_IDENTITY_SET, BT_MESH_LEN_EXACT(3), node_identity_set }, + { OP_MOD_APP_BIND, BT_MESH_LEN_MIN(6), mod_app_bind }, + { OP_MOD_APP_UNBIND, BT_MESH_LEN_MIN(6), mod_app_unbind }, + { OP_SIG_MOD_APP_GET, BT_MESH_LEN_MIN(4), mod_app_get }, + { OP_VND_MOD_APP_GET, BT_MESH_LEN_MIN(6), mod_app_get }, + { OP_NODE_RESET, BT_MESH_LEN_EXACT(0), node_reset }, + { OP_FRIEND_GET, BT_MESH_LEN_EXACT(0), friend_get }, + { OP_FRIEND_SET, BT_MESH_LEN_EXACT(1), friend_set }, + { OP_LPN_TIMEOUT_GET, BT_MESH_LEN_EXACT(2), lpn_timeout_get }, + { OP_KRP_GET, BT_MESH_LEN_EXACT(2), krp_get }, + { OP_KRP_SET, BT_MESH_LEN_EXACT(3), krp_set }, + { OP_HEARTBEAT_PUB_GET, BT_MESH_LEN_EXACT(0), heartbeat_pub_get }, + { OP_HEARTBEAT_PUB_SET, BT_MESH_LEN_EXACT(9), heartbeat_pub_set }, + { OP_HEARTBEAT_SUB_GET, BT_MESH_LEN_EXACT(0), heartbeat_sub_get }, + { OP_HEARTBEAT_SUB_SET, BT_MESH_LEN_EXACT(5), heartbeat_sub_set }, BT_MESH_MODEL_OP_END, }; diff --git a/subsys/bluetooth/mesh/health_cli.c b/subsys/bluetooth/mesh/health_cli.c index b0419f1cb18..783fee6c9d1 100644 --- a/subsys/bluetooth/mesh/health_cli.c +++ b/subsys/bluetooth/mesh/health_cli.c @@ -164,10 +164,10 @@ static int health_attention_status(struct bt_mesh_model *model, } const struct bt_mesh_model_op bt_mesh_health_cli_op[] = { - { OP_HEALTH_FAULT_STATUS, 3, health_fault_status }, - { OP_HEALTH_CURRENT_STATUS, 3, health_current_status }, - { OP_HEALTH_PERIOD_STATUS, 1, health_period_status }, - { OP_ATTENTION_STATUS, 1, health_attention_status }, + { OP_HEALTH_FAULT_STATUS, BT_MESH_LEN_MIN(3), health_fault_status }, + { OP_HEALTH_CURRENT_STATUS, BT_MESH_LEN_MIN(3), health_current_status }, + { OP_HEALTH_PERIOD_STATUS, BT_MESH_LEN_EXACT(1), health_period_status }, + { OP_ATTENTION_STATUS, BT_MESH_LEN_EXACT(1), health_attention_status }, BT_MESH_MODEL_OP_END, }; diff --git a/subsys/bluetooth/mesh/health_srv.c b/subsys/bluetooth/mesh/health_srv.c index e765ffb6356..f0a64606f64 100644 --- a/subsys/bluetooth/mesh/health_srv.c +++ b/subsys/bluetooth/mesh/health_srv.c @@ -279,9 +279,14 @@ static int attention_set(struct bt_mesh_model *model, struct bt_mesh_msg_ctx *ctx, struct net_buf_simple *buf) { + int err; + BT_DBG(""); - attention_set_unrel(model, ctx, buf); + err = attention_set_unrel(model, ctx, buf); + if (err) { + return err; + } return send_attention_status(model, ctx); } @@ -335,25 +340,30 @@ static int health_period_set(struct bt_mesh_model *model, struct bt_mesh_msg_ctx *ctx, struct net_buf_simple *buf) { + int err; + BT_DBG(""); - health_period_set_unrel(model, ctx, buf); + err = health_period_set_unrel(model, ctx, buf); + if (err) { + return err; + } return send_health_period_status(model, ctx); } const struct bt_mesh_model_op bt_mesh_health_srv_op[] = { - { OP_HEALTH_FAULT_GET, 2, health_fault_get }, - { OP_HEALTH_FAULT_CLEAR, 2, health_fault_clear }, - { OP_HEALTH_FAULT_CLEAR_UNREL, 2, health_fault_clear_unrel }, - { OP_HEALTH_FAULT_TEST, 3, health_fault_test }, - { OP_HEALTH_FAULT_TEST_UNREL, 3, health_fault_test_unrel }, - { OP_HEALTH_PERIOD_GET, 0, health_period_get }, - { OP_HEALTH_PERIOD_SET, 1, health_period_set }, - { OP_HEALTH_PERIOD_SET_UNREL, 1, health_period_set_unrel }, - { OP_ATTENTION_GET, 0, attention_get }, - { OP_ATTENTION_SET, 1, attention_set }, - { OP_ATTENTION_SET_UNREL, 1, attention_set_unrel }, + { OP_HEALTH_FAULT_GET, BT_MESH_LEN_EXACT(2), health_fault_get }, + { OP_HEALTH_FAULT_CLEAR, BT_MESH_LEN_EXACT(2), health_fault_clear }, + { OP_HEALTH_FAULT_CLEAR_UNREL, BT_MESH_LEN_EXACT(2), health_fault_clear_unrel }, + { OP_HEALTH_FAULT_TEST, BT_MESH_LEN_EXACT(3), health_fault_test }, + { OP_HEALTH_FAULT_TEST_UNREL, BT_MESH_LEN_EXACT(3), health_fault_test_unrel }, + { OP_HEALTH_PERIOD_GET, BT_MESH_LEN_EXACT(0), health_period_get }, + { OP_HEALTH_PERIOD_SET, BT_MESH_LEN_EXACT(1), health_period_set }, + { OP_HEALTH_PERIOD_SET_UNREL, BT_MESH_LEN_EXACT(1), health_period_set_unrel }, + { OP_ATTENTION_GET, BT_MESH_LEN_EXACT(0), attention_get }, + { OP_ATTENTION_SET, BT_MESH_LEN_EXACT(1), attention_set }, + { OP_ATTENTION_SET_UNREL, BT_MESH_LEN_EXACT(1), attention_set_unrel }, BT_MESH_MODEL_OP_END, };