Bluetooth: host: Replace length check assert with if statement

A few of the length checks that deal with HCI packets coming from the
controller were using assert statements. But the recommended practice is
to drop invalid packets and continue execution whenever a malformed
packet arrives from an external source, so replace those assert
statements with branches that will drop the packet and return.

Signed-off-by: Carles Cufi <carles.cufi@nordicsemi.no>
This commit is contained in:
Carles Cufi 2023-10-06 10:44:14 +02:00 committed by Johan Hedberg
commit ee0314a832
2 changed files with 20 additions and 5 deletions

View file

@ -508,8 +508,11 @@ static void hci_acl(struct net_buf *buf)
uint8_t flags;
LOG_DBG("buf %p", buf);
BT_ASSERT(buf->len >= sizeof(*hdr));
if (buf->len < sizeof(*hdr)) {
LOG_ERR("Invalid HCI ACL packet size (%u)", buf->len);
net_buf_unref(buf);
return;
}
hdr = net_buf_pull_mem(buf, sizeof(*hdr));
len = sys_le16_to_cpu(hdr->len);
@ -2650,7 +2653,11 @@ static void hci_event(struct net_buf *buf)
{
struct bt_hci_evt_hdr *hdr;
BT_ASSERT(buf->len >= sizeof(*hdr));
if (buf->len < sizeof(*hdr)) {
LOG_ERR("Invalid HCI event size (%u)", buf->len);
net_buf_unref(buf);
return;
}
hdr = net_buf_pull_mem(buf, sizeof(*hdr));
LOG_DBG("event 0x%02x", hdr->evt);
@ -3714,7 +3721,11 @@ void hci_event_prio(struct net_buf *buf)
net_buf_simple_save(&buf->b, &state);
BT_ASSERT(buf->len >= sizeof(*hdr));
if (buf->len < sizeof(*hdr)) {
LOG_ERR("Invalid HCI event size (%u)", buf->len);
net_buf_unref(buf);
return;
}
hdr = net_buf_pull_mem(buf, sizeof(*hdr));
evt_flags = bt_hci_evt_get_flags(hdr->evt);

View file

@ -105,7 +105,11 @@ void hci_iso(struct net_buf *buf)
BT_ISO_DATA_DBG("buf %p", buf);
BT_ASSERT(buf->len >= sizeof(*hdr));
if (buf->len < sizeof(*hdr)) {
LOG_ERR("Invalid HCI ISO packet size (%u)", buf->len);
net_buf_unref(buf);
return;
}
hdr = net_buf_pull_mem(buf, sizeof(*hdr));
len = bt_iso_hdr_len(sys_le16_to_cpu(hdr->len));