Mirrors/esp-idf
1
0
Fork 0
mirror of https://github.com/espressif/esp-idf.git synced 2026-06-05 04:36:33 +03:00
Code Issues Packages Projects Releases Wiki Activity
37,957 Commits 24 Branches 184 Tags
104cada97f38812799640d8be7ebcb1fddc75dd7
Commit Graph

26016 Commits

Author SHA1 Message Date
Rahul Tank
104cada97f Merge branch 'bugfix/bug_bounty_ble_issue_v5.2' into 'release/v5.2' 
fix(protocomm): Add security checks for buffer overflow and incorrect length handling (v5.2)

See merge request espressif/esp-idf!44299
 2025-12-23 15:52:59 +05:30
Island
6c4bc967b7 Merge branch 'fix/ble_mesh_trans_enh_seg_rpl_v5.2' into 'release/v5.2' 
fix(ble_mesh): fixed incorrect rpl behavior in transport enh (v5.2)

See merge request espressif/esp-idf!44385
 2025-12-22 14:29:25 +08:00
Jiang Jiang Jian
a1ecfdde7d Merge branch 'fix/fix_esp32s2_phy_issue_v52' into 'release/v5.2' 
fix(phy): fix esp32s2 phy lib issue v52

See merge request espressif/esp-idf!44404
 2025-12-22 10:14:19 +08:00
Jiang Jiang Jian
7c4e9d1e35 Merge branch 'bugfix/sync_security_fix_from_flouride_v5.2' into 'release/v5.2' 
fix: synchronized several security-related fixes from Google Fluoride (v5.2)

See merge request espressif/esp-idf!44412
 2025-12-21 15:56:07 +08:00
Island
d4f87c72bf Merge branch 'fix/ble_log_v2_dual_core_iwt_v5.2' into 'release/v5.2' 
fix(ble): added missed spin lock initialization (v5.2)

See merge request espressif/esp-idf!44378
 2025-12-19 15:10:43 +08:00
Jin Cheng
14c8ddfdd4 fix(bt/bluedroid): cleaned the code according to the tool cppcheck 2025-12-19 11:27:26 +08:00
Jin Cheng
6fa6b6b374 fix(bt/bluedroid): fixed possible OOB read in smp_br_data_received 2025-12-19 11:27:26 +08:00
Jin Cheng
239fdbd174 fix(bt/bluedroid): drop connection when atttempting to disable encryption 2025-12-19 11:27:26 +08:00
Jin Cheng
3ff24f1e44 fix(bt/bluedroid): fixed an integer overflow bug in attp_build_read_multi_cmd 2025-12-19 11:27:26 +08:00
Jin Cheng
bcb3cd8840 fix(bt/bluedroid): fixed an integer overflow bug in avdt_msg_asmbl 2025-12-19 11:27:26 +08:00
Jin Cheng
92f8b37455 fix(bt/bluedroid): fixed an OOB bug in bta_av_setconfig_rej 2025-12-19 11:27:26 +08:00
Jin Cheng
0b645745e7 fix(bt/bluedroid): fixed an OOB bug in btm_read_rssi_complete 2025-12-19 11:27:26 +08:00
Jin Cheng
5f96dc4851 fix(bt/bluedroid): fixed an OOB bug in btm_delete_stored_link_key_complete 2025-12-19 11:27:26 +08:00
Jin Cheng
97a4a56df2 fix(bt/bluedroid): fixed an OOB bug in btm_read_tx_power_complete 2025-12-19 11:27:26 +08:00
Jin Cheng
d6cf63f8ac fix(bt/bluedroid): fixed an OOB bug in btm_create_conn_cancel_complete 2025-12-19 11:27:26 +08:00
Jin Cheng
70d5bb6d8c fix(bt/bluedroid): fixed an OOB bug in btm_read_local_oob_complete 2025-12-19 11:27:26 +08:00
Jin Cheng
55e53f77f4 fix(bt/bluedroid): fixed an OOB write in SDP_AddAttribute 2025-12-19 11:27:26 +08:00
Jin Cheng
5b00921930 fix(bt/bluedroid): report failure when not able to connect to AVRCP 2025-12-19 11:27:24 +08:00
Jin Cheng
70a6d681c1 fix(bt/bluedroid): fixed buffer overflow in BRSF 2025-12-19 11:26:40 +08:00
Jin Cheng
db843a5942 fix(bt/bluedroid): added negative length check in process_service_search_rsp 2025-12-19 11:26:40 +08:00
Jin Cheng
d3c1f9f97c fix(bt/bluedroid): fixed OOB read in SDP server continuation length 2025-12-19 11:26:40 +08:00
Jin Cheng
290b23de3f fix(bt/bluedroid): added length check when copy AVDTP packet 2025-12-19 11:26:40 +08:00
Jin Cheng
7537add653 fix(bt/bluedroid): fixed OOB read in AT_SKIP_RESET 2025-12-19 11:26:40 +08:00
Jin Cheng
e0a937a262 fix(bt/bluedroid): fixed OOB write in bta_hf_client_handle_cind_list_item 2025-12-19 11:26:40 +08:00
Jin Cheng
b5777a790e fix(bt/bluedroid): added boundary check when reading SDP attribute response packet 2025-12-19 11:26:40 +08:00
Jin Cheng
6c14d52eb1 fix(bt/bluedroid): fixed potential OOB read in the avrc_pars_vendor_rsp 2025-12-19 11:26:40 +08:00
Jin Cheng
493679ca6c fix(bt/bluedroid): fixed potential OOB read in the reporting handler 
Thanks to Luigino Camastra and Pavel Kohout from Aisle Research as
co-reporters for discovering and reporting this issue.
 2025-12-19 11:26:40 +08:00
Jin Cheng
f4e1b5195a fix(bt/bluedroid): fixed a potential overflow about the media payload offset 
This variable is uint16_t, and is possible to overflow when the length
of headder extension is larger. Here we compare with the data length to
prevent any exceptions.
 2025-12-19 11:26:40 +08:00
Jin Cheng
e42060dbf7 fix(bt/bluedroid): fixed p_data null dereference in l2c_csm_open 2025-12-19 11:26:40 +08:00
Jin Cheng
b35e414d4b fix(bt/bluedroid): fixed Use-After-Free in btm_sec_[dis]connected 2025-12-19 11:26:40 +08:00
Jin Cheng
ab2bbb2535 fix(bt/bluedroid): reject device with same address in legacy paring 2025-12-19 11:26:40 +08:00
Jin Cheng
5cc017942e fix(bt/bluedroid): ignore AVCT commands that are too long 2025-12-19 11:26:40 +08:00
Jin Cheng
f69f78e44c fix(bt/bluedroid): use osi_calloc to zero reserved fields in AVRCP 2025-12-19 11:26:40 +08:00
Jin Cheng
1ed0f42500 fix(bt/bluedroid): make sure SDP only start discovery once 2025-12-19 11:26:40 +08:00
Jin Cheng
53efa32ee0 fix(bt/bluedroid): check event ID if of register notification from remote to avoid OOB write 2025-12-19 11:26:40 +08:00
Jin Cheng
ce34d1a42c fix(bt/blurdoird): check Classic key before cross-key derivation 2025-12-19 11:26:40 +08:00
Jin Cheng
9899a0ca50 fix(bt/blurdoird): enable bitpool snity checks 2025-12-19 11:26:40 +08:00
wangtao@espressif.com
3523ada25f fix(phy): fix esp32s2 phy lib issue 2025-12-19 11:23:59 +08:00
Alexey Gerenkov
13cbb306df Merge branch 'feature/update-openocd-to-v0.12.0-esp32-20251215_v5.2' into 'release/v5.2' 
feat(tools): update openocd version to v0.12.0-esp32-20251215 (v5.2)

See merge request espressif/esp-idf!44314
 2025-12-19 10:50:21 +08:00
Shu Chen
21a895e69a Merge branch 'fix/fix_an_ot_trel_risk_v5.2' into 'release/v5.2' 
fix(openthread): fix a potential stack overflow in TREL (v5.2)

See merge request espressif/esp-idf!43935
 2025-12-18 13:07:29 +00:00
Alexey Gerenkov
4abe5739b8 Merge branch 'fix/clang_build_error_v5.2' into 'release/v5.2' 
fix(xtensa): Fix clang assembler errors in STRUCT_AFIELD_A macro (v5.2)

See merge request espressif/esp-idf!44350
 2025-12-18 19:37:37 +08:00
Rahul Tank
cde7b7362a fix(protocomm): Add security checks for buffer overflow and incorrect length handling 2025-12-18 17:06:08 +05:30
Luo Xu
da9ccc8d89 fix(ble_mesh): fixed incorrect rpl behavior in transport enh 
(cherry picked from commit 29a722296f)

Co-authored-by: luoxu <luoxu@espressif.com>
 2025-12-18 17:43:11 +08:00
Zhou Xiao
d261403eb5 fix(ble): added missed spin lock initialization 
(cherry picked from commit 069262e513)

Co-authored-by: Zhou Xiao <zhouxiao@espressif.com>
 2025-12-18 17:13:35 +08:00
Xu Si Yu
15c6ac81c0 fix(openthread): fix a potential stack overflow in TREL 2025-12-18 14:01:55 +08:00
Island
c0e4fa2fc5 Merge branch 'bugfix/fix_bt_4205_v5.2' into 'release/v5.2' 
Fixed BLE assert lld_con.c 1479 on ESP32-C3 and ESP32-S3(5106725) (v5.2)

See merge request espressif/esp-idf!44325
 2025-12-18 11:29:14 +08:00
Island
e483933a71 Merge branch 'bugfix/fix_ble_security_issue_2025_v5.2' into 'release/v5.2' 
Fix potential CVE-2024-0039 out-of-bounds write in attp_build_value_cmd (v5.2)

See merge request espressif/esp-idf!43804
 2025-12-18 10:56:18 +08:00
Island
5c44d62187 Merge branch 'bugfix/fix_reconnect_failed_with_extend_adv_v5.2' into 'release/v5.2' 
fix(ble/bluedroid): Fixed the issue that extend advertising might not restart if the connection fails (v5.2)

See merge request espressif/esp-idf!44248
 2025-12-18 10:51:30 +08:00
Wang Meng Yang
dff9653ab0 Merge branch 'bugfix/l2c_fcr_clone_buf_v5.2' into 'release/v5.2' 
fix(bt/bluedroid): fixed possible access to NULL in l2c_fcr_clone_buf

See merge request espressif/esp-idf!44266
 2025-12-18 09:50:34 +08:00
Erhan Kurubas
ae715581ee fix(xtensa): Fix clang assembler errors in STRUCT_AFIELD_A macro 2025-12-17 22:14:32 +01:00