Mirrors/esp-idf
1
0
Fork 0
mirror of https://github.com/espressif/esp-idf.git synced 2026-06-02 11:16:33 +03:00
Code Issues Packages Projects Releases Wiki Activity
49,603 Commits 23 Branches 184 Tags
70da170f248ae617297b4e2835254f33bb0238ed
Commit Graph

569 Commits

Author SHA1 Message Date
zhanghaipeng
93cfbb8522 fix(ble/bluedroid): Fix out-of-bounds read in l2cble_process_sig_cmd 2025-12-28 11:07:07 +08:00
zhanghaipeng
597fc6e5c1 fix(ble/bluedroid): Fix integer underflow in gatt_process_read_by_type_rsp 2025-12-28 11:07:07 +08:00
zhiweijian
c986469bbd feat(ble/bluedroid): Supported Bludroid host encryption using TinyCrypt 2025-12-25 19:15:06 +08:00
zhiweijian
c8eaa737e5 feat(ble/bluedroid): Supported Bludroid host encryption using mbedtls 2025-12-25 19:14:54 +08:00
Wang Meng Yang
57f06d8aff Merge branch 'bugfix/sync_security_fix_from_flouride' into 'master' 
fix: synchronized several security-related fixes from Google Fluoride

Closes BT-4195

See merge request espressif/esp-idf!42534
 2025-12-17 15:34:49 +08:00
Island
a999f2cfae Merge branch 'bugfix/fix_reconnect_failed_with_extend_adv' into 'master' 
fix(ble/bluedroid): Fixed the issue that extend advertising might not restart if the connection fails

Closes BLERP-2395

See merge request espressif/esp-idf!43266
 2025-12-16 18:45:16 +08:00
Jin Cheng
4a49312321 fix(bt/bluedroid): cleaned the code according to the tool cppcheck 2025-12-16 17:37:14 +08:00
Jin Cheng
1c0c9c6fbd fix(bt/bluedroid): fixed possible OOB read in smp_br_data_received 2025-12-16 17:37:14 +08:00
Jin Cheng
4466f5dd85 fix(bt/bluedroid): drop connection when atttempting to disable encryption 2025-12-16 17:37:14 +08:00
Jin Cheng
cb1f8d1e15 fix(bt/bluedroid): fixed an integer overflow bug in attp_build_read_multi_cmd 2025-12-16 17:37:14 +08:00
Jin Cheng
e65ef0995a fix(bt/bluedroid): fixed an integer overflow bug in avdt_msg_asmbl 2025-12-16 17:37:14 +08:00
Jin Cheng
0f9b02dd95 fix(bt/bluedroid): fixed an OOB bug in btm_read_rssi_complete 2025-12-16 17:37:14 +08:00
Jin Cheng
7a45769e25 fix(bt/bluedroid): fixed an OOB bug in btm_delete_stored_link_key_complete 2025-12-16 17:37:14 +08:00
Jin Cheng
25b2c79269 fix(bt/bluedroid): fixed an OOB bug in btm_read_tx_power_complete 2025-12-16 17:37:14 +08:00
Jin Cheng
d4c96f070c fix(bt/bluedroid): fixed an OOB bug in btm_create_conn_cancel_complete 2025-12-16 17:37:14 +08:00
Jin Cheng
1a944a4bed fix(bt/bluedroid): fixed an OOB bug in btm_read_local_oob_complete 2025-12-16 17:37:14 +08:00
Jin Cheng
69b47952e8 fix(bt/bluedroid): fixed an OOB write in SDP_AddAttribute 2025-12-16 17:37:14 +08:00
Jin Cheng
0638ae7177 fix(bt/bluedroid): added negative length check in process_service_search_rsp 2025-12-16 17:37:14 +08:00
Jin Cheng
7cca70cd0d fix(bt/bluedroid): fixed OOB read in SDP server continuation length 2025-12-16 17:37:14 +08:00
Jin Cheng
131a4764c8 fix(bt/bluedroid): added length check when copy AVDTP packet 2025-12-16 17:37:14 +08:00
Jin Cheng
439c5cc93d fix(bt/bluedroid): added boundary check when reading SDP attribute response packet 2025-12-16 17:37:14 +08:00
Jin Cheng
af9d55e487 fix(bt/bluedroid): fixed potential OOB read in the avrc_pars_vendor_rsp 2025-12-16 17:37:13 +08:00
Jin Cheng
7706e8abbc fix(bt/bluedroid): fixed potential OOB read in the reporting handler 
Thanks to Luigino Camastra and Pavel Kohout from Aisle Research as
co-reporters for discovering and reporting this issue.
 2025-12-16 17:37:13 +08:00
Jin Cheng
8a44bd422d fix(bt/bluedroid): fixed a potential overflow about the media payload offset 
This variable is uint16_t, and is possible to overflow when the length
of headder extension is larger. Here we compare with the data length to
prevent any exceptions.
 2025-12-16 17:37:13 +08:00
Jin Cheng
c07ac874ec fix(bt/bluedroid): fixed p_data null dereference in l2c_csm_open 2025-12-16 17:37:13 +08:00
Jin Cheng
801504e152 fix(bt/bluedroid): fixed Use-After-Free in btm_sec_[dis]connected 2025-12-16 17:37:13 +08:00
Jin Cheng
b898e65794 fix(bt/bluedroid): reject device with same address in legacy paring 2025-12-16 17:37:13 +08:00
Jin Cheng
49195d826f fix(bt/bluedroid): ignore AVCT commands that are too long 2025-12-16 17:37:13 +08:00
Jin Cheng
2c2162efdc fix(bt/bluedroid): use osi_calloc to zero reserved fields in AVRCP 2025-12-16 17:37:13 +08:00
Jin Cheng
86d9063aac fix(bt/bluedroid): check event ID if of register notification from remote to avoid OOB write 2025-12-16 17:37:13 +08:00
Jin Cheng
9a22611e30 fix(bt/blurdoird): check Classic key before cross-key derivation 2025-12-16 17:37:13 +08:00
Jin Cheng
65cb0be70f fix(bt/bluedroid): fixed possible access to NULL in l2c_fcr_clone_buf 2025-12-15 19:29:20 +08:00
linruihao
eb918a7150 change(bt/bluedroid): Change AVRCP version according to feature enabled 
- Version will be set to 1.6 if Cover Art feature enabled
- Otherwise, version will be set to 1.5
 2025-12-11 11:09:28 +08:00
zhanghaipeng
f502b2aab1 fix(ble/bluedroid): Fix security issues in GATT module 2025-11-30 16:22:26 +08:00
zhanghaipeng
1ed5a4465d fix(ble/bluedroid): Fix security issues in GAP module 2025-11-30 15:48:24 +08:00
zhanghaipeng
b03ff3cf21 fix(ble/bluedroid): Add length check in prepare write response 2025-11-30 15:00:26 +08:00
zhanghaipeng
d2baf3b0d4 fix(ble/bluedroid): Add boundary check for adv_handle in btm_ble_adv_set_terminated_evt 2025-11-28 17:44:57 +08:00
zhanghaipeng
71efec78c5 fix(ble/bluedroid): Fix potential out-of-bounds issue 
- add length check in hci_hal_h4_hdl_rx_packet to prevent OOB
- add adv data length check in btm_ble_cache_adv_data
- add indicate data length check in BTA_GATTS_HandleValueIndication
- add report length check in bta_hh_parse_keybd_rpt
- add report length check in BTA_HdSendReport
- add descriptor length check in BTA_HdRegisterApp
- prevent buffer overflow in attribute processing
 2025-11-24 14:42:26 +08:00
zhanghaipeng
e1d39f630f fix(ble/bluedroid): Fix potential CVE-2024-0039 out-of-bounds write in attp_build_value_cmd 
- Reference: https://source.android.com/docs/security/bulletin/2024-03-01?hl=zh-cn
 2025-11-24 14:42:26 +08:00
Island
e7e5a82a02 Merge branch 'bugfix/fix_ble_no_conn_and_disconn_evt' into 'master' 
fix(ble/bluedroid): Fixed missing BLE connect and disconnect events

Closes BLERP-2340

See merge request espressif/esp-idf!42962
 2025-11-21 11:25:03 +08:00
zhiweijian
ec4052c1c7 fix(ble/bluedroid): Fixed reconnection failed with extend adv 2025-11-18 10:05:00 +08:00
Wang Meng Yang
3c447d998d Merge branch 'bugfix/fix_hid_memory_leak' into 'master' 
fix(bt/bluedroid): Fixed HID memory leak

Closes BTQABR2023-602

See merge request espressif/esp-idf!43118
 2025-11-13 16:30:47 +08:00
zhiweijian
738a684c36 fix(ble/bluedroid): Fixed CTE IQ sample data copy error 2025-11-11 20:00:44 +08:00
zhiweijian
a742abdcf5 fix(ble/bluedroid): Optimize some bluedroid code 2025-11-11 20:00:44 +08:00
zhiweijian
38e3f2ad3b fix(ble/bluedroid): Fixed big event status error 2025-11-11 20:00:44 +08:00
zhiweijian
d0f7140057 feat(ble/bluedroid): support bluedroid host channel sounding feature 2025-11-11 20:00:44 +08:00
zhiweijian
cb8b4df798 feat(ble/bluedroid): Supported BLE bluedroid host pawr connection 2025-11-11 20:00:34 +08:00
zhiweijian
865bccedbf feat(ble/bluedroid): Support LE Security Levels Characteristic 2025-11-11 19:58:38 +08:00
zhiweijian
9405c68bed feat(ble/bluedroid): Add bluedroid host Advertising Coding Selection feature 2025-11-11 19:58:26 +08:00
zhiweijian
056e83e3b8 feat(ble/bluedroid): Add bluedroid host PAwR feature 2025-11-11 19:58:14 +08:00