diff options
author | android-build-team Robot <android-build-team-robot@google.com> | 2021-05-06 08:03:34 +0000 |
---|---|---|
committer | Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com> | 2021-05-06 08:03:34 +0000 |
commit | 37fd2d8d63f54ba1fecebccaa264a7d9221e1add (patch) | |
tree | 5048d8286f6ffb9a87769a41d3443583987bbb87 | |
parent | 9f96c74210bd7b9a961fc1339b8525c3c3702748 (diff) | |
parent | 6fcfc794d2b33a5a18b4b145fcda2aee4708aca8 (diff) | |
download | bt-37fd2d8d63f54ba1fecebccaa264a7d9221e1add.tar.gz |
Snap for 7220242 from b59f3660696bd500f1a40bb26db0afa21f9f54e1 to rvc-platform-release am: 6fcfc794d2
Original change: https://googleplex-android-review.googlesource.com/c/platform/system/bt/+/14174855
Change-Id: I80be29037f4cd7d651e1b1599d11e056936e96ca
-rw-r--r-- | btif/src/btif_av.cc | 9 | ||||
-rw-r--r-- | btif/src/btif_sock_l2cap.cc | 2 | ||||
-rw-r--r-- | stack/avrc/avrc_api.cc | 7 | ||||
-rw-r--r-- | stack/smp/smp_act.cc | 10 |
4 files changed, 25 insertions, 3 deletions
diff --git a/btif/src/btif_av.cc b/btif/src/btif_av.cc index 1003b0f82..679ec5ef5 100644 --- a/btif/src/btif_av.cc +++ b/btif/src/btif_av.cc @@ -25,6 +25,7 @@ #include <base/strings/stringprintf.h> #include <string.h> #include <map> +#include <mutex> #include <hardware/bluetooth.h> #include <hardware/bt_av.h> @@ -532,6 +533,7 @@ class BtifAvSource { std::set<RawAddress> silenced_peers_; RawAddress active_peer_; std::map<uint8_t, tBTA_AV_HNDL> peer_id2bta_handle_; + std::mutex mutex_; }; class BtifAvSink { @@ -649,6 +651,7 @@ class BtifAvSink { std::map<RawAddress, BtifAvPeer*> peers_; RawAddress active_peer_; std::map<uint8_t, tBTA_AV_HNDL> peer_id2bta_handle_; + std::mutex mutex_; }; /***************************************************************************** @@ -1036,6 +1039,7 @@ BtifAvPeer* BtifAvSource::FindPeerByPeerId(uint8_t peer_id) { BtifAvPeer* BtifAvSource::FindOrCreatePeer(const RawAddress& peer_address, tBTA_AV_HNDL bta_handle) { + std::unique_lock<std::mutex> lock(mutex_); BTIF_TRACE_DEBUG("%s: peer_address=%s bta_handle=0x%x", __PRETTY_FUNCTION__, peer_address.ToString().c_str(), bta_handle); @@ -1141,6 +1145,7 @@ void BtifAvSource::RegisterAllBtaHandles() { } void BtifAvSource::DeregisterAllBtaHandles() { + std::unique_lock<std::mutex> lock(mutex_); for (auto it : peer_id2bta_handle_) { tBTA_AV_HNDL bta_handle = it.second; BTA_AvDeregister(bta_handle); @@ -1150,6 +1155,7 @@ void BtifAvSource::DeregisterAllBtaHandles() { void BtifAvSource::BtaHandleRegistered(uint8_t peer_id, tBTA_AV_HNDL bta_handle) { + std::unique_lock<std::mutex> lock(mutex_); peer_id2bta_handle_.insert(std::make_pair(peer_id, bta_handle)); // Set the BTA Handle for the Peer (if exists) @@ -1240,6 +1246,7 @@ BtifAvPeer* BtifAvSink::FindPeerByPeerId(uint8_t peer_id) { BtifAvPeer* BtifAvSink::FindOrCreatePeer(const RawAddress& peer_address, tBTA_AV_HNDL bta_handle) { + std::unique_lock<std::mutex> lock(mutex_); BTIF_TRACE_DEBUG("%s: peer_address=%s bta_handle=0x%x", __PRETTY_FUNCTION__, peer_address.ToString().c_str(), bta_handle); @@ -1348,6 +1355,7 @@ void BtifAvSink::RegisterAllBtaHandles() { } void BtifAvSink::DeregisterAllBtaHandles() { + std::unique_lock<std::mutex> lock(mutex_); for (auto it : peer_id2bta_handle_) { tBTA_AV_HNDL bta_handle = it.second; BTA_AvDeregister(bta_handle); @@ -1356,6 +1364,7 @@ void BtifAvSink::DeregisterAllBtaHandles() { } void BtifAvSink::BtaHandleRegistered(uint8_t peer_id, tBTA_AV_HNDL bta_handle) { + std::unique_lock<std::mutex> lock(mutex_); peer_id2bta_handle_.insert(std::make_pair(peer_id, bta_handle)); // Set the BTA Handle for the Peer (if exists) diff --git a/btif/src/btif_sock_l2cap.cc b/btif/src/btif_sock_l2cap.cc index 105d5a1cc..fa59d878d 100644 --- a/btif/src/btif_sock_l2cap.cc +++ b/btif/src/btif_sock_l2cap.cc @@ -726,6 +726,7 @@ static void on_l2cap_data_ind(tBTA_JV* evt, uint32_t id) { << ": unable to push data to socket - closing fixed channel"; BTA_JvL2capCloseLE(sock->handle); btsock_l2cap_free_l(sock); + return; } } else { @@ -744,6 +745,7 @@ static void on_l2cap_data_ind(tBTA_JV* evt, uint32_t id) { << ": unable to push data to socket - closing channel"; BTA_JvL2capClose(sock->handle); btsock_l2cap_free_l(sock); + return; } } } diff --git a/stack/avrc/avrc_api.cc b/stack/avrc/avrc_api.cc index 1ac856a2f..579aae52c 100644 --- a/stack/avrc/avrc_api.cc +++ b/stack/avrc/avrc_api.cc @@ -634,9 +634,10 @@ static void avrc_msg_cback(uint8_t handle, uint8_t label, uint8_t cr, tAVRC_MSG_VENDOR* p_msg = &msg.vendor; if (cr == AVCT_CMD && (p_pkt->layer_specific & AVCT_DATA_CTRL && - AVRC_PACKET_LEN < sizeof(p_pkt->len))) { - /* Ignore the invalid AV/C command frame */ - p_drop_msg = "dropped - too long AV/C cmd frame size"; + p_pkt->len > AVRC_PACKET_LEN)) { + android_errorWriteLog(0x534e4554, "177611958"); + AVRC_TRACE_WARNING("%s: Command length %d too long: must be at most %d", + __func__, p_pkt->len, AVRC_PACKET_LEN); osi_free(p_pkt); return; } diff --git a/stack/smp/smp_act.cc b/stack/smp/smp_act.cc index bfce7cbce..ba7cbce8a 100644 --- a/stack/smp/smp_act.cc +++ b/stack/smp/smp_act.cc @@ -689,6 +689,16 @@ void smp_process_pairing_public_key(tSMP_CB* p_cb, tSMP_INT_DATA* p_data) { memcpy(pt.x, p_cb->peer_publ_key.x, BT_OCTET32_LEN); memcpy(pt.y, p_cb->peer_publ_key.y, BT_OCTET32_LEN); + if (!memcmp(p_cb->peer_publ_key.x, p_cb->loc_publ_key.x, BT_OCTET32_LEN) && + !memcmp(p_cb->peer_publ_key.y, p_cb->loc_publ_key.y, BT_OCTET32_LEN)) { + android_errorWriteLog(0x534e4554, "174886838"); + SMP_TRACE_WARNING("Remote and local public keys can't match"); + tSMP_INT_DATA smp; + smp.status = SMP_PAIR_AUTH_FAIL; + smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &smp); + return; + } + if (!ECC_ValidatePoint(pt)) { android_errorWriteLog(0x534e4554, "72377774"); tSMP_INT_DATA smp; |