1 /*
2 * Copyright (C) 2021-2022 Huawei Device Co., Ltd.
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at
6 *
7 * http://www.apache.org/licenses/LICENSE-2.0
8 *
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License.
14 */
15
16 #include "sdp_client_parse.h"
17
18 #include <string.h>
19
20 #include "sdp.h"
21
22 #include "sdp_connect.h"
23 #include "sdp_util.h"
24
25 #include "allocator.h"
26 #include "bt_endian.h"
27 #include "list.h"
28 #include "log.h"
29 #include "packet.h"
30
31 /// Client request List
32 static List *g_requestList = NULL;
33 /// TransactionID
34 static uint16_t g_transactionId = 0;
35
36 typedef struct {
37 uint8_t *buffer;
38 uint16_t length;
39 } BufferInfo;
40
41 static void SdpCallbackError(const BtAddr *address, uint16_t transactionId);
42 static void SdpParseErrorResponse(
43 const BtAddr *addr, uint16_t transactionId, uint16_t parameterLength, const Packet *packet);
44 static void SdpParseSearchResponse(const BtAddr *addr, uint16_t lcid, uint16_t transactionId, Packet *packet);
45 static void SdpParseAttributeResponse(const BtAddr *addr, uint16_t lcid, uint16_t transactionId, Packet *packet);
46 static void SdpParseSearchAttributeResponse(const BtAddr *addr, uint16_t lcid, uint16_t transactionId, Packet *packet);
47 static int SdpParseAttributeValue(BufferInfo *bufferInfo, uint16_t attributeId, SdpService *service);
48 static void SdpFreeService(SdpService *service);
49 static void SdpFreeServiceArray(SdpService *serviceArray, uint16_t serviceNum);
50
SdpGetTransactionId()51 uint16_t SdpGetTransactionId()
52 {
53 if (g_transactionId >= 0xFFFF) {
54 g_transactionId = 0;
55 }
56 g_transactionId++;
57
58 return g_transactionId;
59 }
60
SdpFreeClientRequest(void * data)61 static void SdpFreeClientRequest(void *data)
62 {
63 if (data == NULL) {
64 return;
65 }
66 SdpClientRequest *request = (SdpClientRequest *)data;
67 if (request->packet != NULL) {
68 PacketFree(request->packet);
69 request->packet = NULL;
70 }
71 if (request->assemblePacket != NULL) {
72 PacketFree(request->assemblePacket);
73 request->assemblePacket = NULL;
74 }
75
76 MEM_MALLOC.free(request);
77 request = NULL;
78 }
79
SdpCreateRequestList()80 void SdpCreateRequestList()
81 {
82 g_requestList = ListCreate(SdpFreeClientRequest);
83 }
84
SdpDestroyRequestList()85 void SdpDestroyRequestList()
86 {
87 if (g_requestList != NULL) {
88 ListDelete(g_requestList);
89 g_requestList = NULL;
90 }
91 }
92
SdpFindRemainRequestByAddress(const BtAddr * addr,bool * flag)93 SdpClientRequest *SdpFindRemainRequestByAddress(const BtAddr *addr, bool *flag)
94 {
95 ListNode *node = NULL;
96 SdpClientRequest *request = NULL;
97
98 if (g_requestList == NULL) {
99 return NULL;
100 }
101
102 node = ListGetFirstNode(g_requestList);
103 while (node != NULL) {
104 request = (SdpClientRequest *)ListGetNodeData(node);
105 if ((memcmp(&request->addr.addr, addr->addr, SDP_BLUETOOTH_ADDRESS_LENGTH) == 0) &&
106 ((request->packetState == SDP_PACKET_SEND) || (request->packetState == SDP_PACKET_SEND_FRAGMENT))) {
107 *flag = true;
108 return NULL;
109 }
110 node = ListGetNextNode(node);
111 }
112
113 node = ListGetFirstNode(g_requestList);
114 while (node != NULL) {
115 request = (SdpClientRequest *)ListGetNodeData(node);
116 if ((memcmp(&request->addr.addr, addr->addr, SDP_BLUETOOTH_ADDRESS_LENGTH) == 0) &&
117 (request->packetState == SDP_PACKET_WAIT)) {
118 return request;
119 }
120 node = ListGetNextNode(node);
121 }
122
123 return NULL;
124 }
125
SdpFindRequestByAddress(const BtAddr * addr)126 SdpClientRequest *SdpFindRequestByAddress(const BtAddr *addr)
127 {
128 ListNode *node = NULL;
129 SdpClientRequest *request = NULL;
130
131 if (g_requestList == NULL) {
132 return NULL;
133 }
134
135 node = ListGetFirstNode(g_requestList);
136 while (node != NULL) {
137 request = (SdpClientRequest *)ListGetNodeData(node);
138 if (memcmp(&request->addr.addr, addr->addr, SDP_BLUETOOTH_ADDRESS_LENGTH) == 0) {
139 return request;
140 }
141 node = ListGetNextNode(node);
142 }
143
144 return NULL;
145 }
146
SdpFindRequestByTransactionId(uint16_t transactionId)147 SdpClientRequest *SdpFindRequestByTransactionId(uint16_t transactionId)
148 {
149 ListNode *node = NULL;
150 SdpClientRequest *request = NULL;
151
152 if (g_requestList == NULL) {
153 return NULL;
154 }
155 node = ListGetFirstNode(g_requestList);
156 while (node != NULL) {
157 request = (SdpClientRequest *)ListGetNodeData(node);
158 if (request->transactionId == transactionId) {
159 return request;
160 }
161 node = ListGetNextNode(node);
162 }
163
164 return NULL;
165 }
166
SdpAddRequest(SdpClientRequest * request)167 void SdpAddRequest(SdpClientRequest *request)
168 {
169 ListAddLast(g_requestList, request);
170 }
171
SdpRemoveRequestByTransactionId(uint16_t transactionId)172 static void SdpRemoveRequestByTransactionId(uint16_t transactionId)
173 {
174 SdpClientRequest *request = NULL;
175
176 request = SdpFindRequestByTransactionId(transactionId);
177 if (request == NULL) {
178 LOG_ERROR("point to NULL");
179 return;
180 }
181 ListRemoveNode(g_requestList, request);
182 }
183
SdpRemoveRequestByAddress(const BtAddr * addr)184 void SdpRemoveRequestByAddress(const BtAddr *addr)
185 {
186 SdpClientRequest *request = NULL;
187
188 request = SdpFindRequestByAddress(addr);
189 if (request == NULL) {
190 return;
191 }
192 SdpCallbackError(&request->addr, request->transactionId);
193 }
194
SdpRemoveAllRequestByAddress(const BtAddr * addr)195 void SdpRemoveAllRequestByAddress(const BtAddr *addr)
196 {
197 SdpClientRequest *request = NULL;
198 ListNode *node = NULL;
199 uint16_t num = 0;
200
201 if (g_requestList == NULL) {
202 return;
203 }
204
205 node = ListGetFirstNode(g_requestList);
206 while (node != NULL) {
207 request = (SdpClientRequest *)ListGetNodeData(node);
208 if (memcmp(&request->addr.addr, addr->addr, SDP_BLUETOOTH_ADDRESS_LENGTH) == 0) {
209 num++;
210 }
211 node = ListGetNextNode(node);
212 }
213
214 while (num) {
215 SdpRemoveRequestByAddress(addr);
216 num--;
217 }
218 }
219
SdpCallbackError(const BtAddr * address,uint16_t transactionId)220 NO_SANITIZE("cfi") static void SdpCallbackError(const BtAddr *address, uint16_t transactionId)
221 {
222 SdpClientRequest *request = NULL;
223
224 request = SdpFindRequestByTransactionId(transactionId);
225 if (request == NULL) {
226 LOG_ERROR(
227 "[%{public}s][%{public}d] Cannot find client request [0x%04x]", __FUNCTION__, __LINE__, transactionId);
228 return;
229 }
230 LOG_DEBUG("[%{public}s][%{public}d] ErrorCallback start", __FUNCTION__, __LINE__);
231 switch (request->pduId) {
232 case SDP_SERVICE_SEARCH_REQUEST:
233 if (request->callback.ServiceSearchCb != NULL) {
234 request->callback.ServiceSearchCb(address, NULL, 0, request->context);
235 }
236 break;
237 case SDP_SERVICE_ATTRIBUTE_REQUEST:
238 if (request->callback.ServiceAttributeCb != NULL) {
239 request->callback.ServiceAttributeCb(address, NULL, request->context);
240 }
241 break;
242 case SDP_SERVICE_SEARCH_ATTRIBUTE_REQUEST:
243 if (request->callback.ServiceSearchAttributeCb != NULL) {
244 request->callback.ServiceSearchAttributeCb(address, NULL, 0, request->context);
245 }
246 break;
247 default:
248 break;
249 }
250 LOG_DEBUG("[%{public}s][%{public}d] ErrorCallback end", __FUNCTION__, __LINE__);
251
252 SdpRemoveRequestByTransactionId(transactionId);
253 }
254
255 /// store assemble to request list, send request again, waiting for packet next time.
SdpSendRequestForAssemblePacket(uint16_t lcid,uint16_t transactionId,Packet * packet,const uint8_t * continuationState,uint8_t continuationStateLen)256 static void SdpSendRequestForAssemblePacket(uint16_t lcid, uint16_t transactionId, Packet *packet,
257 const uint8_t *continuationState, uint8_t continuationStateLen)
258 {
259 SdpClientRequest *request = NULL;
260
261 request = SdpFindRequestByTransactionId(transactionId);
262 if ((request == NULL) || (request->packetState == SDP_PACKET_WAIT)) {
263 return;
264 }
265 if (request->packetState == SDP_PACKET_SEND) {
266 request->assemblePacket = PacketRefMalloc(packet);
267 if (request->assemblePacket == NULL) {
268 LOG_ERROR("point to NULL");
269 return;
270 }
271 } else {
272 PacketAssemble(request->assemblePacket, packet);
273 }
274
275 request->transactionId = SdpGetTransactionId();
276 request->packetState = SDP_PACKET_SEND_FRAGMENT;
277
278 SdpSendRequest(lcid, request->transactionId, continuationStateLen, continuationState, request->packet);
279 }
280
SdpGetCallback(const BtAddr * addr,uint16_t transactionId,void ** context)281 static SdpServiceCallback SdpGetCallback(const BtAddr *addr, uint16_t transactionId, void **context)
282 {
283 SdpClientRequest *request = NULL;
284 SdpServiceCallback callback;
285
286 (void)memset_s(&callback, sizeof(SdpServiceCallback), 0, sizeof(SdpServiceCallback));
287 request = SdpFindRequestByTransactionId(transactionId);
288 if (request == NULL) {
289 return callback;
290 }
291 *context = request->context;
292
293 switch (request->pduId) {
294 case SDP_SERVICE_SEARCH_REQUEST:
295 callback.ServiceSearchCb = request->callback.ServiceSearchCb;
296 break;
297 case SDP_SERVICE_ATTRIBUTE_REQUEST:
298 callback.ServiceAttributeCb = request->callback.ServiceAttributeCb;
299 break;
300 case SDP_SERVICE_SEARCH_ATTRIBUTE_REQUEST:
301 callback.ServiceSearchAttributeCb = request->callback.ServiceSearchAttributeCb;
302 break;
303 default:
304 break;
305 }
306 return callback;
307 }
308
SdpParseServerResponse(const BtAddr * addr,uint16_t lcid,const Packet * data)309 void SdpParseServerResponse(const BtAddr *addr, uint16_t lcid, const Packet *data)
310 {
311 uint8_t header[SDP_PDU_HEADER_LENGTH] = {0};
312 SdpPduId pduId;
313 uint16_t transactionId;
314 uint16_t parameterLength;
315 Packet *packet = NULL;
316 uint16_t offset = 0;
317
318 packet = PacketRefMalloc(data);
319 if (packet == NULL) {
320 LOG_ERROR("point to NULL");
321 return;
322 }
323 PacketExtractHead(packet, header, sizeof(header));
324 /// PDU ID
325 pduId = header[offset];
326 offset++;
327 /// Transaction ID
328 transactionId = BE2H_16(*(uint16_t *)(header + offset));
329 offset += SDP_UINT16_LENGTH;
330 /// ParameterLength
331 parameterLength = BE2H_16(*(uint16_t *)(header + offset));
332 if (parameterLength != PacketSize(packet)) {
333 LOG_ERROR("[%{public}s][%{public}d] Invalid pdu size [%u]", __FUNCTION__, __LINE__, parameterLength);
334 SdpCallbackError(addr, transactionId);
335 PacketFree(packet);
336 return;
337 }
338
339 switch (pduId) {
340 case SDP_ERROR_RESPONSE:
341 SdpParseErrorResponse(addr, transactionId, parameterLength, packet);
342 break;
343 case SDP_SERVICE_SEARCH_RESPONSE:
344 SdpParseSearchResponse(addr, lcid, transactionId, packet);
345 break;
346 case SDP_SERVICE_ATTRIBUTE_RESPONSE:
347 SdpParseAttributeResponse(addr, lcid, transactionId, packet);
348 break;
349 case SDP_SERVICE_SEARCH_ATTRIBUTE_RESPONSE:
350 SdpParseSearchAttributeResponse(addr, lcid, transactionId, packet);
351 break;
352 default:
353 LOG_ERROR("[%{public}s][%{public}d] Invalid PDU ID [%u]", __FUNCTION__, __LINE__, pduId);
354 break;
355 }
356 PacketFree(packet);
357 packet = NULL;
358 }
359
SdpParseServiceRecordHandleList(const BtAddr * addr,uint16_t transactionId,uint16_t totalServiceRecordCount,Packet * data,uint32_t * handleArray)360 static uint16_t SdpParseServiceRecordHandleList(
361 const BtAddr *addr, uint16_t transactionId, uint16_t totalServiceRecordCount, Packet *data, uint32_t *handleArray)
362 {
363 SdpClientRequest *request = NULL;
364 uint16_t handleNum = 0;
365
366 Packet *packet = NULL;
367 uint8_t *buffer = NULL;
368 uint16_t length;
369
370 request = SdpFindRequestByTransactionId(transactionId);
371 if (request == NULL) {
372 LOG_ERROR("point to NULL");
373 return 0;
374 }
375 if (request->assemblePacket != NULL) {
376 packet = request->assemblePacket;
377 PacketAssemble(packet, data);
378 } else {
379 packet = PacketRefMalloc(data);
380 }
381
382 length = PacketSize(packet);
383 if (length != totalServiceRecordCount * SDP_SERVICE_RECORD_HANDLE_BYTE) {
384 PacketFree(packet);
385 packet = NULL;
386 request->assemblePacket = NULL;
387 return 0;
388 }
389
390 buffer = MEM_MALLOC.alloc(length);
391 if (buffer == NULL) {
392 LOG_ERROR("buffer is NULL");
393 return 0;
394 }
395 (void)memset_s(buffer, length, 0, length);
396 PacketRead(packet, buffer, 0, length);
397
398 for (; handleNum < totalServiceRecordCount; handleNum++) {
399 uint32_t handle = BE2H_32(*(uint32_t *)(buffer + handleNum * SDP_SERVICE_RECORD_HANDLE_BYTE));
400 if (handle <= SDP_MAX_RESERVED_RECORD_HANDLE) {
401 LOG_ERROR(
402 "[%{public}s][%{public}d] Invalid Service Record Handle [0x%08x]", __FUNCTION__, __LINE__, handle);
403 MEM_MALLOC.free(buffer);
404 buffer = NULL;
405 PacketFree(packet);
406 packet = NULL;
407 request->assemblePacket = NULL;
408 return 0;
409 }
410 handleArray[handleNum] = handle;
411 }
412 MEM_MALLOC.free(buffer);
413 buffer = NULL;
414 PacketFree(packet);
415 packet = NULL;
416 request->assemblePacket = NULL;
417
418 return handleNum;
419 }
420
SdpParseSingleAttributeList(BufferInfo * bufferInfo,SdpService * service)421 static int SdpParseSingleAttributeList(BufferInfo *bufferInfo, SdpService *service)
422 {
423 uint32_t attributeLength = 0;
424 uint8_t type;
425 uint16_t offset = 0;
426 int pos;
427
428 service->attributeNumber = 0;
429 service->attribute = MEM_MALLOC.alloc(sizeof(SdpAttribute) * SDP_ATTRIBUTE_COUNT);
430 if (service->attribute == NULL) {
431 LOG_ERROR("point to NULL");
432 return BT_NO_MEMORY;
433 }
434 (void)memset_s(
435 service->attribute, sizeof(SdpAttribute) * SDP_ATTRIBUTE_COUNT, 0, sizeof(SdpAttribute) * SDP_ATTRIBUTE_COUNT);
436
437 service->sequenceAttributeNumber = 0;
438 service->sequenceAttribute = MEM_MALLOC.alloc(sizeof(SdpSequenceAttribute) * SDP_SEQUENCE_ATTRIBUTE_COUNT);
439 if (service->sequenceAttribute == NULL) {
440 LOG_ERROR("point to NULL");
441 return BT_NO_MEMORY;
442 }
443
444 (void)memset_s(service->sequenceAttribute,
445 sizeof(SdpSequenceAttribute) * SDP_SEQUENCE_ATTRIBUTE_COUNT,
446 0,
447 sizeof(SdpSequenceAttribute) * SDP_SEQUENCE_ATTRIBUTE_COUNT);
448
449 /// Descriptor type
450 type = bufferInfo->buffer[offset];
451 offset++;
452 /// Descriptor size
453 if ((type >> SDP_DESCRIPTOR_SIZE_BIT) != DE_TYPE_DES) {
454 LOG_ERROR(
455 "[%{public}s][%{public}d] There is wrong type [0x%02x] with attribute list.", __FUNCTION__, __LINE__, type);
456 return BT_BAD_PARAM;
457 }
458 /// Sequence length
459 pos = SdpGetLengthFromType(bufferInfo->buffer + offset, type, &attributeLength);
460 if (bufferInfo->length < attributeLength) {
461 LOG_ERROR("[%{public}s][%{public}d] Wrong length.", __FUNCTION__, __LINE__);
462 return BT_BAD_PARAM;
463 }
464 offset += pos;
465 uint8_t *bufferEnd = bufferInfo->buffer + attributeLength;
466
467 while (bufferInfo->buffer + offset < bufferEnd) {
468 /// AttributeID
469 type = bufferInfo->buffer[offset];
470 /// Data Element: Unsigned Integer 2 bytes (0x09)
471 if (((type >> SDP_DESCRIPTOR_SIZE_BIT) != DE_TYPE_UINT) || ((type & 0x07) != DE_SIZE_16)) {
472 LOG_ERROR(
473 "[%{public}s][%{public}d] The type [0x%02x] of AttributeID is wrong.", __FUNCTION__, __LINE__, type);
474 return BT_BAD_PARAM;
475 }
476 offset++;
477 uint16_t attributeId = BE2H_16(*(uint16_t *)(bufferInfo->buffer + offset));
478 offset += SDP_UINT16_LENGTH;
479 /// Attribute value
480 BufferInfo parseBufferInfo = {
481 .buffer = bufferInfo->buffer + offset,
482 .length = bufferInfo->length
483 };
484 pos = SdpParseAttributeValue(&parseBufferInfo, attributeId, service);
485 if (pos <= 0) {
486 return BT_BAD_PARAM;
487 }
488 offset += pos;
489 }
490
491 return offset;
492 }
493
SdpParseAttributeList(const BtAddr * addr,uint16_t transactionId,Packet * data,SdpService * service)494 static int SdpParseAttributeList(const BtAddr *addr, uint16_t transactionId, Packet *data, SdpService *service)
495 {
496 SdpClientRequest *request = NULL;
497 Packet *packet = NULL;
498 uint8_t *buffer = NULL;
499 uint16_t length;
500 int result;
501 BufferInfo bufferInfo;
502
503 request = SdpFindRequestByTransactionId(transactionId);
504 if (request == NULL) {
505 LOG_ERROR("point to NULL");
506 return BT_BAD_PARAM;
507 }
508 if (request->assemblePacket != NULL) {
509 packet = request->assemblePacket;
510 PacketAssemble(packet, data);
511 } else {
512 packet = PacketRefMalloc(data);
513 }
514
515 length = PacketSize(packet);
516 buffer = MEM_MALLOC.alloc(length);
517 if (buffer == NULL) {
518 LOG_ERROR("point to NULL");
519 return BT_NO_MEMORY;
520 }
521 (void)memset_s(buffer, length, 0, length);
522 PacketRead(packet, buffer, 0, length);
523 bufferInfo.buffer = buffer;
524 bufferInfo.length = length;
525 result = SdpParseSingleAttributeList(&bufferInfo, service);
526
527 MEM_MALLOC.free(buffer);
528 PacketFree(packet);
529 packet = NULL;
530 request->assemblePacket = NULL;
531
532 return result;
533 }
534
SdpPacketAndBufferFree(uint8_t * buffer,Packet * packet,SdpClientRequest * request)535 static void SdpPacketAndBufferFree(uint8_t *buffer, Packet *packet, SdpClientRequest *request)
536 {
537 if (buffer != NULL) {
538 MEM_MALLOC.free(buffer);
539 buffer = NULL;
540 }
541 if (packet != NULL) {
542 PacketFree(packet);
543 packet = NULL;
544 }
545 if ((request != NULL) && (request->assemblePacket != NULL)) {
546 request->assemblePacket = NULL;
547 }
548 }
549
SdpParseAttributeListArray(const BtAddr * addr,uint16_t transactionId,Packet * data,SdpService * serviceArray)550 static uint16_t SdpParseAttributeListArray(
551 const BtAddr *addr, uint16_t transactionId, Packet *data, SdpService *serviceArray)
552 {
553 uint16_t serviceNum = 0;
554 Packet *packet = NULL;
555 uint32_t totalLength;
556 uint32_t length = 0;
557 uint16_t offset = 0;
558 BufferInfo bufferInfo;
559
560 SdpClientRequest *request = SdpFindRequestByTransactionId(transactionId);
561 if ((request != NULL) && (request->assemblePacket != NULL)) {
562 packet = request->assemblePacket;
563 PacketAssemble(packet, data);
564 } else {
565 packet = PacketRefMalloc(data);
566 }
567
568 totalLength = PacketSize(packet);
569 uint8_t *buffer = MEM_MALLOC.alloc(totalLength);
570 if (buffer == NULL) {
571 LOG_ERROR("buffer is NULL");
572 return 0;
573 }
574 (void)memset_s(buffer, totalLength, 0, totalLength);
575 PacketRead(packet, buffer, 0, totalLength);
576
577 /// Descriptor type
578 uint8_t type = buffer[offset];
579 offset++;
580 /// Descriptor size
581 if ((type >> SDP_DESCRIPTOR_SIZE_BIT) != DE_TYPE_DES) {
582 LOG_ERROR("[%{public}s][%{public}d] There is wrong type [0x%02x] with attribute lists.",
583 __FUNCTION__, __LINE__, type);
584 SdpPacketAndBufferFree(buffer, packet, request);
585 return 0;
586 }
587 /// Sequence length
588 int pos = SdpGetLengthFromType(buffer + offset, type, &length);
589 offset += pos;
590
591 if (length != (totalLength - offset)) {
592 LOG_ERROR("[%{public}s][%{public}d] total[%{public}d] current[%{public}d] offset[%{public}d]",
593 __FUNCTION__, __LINE__, totalLength, length, offset);
594 SdpPacketAndBufferFree(buffer, packet, request);
595 return 0;
596 }
597
598 while (offset < totalLength) {
599 if (serviceNum >= SDP_SERVICE_ARRAY_NUMBER) {
600 LOG_INFO("The serviceNum is more than the specified number");
601 break;
602 }
603 bufferInfo.buffer = buffer + offset;
604 bufferInfo.length = totalLength;
605 pos = SdpParseSingleAttributeList(&bufferInfo, &serviceArray[serviceNum]);
606 if (pos <= 0) {
607 SdpFreeServiceArray(serviceArray, serviceNum + 1);
608 SdpPacketAndBufferFree(buffer, packet, request);
609 return 0;
610 }
611 offset += pos;
612 serviceNum++;
613 }
614 SdpPacketAndBufferFree(buffer, packet, request);
615
616 return serviceNum;
617 }
618
SdpParseResponseCommon(const BtAddr * addr,uint16_t lcid,uint16_t transactionId,Packet * packet,uint16_t length)619 static Packet *SdpParseResponseCommon(
620 const BtAddr *addr, uint16_t lcid, uint16_t transactionId, Packet *packet, uint16_t length)
621 {
622 uint8_t continuationStateLen;
623 uint8_t continuationState[SDP_MAX_CONTINUATION_LEN + 1] = {0};
624
625 if (length > (SDP_MAX_CONTINUATION_LEN + 1)) {
626 LOG_ERROR("[%{public}s][%{public}d] Error length [%{public}d]", __FUNCTION__, __LINE__, length);
627 SdpCallbackError(addr, transactionId);
628 return NULL;
629 }
630
631 PacketExtractTail(packet, continuationState, length);
632 continuationStateLen = continuationState[0];
633 LOG_INFO("[%{public}s][%{public}d] continuation state length [%{public}d].",
634 __FUNCTION__, __LINE__, continuationStateLen);
635 if (continuationStateLen > SDP_MAX_CONTINUATION_LEN) {
636 LOG_ERROR("[%{public}s][%{public}d] continuationStateLen [%{public}d] exceed",
637 __FUNCTION__, __LINE__, continuationStateLen);
638 SdpCallbackError(addr, transactionId);
639 return NULL;
640 }
641
642 /// continuation state yes or no (is 0)
643 if (continuationStateLen != 0) {
644 SdpSendRequestForAssemblePacket(lcid, transactionId, packet, continuationState, continuationStateLen);
645 return NULL;
646 }
647 return packet;
648 }
649
SdpParseErrorResponse(const BtAddr * addr,uint16_t transactionId,uint16_t parameterLength,const Packet * packet)650 static void SdpParseErrorResponse(
651 const BtAddr *addr, uint16_t transactionId, uint16_t parameterLength, const Packet *packet)
652 {
653 if (PacketSize(packet) != parameterLength || parameterLength != SDP_UINT16_LENGTH) {
654 LOG_ERROR("[%{public}s][%{public}d] Different length between [%u] and [%u].",
655 __FUNCTION__,
656 __LINE__,
657 PacketSize(packet),
658 parameterLength);
659 } else {
660 uint16_t errorCode;
661 uint8_t buffer[2] = {0};
662 PacketPayloadRead(packet, buffer, 0, parameterLength);
663 errorCode = BE2H_16(*(uint16_t *)buffer);
664 LOG_INFO("[%{public}s][%{public}d] Error Code [0x%04x].", __FUNCTION__, __LINE__, errorCode);
665 }
666 SdpCallbackError(addr, transactionId);
667 }
668
SdpParseSearchResponse(const BtAddr * addr,uint16_t lcid,uint16_t transactionId,Packet * packet)669 static void SdpParseSearchResponse(const BtAddr *addr, uint16_t lcid, uint16_t transactionId, Packet *packet)
670 {
671 uint16_t totalServiceRecordCount;
672 uint16_t currentServiceRecordCount;
673 uint8_t buffer[2] = {0};
674 uint16_t length;
675 SdpServiceCallback callback;
676 void *context = NULL;
677
678 /// TotalServiceRecordCount
679 PacketExtractHead(packet, buffer, SDP_UINT16_LENGTH);
680 totalServiceRecordCount = BE2H_16(*(uint16_t *)buffer);
681 if (totalServiceRecordCount == 0) {
682 SdpCallbackError(addr, transactionId);
683 return;
684 }
685 /// CurrentServiceRecordCount
686 PacketExtractHead(packet, buffer, SDP_UINT16_LENGTH);
687 currentServiceRecordCount = BE2H_16(*(uint16_t *)buffer);
688 length = PacketSize(packet);
689 if ((currentServiceRecordCount > totalServiceRecordCount) ||
690 ((currentServiceRecordCount * SDP_SERVICE_RECORD_HANDLE_BYTE) >= length)) {
691 LOG_ERROR("current[%{public}d], total[%{public}d] size[%{public}d]",
692 totalServiceRecordCount, currentServiceRecordCount, length);
693 SdpCallbackError(addr, transactionId);
694 return;
695 }
696
697 /// ContinuationState
698 (void)memset_s(buffer, sizeof(buffer), 0, sizeof(buffer));
699 length = length - currentServiceRecordCount * SDP_SERVICE_RECORD_HANDLE_BYTE;
700 packet = SdpParseResponseCommon(addr, lcid, transactionId, packet, length);
701 if (packet == NULL) {
702 return;
703 }
704 uint32_t *handleArray = (uint32_t *)MEM_MALLOC.alloc(SDP_UINT32_LENGTH * totalServiceRecordCount);
705 if (handleArray == NULL) {
706 LOG_ERROR("handleArray is NULL");
707 return;
708 }
709 (void)memset_s(
710 handleArray, SDP_UINT32_LENGTH * totalServiceRecordCount, 0, SDP_UINT32_LENGTH * totalServiceRecordCount);
711 /// ServiceRecordHandleList
712 uint16_t handleNum =
713 SdpParseServiceRecordHandleList(addr, transactionId, totalServiceRecordCount, packet, handleArray);
714 if (handleNum == 0) {
715 LOG_ERROR("[%{public}s][%{public}d] Parse handle list failed.", __FUNCTION__, __LINE__);
716 SdpCallbackError(addr, transactionId);
717 MEM_MALLOC.free(handleArray);
718 handleArray = NULL;
719 return;
720 }
721
722 LOG_DEBUG("[%{public}s][%{public}d] ServiceSearchCallback start", __FUNCTION__, __LINE__);
723 callback = SdpGetCallback(addr, transactionId, &context);
724 if (callback.ServiceSearchCb != NULL) {
725 callback.ServiceSearchCb(addr, handleArray, handleNum, context);
726 }
727 LOG_DEBUG("[%{public}s][%{public}d] ServiceSearchCallback end", __FUNCTION__, __LINE__);
728
729 SdpRemoveRequestByTransactionId(transactionId);
730 MEM_MALLOC.free(handleArray);
731 handleArray = NULL;
732 }
733
SdpParseAttributeResponse(const BtAddr * addr,uint16_t lcid,uint16_t transactionId,Packet * packet)734 static void SdpParseAttributeResponse(const BtAddr *addr, uint16_t lcid, uint16_t transactionId, Packet *packet)
735 {
736 SdpService service;
737 uint16_t attributeListByteCount;
738 uint8_t buffer[2] = {0};
739 uint16_t length;
740 SdpServiceCallback callback;
741 void *context = NULL;
742 int ret;
743
744 /// AttributeListByteCount <= mtu
745 PacketExtractHead(packet, buffer, sizeof(buffer));
746 length = PacketSize(packet);
747 attributeListByteCount = BE2H_16(*(uint16_t *)buffer);
748 if (attributeListByteCount >= length) {
749 LOG_ERROR("[%{public}s][%{public}d] Wrong attribute list count [%{public}d]",
750 __FUNCTION__, __LINE__, attributeListByteCount);
751 SdpCallbackError(addr, transactionId);
752 return;
753 }
754
755 /// ContinuationState
756 length = length - attributeListByteCount;
757 packet = SdpParseResponseCommon(addr, lcid, transactionId, packet, length);
758 if (packet == NULL) {
759 return;
760 }
761
762 (void)memset_s(&service, sizeof(SdpService), 0, sizeof(SdpService));
763 ret = SdpParseAttributeList(addr, transactionId, packet, &service);
764 if (ret <= 0) {
765 LOG_ERROR("[%{public}s][%{public}d] Parse attribute list failed.", __FUNCTION__, __LINE__);
766 SdpCallbackError(addr, transactionId);
767 SdpFreeService(&service);
768 return;
769 }
770
771 LOG_DEBUG("[%{public}s][%{public}d] ServiceAttributeCallback start", __FUNCTION__, __LINE__);
772 callback = SdpGetCallback(addr, transactionId, &context);
773 if (callback.ServiceAttributeCb != NULL) {
774 callback.ServiceAttributeCb(addr, &service, context);
775 }
776 LOG_DEBUG("[%{public}s][%{public}d] ServiceAttributeCallback end", __FUNCTION__, __LINE__);
777
778 SdpFreeService(&service);
779 SdpRemoveRequestByTransactionId(transactionId);
780 }
781
782 NO_SANITIZE("cfi")
SdpParseSearchAttributeResponse(const BtAddr * addr,uint16_t lcid,uint16_t transactionId,Packet * packet)783 static void SdpParseSearchAttributeResponse(const BtAddr *addr, uint16_t lcid, uint16_t transactionId, Packet *packet)
784 {
785 SdpService serviceArray[SDP_SERVICE_ARRAY_NUMBER] = {0};
786 uint16_t serviceNum;
787 uint16_t attributeListByteCount;
788 uint8_t buffer[2] = {0};
789 uint16_t length;
790 SdpServiceCallback callback;
791 void *context = NULL;
792
793 /// AttributeListByteCount <= mtu
794 PacketExtractHead(packet, buffer, sizeof(buffer));
795 length = PacketSize(packet);
796 attributeListByteCount = BE2H_16(*(uint16_t *)buffer);
797 if (attributeListByteCount >= length) {
798 SdpCallbackError(addr, transactionId);
799 LOG_ERROR("[%{public}s][%{public}d] Wrong attribute list count [%{public}d]",
800 __FUNCTION__, __LINE__, attributeListByteCount);
801 return;
802 }
803
804 /// ContinuationState
805 length = length - attributeListByteCount;
806 packet = SdpParseResponseCommon(addr, lcid, transactionId, packet, length);
807 if (packet == NULL) {
808 return;
809 }
810
811 /// AttributeLists
812 serviceNum = SdpParseAttributeListArray(addr, transactionId, packet, serviceArray);
813 if (serviceNum == 0) {
814 SdpCallbackError(addr, transactionId);
815 return;
816 }
817
818 LOG_DEBUG("[%{public}s][%{public}d] ServiceSearchAttributeCallback start", __FUNCTION__, __LINE__);
819 callback = SdpGetCallback(addr, transactionId, &context);
820 if (callback.ServiceSearchAttributeCb != NULL) {
821 callback.ServiceSearchAttributeCb(addr, serviceArray, serviceNum, context);
822 }
823 LOG_DEBUG("[%{public}s][%{public}d] ServiceSearchAttributeCallback end", __FUNCTION__, __LINE__);
824
825 SdpFreeServiceArray(serviceArray, serviceNum);
826 SdpRemoveRequestByTransactionId(transactionId);
827 }
828
SdpGetValue(BufferInfo * bufferInfo,uint32_t * value)829 static int SdpGetValue(BufferInfo *bufferInfo, uint32_t *value)
830 {
831 uint32_t length = 0;
832 uint16_t offset = 0;
833 uint16_t pos;
834
835 uint8_t type = bufferInfo->buffer[offset];
836 offset++;
837 pos = SdpGetLengthFromType(bufferInfo->buffer + offset, type, &length);
838 if (bufferInfo->length < length) {
839 LOG_ERROR("[%{public}s][%{public}d] Wrong length.", __FUNCTION__, __LINE__);
840 return BT_BAD_PARAM;
841 }
842 if (((type >> SDP_DESCRIPTOR_SIZE_BIT) != DE_TYPE_UINT) || (length != SDP_UINT32_LENGTH)) {
843 LOG_ERROR("[%{public}s][%{public}d] Wrong type [0x%02x]", __FUNCTION__, __LINE__, type);
844 return BT_BAD_PARAM;
845 }
846
847 *value = BE2H_32(*(uint32_t *)(bufferInfo->buffer + offset));
848 offset += pos;
849
850 return offset;
851 }
852
SdpGetALLValue(BufferInfo * bufferInfo,uint32_t * data,SdpDataType * dataType)853 static int SdpGetALLValue(BufferInfo *bufferInfo, uint32_t *data, SdpDataType *dataType)
854 {
855 uint32_t length = 0;
856 uint16_t offset = 0;
857 SdpDataType valueType = 0;
858 uint32_t value = 0;
859
860 /// Descriptor type
861 uint8_t type = bufferInfo->buffer[offset];
862 offset++;
863 SdpGetLengthFromType(bufferInfo->buffer + offset, type, &length);
864 if (bufferInfo->length < length) {
865 LOG_ERROR("[%{public}s][%{public}d] Wrong length.", __FUNCTION__, __LINE__);
866 return BT_BAD_PARAM;
867 }
868 if ((type >> SDP_DESCRIPTOR_SIZE_BIT) != DE_TYPE_UINT) {
869 LOG_ERROR("[%{public}s][%{public}d] Wrong type [0x%02x]", __FUNCTION__, __LINE__, type);
870 return BT_BAD_PARAM;
871 }
872
873 switch (length) {
874 case SDP_UINT8_LENGTH:
875 valueType = SDP_TYPE_UINT_8;
876 value = bufferInfo->buffer[offset];
877 break;
878 case SDP_UINT16_LENGTH:
879 valueType = SDP_TYPE_UINT_16;
880 value = BE2H_16(*(uint16_t *)(bufferInfo->buffer + offset));
881 break;
882 case SDP_UINT32_LENGTH:
883 valueType = SDP_TYPE_UINT_32;
884 value = BE2H_32(*(uint32_t *)(bufferInfo->buffer + offset));
885 break;
886 default:
887 length = 0;
888 break;
889 }
890 offset += length;
891
892 *data = value;
893 *dataType = valueType;
894 return offset;
895 }
896
SdpGetString(BufferInfo * bufferInfo,char * name,SdpDescriptorType nameType)897 static int SdpGetString(BufferInfo *bufferInfo, char *name, SdpDescriptorType nameType)
898 {
899 uint32_t length = 0;
900 uint16_t offset = 0;
901 uint16_t pos;
902
903 uint8_t type = bufferInfo->buffer[offset];
904 offset++;
905 pos = SdpGetLengthFromType(bufferInfo->buffer + offset, type, &length);
906 if (bufferInfo->length < length) {
907 LOG_ERROR("[%{public}s][%{public}d] Wrong length.", __FUNCTION__, __LINE__);
908 return BT_BAD_PARAM;
909 }
910 if ((type >> SDP_DESCRIPTOR_SIZE_BIT) != nameType) {
911 LOG_ERROR("[%{public}s][%{public}d] Wrong type [0x%02x]", __FUNCTION__, __LINE__, type);
912 return BT_BAD_PARAM;
913 }
914 offset += pos;
915 if (length >= SDP_MAX_ATTRIBUTE_LEN - 1) {
916 length = SDP_MAX_ATTRIBUTE_LEN;
917 }
918 if (memcpy_s(name, length, bufferInfo->buffer + offset, length) != EOK) {
919 LOG_ERROR("[%{public}s][%{public}d] memcpy_s fail", __FUNCTION__, __LINE__);
920 return BT_OPERATION_FAILED;
921 }
922 name[length] = '\0';
923 offset += length;
924
925 return offset;
926 }
927
SdpGetServiceRecordHandle(BufferInfo * bufferInfo,SdpService * service)928 static int SdpGetServiceRecordHandle(BufferInfo *bufferInfo, SdpService *service)
929 {
930 return SdpGetValue(bufferInfo, &service->handle);
931 }
932
SdpGetServiceClassIdList(BufferInfo * bufferInfo,SdpService * service)933 static uint16_t SdpGetServiceClassIdList(BufferInfo *bufferInfo, SdpService *service)
934 {
935 uint16_t classIdNumber = 0;
936 uint32_t length = 0;
937 uint16_t offset = 0;
938 uint8_t type;
939 uint16_t pos;
940 uint32_t i = 0;
941
942 service->classId = MEM_MALLOC.alloc(sizeof(BtUuid) * SDP_MAX_UUID_COUNT);
943 if (service->classId == NULL) {
944 LOG_ERROR("point to NULL");
945 return 0;
946 }
947 (void)memset_s(service->classId, sizeof(BtUuid) * SDP_MAX_UUID_COUNT, 0, sizeof(BtUuid) * SDP_MAX_UUID_COUNT);
948
949 type = bufferInfo->buffer[offset];
950 offset++;
951 pos = SdpGetLengthFromType(bufferInfo->buffer + offset, type, &length);
952 if (bufferInfo->length < length) {
953 LOG_ERROR("[%{public}s][%{public}d] Wrong length.", __FUNCTION__, __LINE__);
954 return 0;
955 }
956 offset += pos;
957 pos = offset;
958
959 while (i < length) {
960 if (classIdNumber >= SDP_MAX_UUID_COUNT) {
961 offset = length + pos;
962 break;
963 }
964 pos = SdpGetUuid(bufferInfo->buffer + offset, &service->classId[classIdNumber]);
965 i += pos;
966 offset += pos;
967 classIdNumber++;
968 }
969 service->classIdNumber = classIdNumber;
970
971 return offset;
972 }
973
SdpGetServiceRecordState(BufferInfo * bufferInfo,SdpService * service)974 static int SdpGetServiceRecordState(BufferInfo *bufferInfo, SdpService *service)
975 {
976 return SdpGetValue(bufferInfo, &service->state);
977 }
978
SdpGetServiceId(uint8_t * buffer,SdpService * service)979 static int SdpGetServiceId(uint8_t *buffer, SdpService *service)
980 {
981 return SdpGetUuid(buffer, &service->serviceId);
982 }
983
SdpGetCommonProtocolDescriptorEachList(SdpProtocolDescriptor * descriptor,uint16_t descriptorNumber,uint32_t currentLength,BufferInfo * bufferInfo,int offset)984 static int SdpGetCommonProtocolDescriptorEachList(SdpProtocolDescriptor *descriptor, uint16_t descriptorNumber,
985 uint32_t currentLength, BufferInfo *bufferInfo, int offset)
986 {
987 uint16_t parameterNumber = 0;
988 uint32_t length = 0;
989 int pos;
990
991 while (currentLength) {
992 if (bufferInfo->buffer[offset] == 0x35) {
993 uint8_t type = 0x35;
994 SdpGetLengthFromType(bufferInfo->buffer + offset + 1, type, &length);
995 if (bufferInfo->length < length) {
996 LOG_ERROR("[%{public}s][%{public}d] Wrong length.", __FUNCTION__, __LINE__);
997 return BT_BAD_PARAM;
998 }
999 offset = offset + length + SDP_UINT16_LENGTH;
1000 currentLength = currentLength - length - SDP_UINT16_LENGTH;
1001 continue;
1002 }
1003 BufferInfo parseBufferInfo = {
1004 .buffer = bufferInfo->buffer + offset,
1005 .length = bufferInfo->length
1006 };
1007 pos = SdpGetALLValue(&parseBufferInfo,
1008 &descriptor[descriptorNumber].parameter[parameterNumber].value,
1009 &descriptor[descriptorNumber].parameter[parameterNumber].type);
1010 if (pos <= 0) {
1011 return BT_BAD_PARAM;
1012 }
1013 currentLength = currentLength - pos;
1014 offset += pos;
1015 parameterNumber++;
1016 }
1017 descriptor[descriptorNumber].parameterNumber = parameterNumber;
1018
1019 return offset;
1020 }
1021
SdpGetCommonProtocolDescriptorList(BufferInfo * bufferInfo,SdpProtocolDescriptor * descriptor,uint16_t * protocolDescriptorNumber)1022 static int SdpGetCommonProtocolDescriptorList(
1023 BufferInfo *bufferInfo, SdpProtocolDescriptor *descriptor, uint16_t *protocolDescriptorNumber)
1024 {
1025 uint16_t descriptorNumber = 0;
1026 uint32_t totalLength = 0;
1027 uint32_t currentLength = 0;
1028 int offset = 0;
1029 uint16_t pos;
1030 uint8_t type = bufferInfo->buffer[offset];
1031
1032 offset++;
1033 pos = SdpGetLengthFromType(bufferInfo->buffer + offset, type, &totalLength);
1034 if (bufferInfo->length < totalLength) {
1035 LOG_ERROR("[%{public}s][%{public}d] Wrong length.", __FUNCTION__, __LINE__);
1036 return BT_BAD_PARAM;
1037 }
1038 if ((type >> SDP_DESCRIPTOR_SIZE_BIT) != DE_TYPE_DES) {
1039 LOG_ERROR("[%{public}s][%{public}d] Wrong type [0x%02x]", __FUNCTION__, __LINE__, type);
1040 return BT_BAD_PARAM;
1041 }
1042 offset += pos;
1043
1044 while (totalLength) {
1045 if (descriptorNumber >= SDP_PROTOCOL_DESCRIPTOR_MAX) {
1046 break;
1047 }
1048 type = bufferInfo->buffer[offset];
1049 totalLength--;
1050 offset++;
1051 pos = SdpGetLengthFromType(bufferInfo->buffer + offset, type, ¤tLength);
1052 if (totalLength < currentLength) {
1053 LOG_ERROR("[%{public}s][%{public}d] Wrong length.", __FUNCTION__, __LINE__);
1054 return BT_BAD_PARAM;
1055 }
1056 if ((type >> SDP_DESCRIPTOR_SIZE_BIT) != DE_TYPE_DES) {
1057 LOG_ERROR("[%{public}s][%{public}d] Wrong type [0x%02x]", __FUNCTION__, __LINE__, type);
1058 return BT_BAD_PARAM;
1059 }
1060 totalLength = totalLength - pos;
1061 offset += pos;
1062 pos = SdpGetUuid(bufferInfo->buffer + offset, &descriptor[descriptorNumber].protocolUuid);
1063 totalLength = totalLength - currentLength;
1064 currentLength = currentLength - pos;
1065 offset += pos;
1066 offset = SdpGetCommonProtocolDescriptorEachList(descriptor, descriptorNumber,
1067 currentLength, bufferInfo, offset);
1068 if (offset <= 0) {
1069 return offset;
1070 }
1071 descriptorNumber++;
1072 }
1073 *protocolDescriptorNumber = descriptorNumber;
1074
1075 return offset;
1076 }
1077
SdpGetProtocolDescriptorList(BufferInfo * bufferInfo,SdpService * service)1078 static int SdpGetProtocolDescriptorList(BufferInfo *bufferInfo, SdpService *service)
1079 {
1080 int offset;
1081
1082 service->descriptor = MEM_MALLOC.alloc(sizeof(SdpProtocolDescriptor) * SDP_PROTOCOL_DESCRIPTOR_MAX);
1083 if (service->descriptor == NULL) {
1084 LOG_ERROR("point to NULL");
1085 return BT_NO_MEMORY;
1086 }
1087 (void)memset_s(service->descriptor,
1088 sizeof(SdpProtocolDescriptor) * SDP_PROTOCOL_DESCRIPTOR_MAX,
1089 0,
1090 sizeof(SdpProtocolDescriptor) * SDP_PROTOCOL_DESCRIPTOR_MAX);
1091
1092 offset = SdpGetCommonProtocolDescriptorList(bufferInfo, service->descriptor, &service->descriptorNumber);
1093 return offset;
1094 }
1095
SdpGetAdditionalProtocolDescriptorList(BufferInfo * bufferInfo,SdpService * service)1096 static int SdpGetAdditionalProtocolDescriptorList(BufferInfo *bufferInfo, SdpService *service)
1097 {
1098 uint16_t descriptorListNumber = 0;
1099 uint32_t descriptorLength = 0;
1100 uint16_t offset = 0;
1101 int pos;
1102
1103 uint8_t type = bufferInfo->buffer[offset];
1104 offset++;
1105 pos = SdpGetLengthFromType(bufferInfo->buffer + offset, type, &descriptorLength);
1106 if (bufferInfo->length < descriptorLength) {
1107 LOG_ERROR("[%{public}s][%{public}d] Wrong length.", __FUNCTION__, __LINE__);
1108 return BT_BAD_PARAM;
1109 }
1110 if ((type >> SDP_DESCRIPTOR_SIZE_BIT) != DE_TYPE_DES) {
1111 LOG_ERROR("[%{public}s][%{public}d] Wrong type [0x%02x]", __FUNCTION__, __LINE__, type);
1112 return BT_BAD_PARAM;
1113 }
1114 offset += pos;
1115 pos = offset;
1116 service->descriptorList =
1117 MEM_MALLOC.alloc(sizeof(SdpAdditionalProtocolDescriptor) * SDP_PROTOCOL_DESCRIPTOR_LIST_MAX);
1118 if (service->descriptorList == NULL) {
1119 LOG_ERROR("point to NULL");
1120 return BT_NO_MEMORY;
1121 }
1122 (void)memset_s(service->descriptorList,
1123 sizeof(SdpAdditionalProtocolDescriptor) * SDP_PROTOCOL_DESCRIPTOR_LIST_MAX,
1124 0,
1125 sizeof(SdpAdditionalProtocolDescriptor) * SDP_PROTOCOL_DESCRIPTOR_LIST_MAX);
1126
1127 while (descriptorLength) {
1128 if (descriptorListNumber >= SDP_PROTOCOL_DESCRIPTOR_LIST_MAX) {
1129 offset = descriptorLength + pos;
1130 break;
1131 }
1132 BufferInfo parseBufferInfo = {
1133 .buffer = bufferInfo->buffer + offset,
1134 .length = bufferInfo->length
1135 };
1136 pos = SdpGetCommonProtocolDescriptorList(&parseBufferInfo,
1137 service->descriptorList[descriptorListNumber].parameter,
1138 &service->descriptorList[descriptorListNumber].protocolDescriptorNumber);
1139 if (pos <= 0) {
1140 return BT_BAD_PARAM;
1141 }
1142 offset += pos;
1143 descriptorLength = descriptorLength - pos;
1144 descriptorListNumber++;
1145 }
1146 service->descriptorListNumber = descriptorListNumber;
1147
1148 return offset;
1149 }
1150
SdpGetBrowseGroupList(BufferInfo * bufferInfo,SdpService * service)1151 static int SdpGetBrowseGroupList(BufferInfo *bufferInfo, SdpService *service)
1152 {
1153 uint16_t browseUuidNumber = 0;
1154 uint32_t length = 0;
1155 uint16_t offset = 0;
1156 uint16_t pos;
1157
1158 uint8_t type = bufferInfo->buffer[offset];
1159 offset++;
1160 pos = SdpGetLengthFromType(bufferInfo->buffer + offset, type, &length);
1161 if (bufferInfo->length < length) {
1162 LOG_ERROR("[%{public}s][%{public}d] Wrong length.", __FUNCTION__, __LINE__);
1163 return BT_BAD_PARAM;
1164 }
1165 offset += pos;
1166
1167 service->browseUuid = MEM_MALLOC.alloc(sizeof(BtUuid) * SDP_MAX_UUID_COUNT);
1168 if (service->browseUuid == NULL) {
1169 LOG_ERROR("point to NULL");
1170 return BT_NO_MEMORY;
1171 }
1172 (void)memset_s(service->browseUuid, sizeof(BtUuid) * SDP_MAX_UUID_COUNT, 0, sizeof(BtUuid) * SDP_MAX_UUID_COUNT);
1173
1174 while (length) {
1175 if (browseUuidNumber >= SDP_MAX_UUID_COUNT) {
1176 break;
1177 }
1178 pos = SdpGetUuid(bufferInfo->buffer + offset, &service->browseUuid[browseUuidNumber]);
1179 length = length - pos;
1180 offset += pos;
1181 browseUuidNumber++;
1182 }
1183 service->browseUuidNumber = browseUuidNumber;
1184
1185 return offset;
1186 }
1187
SdpGetLanguageBaseAttributeIdList(BufferInfo * bufferInfo,SdpService * service)1188 static int SdpGetLanguageBaseAttributeIdList(BufferInfo *bufferInfo, SdpService *service)
1189 {
1190 uint16_t baseAttributeIdNumber = 0;
1191 uint32_t length = 0;
1192 uint16_t offset = 0;
1193 uint8_t type = bufferInfo->buffer[offset];
1194
1195 offset++;
1196 uint16_t pos = SdpGetLengthFromType(bufferInfo->buffer + offset, type, &length);
1197 if (bufferInfo->length < length) {
1198 LOG_ERROR("[%{public}s][%{public}d] Wrong length.", __FUNCTION__, __LINE__);
1199 return BT_BAD_PARAM;
1200 }
1201 if ((type >> SDP_DESCRIPTOR_SIZE_BIT) != DE_TYPE_DES) {
1202 return BT_BAD_PARAM;
1203 }
1204 offset += pos;
1205 if ((length / SDP_LANGUAGE_ATTRIBUTE_LENGTH) == 0) {
1206 LOG_ERROR("[%{public}s][%{public}d] Wrong count [%{public}d]", __FUNCTION__, __LINE__, length);
1207 return BT_BAD_PARAM;
1208 }
1209 service->baseAttributeId = MEM_MALLOC.alloc(sizeof(SdpLanguageBaseAttributeId) * SDP_LANGUAGE_ATTRIBUTE_MAX);
1210 if (service->baseAttributeId == NULL) {
1211 LOG_ERROR("baseAttributeId is NULL");
1212 return BT_NO_MEMORY;
1213 }
1214 uint16_t setLength = sizeof(SdpLanguageBaseAttributeId) * SDP_LANGUAGE_ATTRIBUTE_MAX;
1215 (void)memset_s(service->baseAttributeId, setLength, 0, setLength);
1216
1217 while (length) {
1218 /// Language Code
1219 type = bufferInfo->buffer[offset];
1220 offset++;
1221 if (((type >> SDP_DESCRIPTOR_SIZE_BIT) != DE_TYPE_UINT) || ((type & 0x07) != DE_SIZE_16)) {
1222 LOG_ERROR("[%{public}s][%{public}d] Wrong type [0x%02x]", __FUNCTION__, __LINE__, type);
1223 return BT_BAD_PARAM;
1224 }
1225 service->baseAttributeId[baseAttributeIdNumber].languageIdentifier =
1226 BE2H_16(*(uint16_t *)(bufferInfo->buffer + offset));
1227 offset += SDP_UINT16_LENGTH;
1228
1229 /// Language Encoding
1230 type = bufferInfo->buffer[offset];
1231 offset++;
1232 if (((type >> SDP_DESCRIPTOR_SIZE_BIT) != DE_TYPE_UINT) || ((type & 0x07) != DE_SIZE_16)) {
1233 LOG_ERROR("[%{public}s][%{public}d] Wrong type [0x%02x]", __FUNCTION__, __LINE__, type);
1234 return BT_BAD_PARAM;
1235 }
1236 service->baseAttributeId[baseAttributeIdNumber].characterEncodingIdentifier =
1237 BE2H_16(*(uint16_t *)(bufferInfo->buffer + offset));
1238 offset += SDP_UINT16_LENGTH;
1239
1240 /// Attribute Base
1241 type = bufferInfo->buffer[offset];
1242 offset++;
1243 if (((type >> SDP_DESCRIPTOR_SIZE_BIT) != DE_TYPE_UINT) || ((type & 0x07) != DE_SIZE_16)) {
1244 LOG_ERROR("[%{public}s][%{public}d] Wrong type [0x%02x]", __FUNCTION__, __LINE__, type);
1245 return BT_BAD_PARAM;
1246 }
1247 service->baseAttributeId[baseAttributeIdNumber].baseAttributeId =
1248 BE2H_16(*(uint16_t *)(bufferInfo->buffer + offset));
1249 offset += SDP_UINT16_LENGTH;
1250
1251 length = length - SDP_LANGUAGE_ATTRIBUTE_LENGTH;
1252 baseAttributeIdNumber++;
1253 }
1254 service->baseAttributeIdNumber = baseAttributeIdNumber;
1255
1256 return offset;
1257 }
1258
SdpGetServiceInfoTimeToLive(BufferInfo * bufferInfo,SdpService * service)1259 static int SdpGetServiceInfoTimeToLive(BufferInfo *bufferInfo, SdpService *service)
1260 {
1261 return SdpGetValue(bufferInfo, &service->serviceInfoTimeToLive);
1262 }
1263
SdpGetServiceAvailability(uint8_t * buffer,SdpService * service)1264 static int SdpGetServiceAvailability(uint8_t *buffer, SdpService *service)
1265 {
1266 uint16_t offset = 0;
1267 uint8_t type = buffer[offset];
1268
1269 offset++;
1270 if (((type >> SDP_DESCRIPTOR_SIZE_BIT) != DE_TYPE_UINT) || ((type & 0x07) != DE_SIZE_8)) {
1271 LOG_ERROR("[%{public}s][%{public}d] Wrong type [0x%02x]", __FUNCTION__, __LINE__, type);
1272 return BT_BAD_PARAM;
1273 }
1274 service->serviceAvailability = buffer[offset];
1275 offset++;
1276
1277 return offset;
1278 }
1279
SdpGetBluetoothProfileDescriptorList(BufferInfo * bufferInfo,SdpService * service)1280 static int SdpGetBluetoothProfileDescriptorList(BufferInfo *bufferInfo, SdpService *service)
1281 {
1282 uint16_t profileDescriptorNumber = 0;
1283 uint32_t length = 0;
1284 uint32_t currentLength = 0;
1285 uint16_t offset = 0;
1286 uint8_t type = bufferInfo->buffer[offset];
1287
1288 offset++;
1289 uint16_t pos = SdpGetLengthFromType(bufferInfo->buffer + offset, type, &length);
1290 if (bufferInfo->length < length) {
1291 LOG_ERROR("[%{public}s][%{public}d] Wrong length.", __FUNCTION__, __LINE__);
1292 return BT_BAD_PARAM;
1293 }
1294 if ((type >> SDP_DESCRIPTOR_SIZE_BIT) != DE_TYPE_DES) {
1295 return BT_BAD_PARAM;
1296 }
1297 offset += pos;
1298
1299 service->profileDescriptor = MEM_MALLOC.alloc(sizeof(SdpProfileDescriptor) * SDP_PROTOCOL_PARAMETER_MAX_COUNT);
1300 if (service->profileDescriptor == NULL) {
1301 LOG_ERROR("profileDescriptor is NULL");
1302 return BT_NO_MEMORY;
1303 }
1304 (void)memset_s(service->profileDescriptor,
1305 sizeof(SdpProfileDescriptor) * SDP_PROTOCOL_PARAMETER_MAX_COUNT,
1306 0,
1307 sizeof(SdpProfileDescriptor) * SDP_PROTOCOL_PARAMETER_MAX_COUNT);
1308
1309 while (length) {
1310 /// UUID
1311 type = *(bufferInfo->buffer + offset);
1312 length--;
1313 offset++;
1314 pos = SdpGetLengthFromType(bufferInfo->buffer + offset, type, ¤tLength);
1315 if (bufferInfo->length < currentLength) {
1316 LOG_ERROR("[%{public}s][%{public}d] Wrong length.", __FUNCTION__, __LINE__);
1317 return BT_BAD_PARAM;
1318 }
1319 if ((type >> SDP_DESCRIPTOR_SIZE_BIT) != DE_TYPE_DES) {
1320 LOG_ERROR("[%{public}s][%{public}d] Wrong type [0x%02x]", __FUNCTION__, __LINE__, type);
1321 return BT_BAD_PARAM;
1322 }
1323 length = length - pos;
1324 offset += pos;
1325 pos = SdpGetUuid(bufferInfo->buffer + offset,
1326 &service->profileDescriptor[profileDescriptorNumber].profileUuid);
1327 length = length - currentLength;
1328 offset += pos;
1329 if (currentLength == pos) {
1330 profileDescriptorNumber++;
1331 continue;
1332 }
1333
1334 /// Protocol Version
1335 type = *(bufferInfo->buffer + offset);
1336 offset++;
1337 pos = SdpGetLengthFromType(bufferInfo->buffer + offset, type, ¤tLength);
1338 if (((type >> SDP_DESCRIPTOR_SIZE_BIT) != DE_TYPE_UINT) || (currentLength != SDP_UINT16_LENGTH)) {
1339 LOG_ERROR("[%{public}s][%{public}d] Wrong type [0x%02x]", __FUNCTION__, __LINE__, type);
1340 return BT_BAD_PARAM;
1341 }
1342 service->profileDescriptor[profileDescriptorNumber].versionNumber =
1343 BE2H_16(*(uint16_t *)(bufferInfo->buffer + offset));
1344 offset += pos;
1345
1346 profileDescriptorNumber++;
1347 }
1348 service->profileDescriptorNumber = profileDescriptorNumber;
1349
1350 return offset;
1351 }
1352
SdpGetDocumentationUrl(BufferInfo * bufferInfo,SdpService * service)1353 static int SdpGetDocumentationUrl(BufferInfo *bufferInfo, SdpService *service)
1354 {
1355 service->documentationUrl = MEM_MALLOC.alloc(SDP_MAX_ATTRIBUTE_LEN);
1356 if (service->documentationUrl == NULL) {
1357 LOG_ERROR("point to NULL");
1358 return BT_NO_MEMORY;
1359 }
1360 (void)memset_s(service->documentationUrl, SDP_MAX_ATTRIBUTE_LEN, 0, SDP_MAX_ATTRIBUTE_LEN);
1361
1362 return SdpGetString(bufferInfo, service->documentationUrl, DE_TYPE_URL);
1363 }
1364
SdpGetClientExecutableUrl(BufferInfo * bufferInfo,SdpService * service)1365 static int SdpGetClientExecutableUrl(BufferInfo *bufferInfo, SdpService *service)
1366 {
1367 service->clientExecutableUrl = MEM_MALLOC.alloc(SDP_MAX_ATTRIBUTE_LEN);
1368 if (service->clientExecutableUrl == NULL) {
1369 LOG_ERROR("point to NULL");
1370 return BT_NO_MEMORY;
1371 }
1372 (void)memset_s(service->clientExecutableUrl, SDP_MAX_ATTRIBUTE_LEN, 0, SDP_MAX_ATTRIBUTE_LEN);
1373
1374 return SdpGetString(bufferInfo, service->clientExecutableUrl, DE_TYPE_URL);
1375 }
1376
SdpGetIconUrl(BufferInfo * bufferInfo,SdpService * service)1377 static int SdpGetIconUrl(BufferInfo *bufferInfo, SdpService *service)
1378 {
1379 service->iconUrl = MEM_MALLOC.alloc(SDP_MAX_ATTRIBUTE_LEN);
1380 if (service->iconUrl == NULL) {
1381 LOG_ERROR("point to NULL");
1382 return BT_NO_MEMORY;
1383 }
1384 (void)memset_s(service->iconUrl, SDP_MAX_ATTRIBUTE_LEN, 0, SDP_MAX_ATTRIBUTE_LEN);
1385
1386 return SdpGetString(bufferInfo, service->iconUrl, DE_TYPE_URL);
1387 }
1388
SdpGetServiceName(BufferInfo * bufferInfo,SdpService * service)1389 static int SdpGetServiceName(BufferInfo *bufferInfo, SdpService *service)
1390 {
1391 service->serviceName = MEM_MALLOC.alloc(SDP_MAX_ATTRIBUTE_LEN);
1392 if (service->serviceName == NULL) {
1393 LOG_ERROR("point to NULL");
1394 return BT_NO_MEMORY;
1395 }
1396 (void)memset_s(service->serviceName, SDP_MAX_ATTRIBUTE_LEN, 0, SDP_MAX_ATTRIBUTE_LEN);
1397
1398 return SdpGetString(bufferInfo, service->serviceName, DE_TYPE_STRING);
1399 }
1400
SdpGetServiceDescription(BufferInfo * bufferInfo,SdpService * service)1401 static int SdpGetServiceDescription(BufferInfo *bufferInfo, SdpService *service)
1402 {
1403 service->serviceDescription = MEM_MALLOC.alloc(SDP_MAX_ATTRIBUTE_LEN);
1404 if (service->serviceDescription == NULL) {
1405 LOG_ERROR("point to NULL");
1406 return BT_NO_MEMORY;
1407 }
1408 (void)memset_s(service->serviceDescription, SDP_MAX_ATTRIBUTE_LEN, 0, SDP_MAX_ATTRIBUTE_LEN);
1409
1410 return SdpGetString(bufferInfo, service->serviceDescription, DE_TYPE_STRING);
1411 }
1412
SdpGetProviderName(BufferInfo * bufferInfo,SdpService * service)1413 static int SdpGetProviderName(BufferInfo *bufferInfo, SdpService *service)
1414 {
1415 service->providerName = MEM_MALLOC.alloc(SDP_MAX_ATTRIBUTE_LEN);
1416 if (service->providerName == NULL) {
1417 LOG_ERROR("point to NULL");
1418 return BT_NO_MEMORY;
1419 }
1420 (void)memset_s(service->providerName, SDP_MAX_ATTRIBUTE_LEN, 0, SDP_MAX_ATTRIBUTE_LEN);
1421
1422 return SdpGetString(bufferInfo, service->providerName, DE_TYPE_STRING);
1423 }
1424
SdpGetSequenceAttribute(uint16_t attributeId,BufferInfo * bufferInfo,SdpService * service)1425 static int SdpGetSequenceAttribute(uint16_t attributeId, BufferInfo *bufferInfo, SdpService *service)
1426 {
1427 uint32_t length = 0;
1428 uint16_t offset = 0;
1429 uint16_t pos;
1430 uint8_t type;
1431
1432 if (service->sequenceAttributeNumber >= SDP_SEQUENCE_ATTRIBUTE_COUNT) {
1433 return BT_BAD_PARAM;
1434 }
1435 type = bufferInfo->buffer[offset];
1436 offset++;
1437 pos = SdpGetLengthFromType(bufferInfo->buffer + offset, type, &length);
1438 if (bufferInfo->length < length) {
1439 LOG_ERROR("[%{public}s][%{public}d] Wrong length.", __FUNCTION__, __LINE__);
1440 return BT_BAD_PARAM;
1441 }
1442 offset += pos;
1443
1444 service->sequenceAttribute[service->sequenceAttributeNumber].attributeValue = MEM_MALLOC.alloc(length);
1445 if (service->sequenceAttribute[service->sequenceAttributeNumber].attributeValue == NULL) {
1446 LOG_ERROR("point to NULL");
1447 return BT_NO_MEMORY;
1448 }
1449 (void)memset_s(service->sequenceAttribute[service->sequenceAttributeNumber].attributeValue, length, 0, length);
1450
1451 service->sequenceAttribute[service->sequenceAttributeNumber].attributeId = attributeId;
1452 service->sequenceAttribute[service->sequenceAttributeNumber].attributeValueLength = length;
1453 (void)memcpy_s(service->sequenceAttribute[service->sequenceAttributeNumber].attributeValue,
1454 length, bufferInfo->buffer + offset, length);
1455 service->sequenceAttributeNumber++;
1456 offset += length;
1457
1458 return offset;
1459 }
1460
SdpGetAttributeForBool(uint8_t * buffer,uint8_t size,SdpService * service)1461 static int SdpGetAttributeForBool(uint8_t *buffer, uint8_t size, SdpService *service)
1462 {
1463 uint16_t offset = 0;
1464 uint8_t data;
1465
1466 if (service->attributeNumber >= SDP_ATTRIBUTE_COUNT) {
1467 return BT_BAD_PARAM;
1468 }
1469 if (size != DE_SIZE_8) {
1470 return BT_BAD_PARAM;
1471 }
1472
1473 data = buffer[1];
1474 service->attribute[service->attributeNumber].type = SDP_TYPE_BOOL;
1475 service->attribute[service->attributeNumber].attributeValueLength = SDP_UINT8_LENGTH;
1476 service->attribute[service->attributeNumber].attributeValue = MEM_MALLOC.alloc(SDP_UINT8_LENGTH);
1477 if (service->attribute[service->attributeNumber].attributeValue == NULL) {
1478 LOG_ERROR("point to NULL");
1479 return BT_NO_MEMORY;
1480 }
1481 (void)memset_s(service->attribute[service->attributeNumber].attributeValue, SDP_UINT8_LENGTH, 0, SDP_UINT8_LENGTH);
1482 (void)memcpy_s(
1483 service->attribute[service->attributeNumber].attributeValue, SDP_UINT8_LENGTH, &data, SDP_UINT8_LENGTH);
1484 offset += 1 + SDP_UINT8_LENGTH;
1485
1486 return offset;
1487 }
1488
SdpGetAttributeForUint(uint8_t * buffer,uint8_t size,SdpService * service)1489 static int SdpGetAttributeForUint(uint8_t *buffer, uint8_t size, SdpService *service)
1490 {
1491 uint16_t offset = 0;
1492
1493 if (service->attributeNumber >= SDP_ATTRIBUTE_COUNT) {
1494 return BT_BAD_PARAM;
1495 }
1496 switch (size) {
1497 case DE_SIZE_8:
1498 service->attribute[service->attributeNumber].type = SDP_TYPE_UINT_8;
1499 service->attribute[service->attributeNumber].attributeValueLength = SDP_UINT8_LENGTH;
1500 uint8_t data1 = buffer[1];
1501 service->attribute[service->attributeNumber].attributeValue = MEM_MALLOC.alloc(SDP_UINT8_LENGTH);
1502 if (service->attribute[service->attributeNumber].attributeValue == NULL) {
1503 LOG_ERROR("attributeValue is NULL");
1504 return BT_NO_MEMORY;
1505 }
1506 (void)memset_s(
1507 service->attribute[service->attributeNumber].attributeValue, SDP_UINT8_LENGTH, 0, SDP_UINT8_LENGTH);
1508 (void)memcpy_s(service->attribute[service->attributeNumber].attributeValue,
1509 SDP_UINT8_LENGTH,
1510 &data1,
1511 SDP_UINT8_LENGTH);
1512 offset += 1 + SDP_UINT8_LENGTH;
1513 break;
1514 case DE_SIZE_16:
1515 service->attribute[service->attributeNumber].type = SDP_TYPE_UINT_16;
1516 service->attribute[service->attributeNumber].attributeValueLength = SDP_UINT16_LENGTH;
1517 uint16_t data2 = BE2H_16(*(uint16_t *)(buffer + 1));
1518 service->attribute[service->attributeNumber].attributeValue = MEM_MALLOC.alloc(SDP_UINT16_LENGTH);
1519 if (service->attribute[service->attributeNumber].attributeValue == NULL) {
1520 LOG_ERROR("attributeValue is NULL");
1521 return BT_NO_MEMORY;
1522 }
1523 (void)memset_s(
1524 service->attribute[service->attributeNumber].attributeValue, SDP_UINT16_LENGTH, 0, SDP_UINT16_LENGTH);
1525 (void)memcpy_s(service->attribute[service->attributeNumber].attributeValue,
1526 SDP_UINT16_LENGTH,
1527 &data2,
1528 SDP_UINT16_LENGTH);
1529 offset += 1 + SDP_UINT16_LENGTH;
1530 break;
1531 case DE_SIZE_32:
1532 service->attribute[service->attributeNumber].type = SDP_TYPE_UINT_32;
1533 service->attribute[service->attributeNumber].attributeValueLength = SDP_UINT32_LENGTH;
1534 uint32_t data3 = BE2H_32(*(uint32_t *)(buffer + 1));
1535 service->attribute[service->attributeNumber].attributeValue = MEM_MALLOC.alloc(SDP_UINT32_LENGTH);
1536 if (service->attribute[service->attributeNumber].attributeValue == NULL) {
1537 LOG_ERROR("attributeValue is NULL");
1538 return BT_NO_MEMORY;
1539 }
1540 (void)memset_s(
1541 service->attribute[service->attributeNumber].attributeValue, SDP_UINT32_LENGTH, 0, SDP_UINT32_LENGTH);
1542 (void)memcpy_s(service->attribute[service->attributeNumber].attributeValue,
1543 SDP_UINT32_LENGTH,
1544 &data3,
1545 SDP_UINT32_LENGTH);
1546 offset += 1 + SDP_UINT32_LENGTH;
1547 break;
1548 default:
1549 return BT_BAD_PARAM;
1550 }
1551
1552 return offset;
1553 }
1554
SdpGetAttributeForInt(uint8_t * buffer,uint8_t size,SdpService * service)1555 static int SdpGetAttributeForInt(uint8_t *buffer, uint8_t size, SdpService *service)
1556 {
1557 uint16_t offset = 0;
1558
1559 if (service->attributeNumber >= SDP_ATTRIBUTE_COUNT) {
1560 return BT_BAD_PARAM;
1561 }
1562 switch (size) {
1563 case DE_SIZE_8:
1564 service->attribute[service->attributeNumber].type = SDP_TYPE_INT_8;
1565 service->attribute[service->attributeNumber].attributeValueLength = SDP_INT8_LENGTH;
1566 uint8_t data1 = buffer[1];
1567 service->attribute[service->attributeNumber].attributeValue = MEM_MALLOC.alloc(SDP_INT8_LENGTH);
1568 if (service->attribute[service->attributeNumber].attributeValue == NULL) {
1569 LOG_ERROR("attributeValue is NULL");
1570 return BT_NO_MEMORY;
1571 }
1572 (void)memcpy_s(
1573 service->attribute[service->attributeNumber].attributeValue, SDP_INT8_LENGTH, &data1, SDP_INT8_LENGTH);
1574 offset += 1 + SDP_INT8_LENGTH;
1575 break;
1576 case DE_SIZE_16:
1577 service->attribute[service->attributeNumber].type = SDP_TYPE_INT_16;
1578 service->attribute[service->attributeNumber].attributeValueLength = SDP_INT16_LENGTH;
1579 uint16_t data2 = BE2H_16(*(uint16_t *)(buffer + 1));
1580 service->attribute[service->attributeNumber].attributeValue = MEM_MALLOC.alloc(SDP_INT16_LENGTH);
1581 if (service->attribute[service->attributeNumber].attributeValue == NULL) {
1582 LOG_ERROR("attributeValue is NULL");
1583 return BT_NO_MEMORY;
1584 }
1585 (void)memcpy_s(service->attribute[service->attributeNumber].attributeValue,
1586 SDP_INT16_LENGTH,
1587 &data2,
1588 SDP_INT16_LENGTH);
1589 offset += 1 + SDP_INT16_LENGTH;
1590 break;
1591 case DE_SIZE_32:
1592 service->attribute[service->attributeNumber].type = SDP_TYPE_INT_32;
1593 service->attribute[service->attributeNumber].attributeValueLength = SDP_INT32_LENGTH;
1594 uint32_t data3 = BE2H_32(*(uint32_t *)(buffer + 1));
1595 service->attribute[service->attributeNumber].attributeValue = MEM_MALLOC.alloc(SDP_INT32_LENGTH);
1596 if (service->attribute[service->attributeNumber].attributeValue == NULL) {
1597 LOG_ERROR("attributeValue is NULL");
1598 return BT_NO_MEMORY;
1599 }
1600 (void)memcpy_s(service->attribute[service->attributeNumber].attributeValue,
1601 SDP_INT32_LENGTH,
1602 &data3,
1603 SDP_INT32_LENGTH);
1604 offset += 1 + SDP_INT32_LENGTH;
1605 break;
1606 default:
1607 return BT_BAD_PARAM;
1608 }
1609
1610 return offset;
1611 }
1612
SdpGetAttributeForUuid(uint8_t * buffer,uint8_t size,SdpService * service)1613 static int SdpGetAttributeForUuid(uint8_t *buffer, uint8_t size, SdpService *service)
1614 {
1615 uint16_t offset = 0;
1616
1617 if (service->attributeNumber >= SDP_ATTRIBUTE_COUNT) {
1618 return BT_BAD_PARAM;
1619 }
1620 switch (size) {
1621 case DE_SIZE_16:
1622 service->attribute[service->attributeNumber].type = SDP_TYPE_UUID_16;
1623 service->attribute[service->attributeNumber].attributeValueLength = SDP_UUID16_LENGTH;
1624 uint16_t data1 = BE2H_16(*(uint16_t *)(buffer + 1));
1625 service->attribute[service->attributeNumber].attributeValue = MEM_MALLOC.alloc(SDP_UUID16_LENGTH);
1626 if (service->attribute[service->attributeNumber].attributeValue == NULL) {
1627 LOG_ERROR("attributeValue is NULL");
1628 return BT_NO_MEMORY;
1629 }
1630 (void)memcpy_s(service->attribute[service->attributeNumber].attributeValue,
1631 SDP_UUID16_LENGTH,
1632 &data1,
1633 SDP_UUID16_LENGTH);
1634 offset += 1 + SDP_UUID16_LENGTH;
1635 break;
1636 case DE_SIZE_32:
1637 service->attribute[service->attributeNumber].type = SDP_TYPE_UUID_32;
1638 service->attribute[service->attributeNumber].attributeValueLength = SDP_UUID32_LENGTH;
1639 uint32_t data2 = BE2H_32(*(uint32_t *)(buffer + 1));
1640 service->attribute[service->attributeNumber].attributeValue = MEM_MALLOC.alloc(SDP_UUID32_LENGTH);
1641 if (service->attribute[service->attributeNumber].attributeValue == NULL) {
1642 LOG_ERROR("attributeValue is NULL");
1643 return BT_NO_MEMORY;
1644 }
1645 (void)memcpy_s(service->attribute[service->attributeNumber].attributeValue,
1646 SDP_UUID32_LENGTH,
1647 &data2,
1648 SDP_UUID32_LENGTH);
1649 offset += 1 + SDP_UUID32_LENGTH;
1650 break;
1651 case DE_SIZE_128:
1652 service->attribute[service->attributeNumber].type = SDP_TYPE_UUID_128;
1653 service->attribute[service->attributeNumber].attributeValueLength = SDP_UUID128_LENGTH;
1654 SdpReverseForBigEndian(
1655 buffer + 1, service->attribute[service->attributeNumber].attributeValue, SDP_UUID128_LENGTH);
1656 offset += 1 + SDP_UUID128_LENGTH;
1657 break;
1658 default:
1659 return BT_BAD_PARAM;
1660 }
1661
1662 return offset;
1663 }
1664
SdpGetAttributeForString(uint8_t * buffer,uint8_t size,SdpService * service)1665 static int SdpGetAttributeForString(uint8_t *buffer, uint8_t size, SdpService *service)
1666 {
1667 uint16_t offset = 0;
1668 uint16_t length;
1669
1670 if (service->attributeNumber >= SDP_ATTRIBUTE_COUNT) {
1671 return BT_BAD_PARAM;
1672 }
1673 switch (size) {
1674 case DE_SIZE_VAR_16:
1675 length = BE2H_16(*(uint16_t *)(buffer + 1));
1676 service->attribute[service->attributeNumber].attributeValueLength = length;
1677 service->attribute[service->attributeNumber].attributeValue = MEM_MALLOC.alloc(length);
1678 if (service->attribute[service->attributeNumber].attributeValue == NULL) {
1679 LOG_ERROR("attributeValue is NULL");
1680 return BT_NO_MEMORY;
1681 }
1682 (void)memcpy_s(service->attribute[service->attributeNumber].attributeValue,
1683 length,
1684 buffer + 1 + SDP_UINT16_LENGTH,
1685 length);
1686 offset += length + SDP_UINT16_LENGTH + 1;
1687 break;
1688 case DE_SIZE_VAR_8:
1689 length = buffer[1];
1690 service->attribute[service->attributeNumber].attributeValueLength = length;
1691 service->attribute[service->attributeNumber].attributeValue = MEM_MALLOC.alloc(length);
1692 if (service->attribute[service->attributeNumber].attributeValue == NULL) {
1693 LOG_ERROR("attributeValue is NULL");
1694 return BT_NO_MEMORY;
1695 }
1696 (void)memcpy_s(service->attribute[service->attributeNumber].attributeValue,
1697 length,
1698 buffer + 1 + SDP_UINT8_LENGTH,
1699 length);
1700 offset += length + SDP_UINT8_LENGTH + 1;
1701 break;
1702 default:
1703 return BT_BAD_PARAM;
1704 }
1705 service->attribute[service->attributeNumber].type = SDP_TYPE_TEXT;
1706
1707 return offset;
1708 }
1709
SdpGetAttributeForUrl(uint8_t * buffer,uint8_t size,SdpService * service)1710 static int SdpGetAttributeForUrl(uint8_t *buffer, uint8_t size, SdpService *service)
1711 {
1712 uint16_t offset = 0;
1713 uint16_t length;
1714
1715 if (service->attributeNumber >= SDP_ATTRIBUTE_COUNT) {
1716 return BT_BAD_PARAM;
1717 }
1718 switch (size) {
1719 case DE_SIZE_VAR_8:
1720 length = buffer[1];
1721 service->attribute[service->attributeNumber].attributeValueLength = length;
1722 service->attribute[service->attributeNumber].attributeValue = MEM_MALLOC.alloc(length);
1723 if (service->attribute[service->attributeNumber].attributeValue == NULL) {
1724 LOG_ERROR("attributeValue is NULL");
1725 return BT_NO_MEMORY;
1726 }
1727 (void)memcpy_s(service->attribute[service->attributeNumber].attributeValue,
1728 length,
1729 buffer + 1 + SDP_UINT8_LENGTH,
1730 length);
1731 offset += length + SDP_UINT8_LENGTH + 1;
1732 break;
1733 case DE_SIZE_VAR_16:
1734 length = BE2H_16(*(uint16_t *)(buffer + 1));
1735 service->attribute[service->attributeNumber].attributeValueLength = length;
1736 service->attribute[service->attributeNumber].attributeValue = MEM_MALLOC.alloc(length);
1737 if (service->attribute[service->attributeNumber].attributeValue == NULL) {
1738 LOG_ERROR("attributeValue is NULL");
1739 return BT_NO_MEMORY;
1740 }
1741 (void)memcpy_s(service->attribute[service->attributeNumber].attributeValue,
1742 length,
1743 buffer + 1 + SDP_UINT16_LENGTH,
1744 length);
1745 offset += length + SDP_UINT16_LENGTH + 1;
1746 break;
1747 default:
1748 return BT_BAD_PARAM;
1749 }
1750 service->attribute[service->attributeNumber].type = SDP_TYPE_URL;
1751
1752 return offset;
1753 }
1754
SdpGetAttribute(uint16_t attributeId,BufferInfo * bufferInfo,SdpService * service)1755 static int SdpGetAttribute(uint16_t attributeId, BufferInfo *bufferInfo, SdpService *service)
1756 {
1757 int offset = 0;
1758 // Attribute type
1759 uint8_t type = bufferInfo->buffer[0] >> SDP_DESCRIPTOR_SIZE_BIT;
1760 uint8_t size = bufferInfo->buffer[0] & 0x07;
1761
1762 switch (type) {
1763 case DE_TYPE_UINT:
1764 offset = SdpGetAttributeForUint(bufferInfo->buffer, size, service);
1765 break;
1766 case DE_TYPE_INT:
1767 offset = SdpGetAttributeForInt(bufferInfo->buffer, size, service);
1768 break;
1769 case DE_TYPE_UUID:
1770 offset = SdpGetAttributeForUuid(bufferInfo->buffer, size, service);
1771 break;
1772 case DE_TYPE_STRING:
1773 offset = SdpGetAttributeForString(bufferInfo->buffer, size, service);
1774 break;
1775 case DE_TYPE_BOOL:
1776 offset = SdpGetAttributeForBool(bufferInfo->buffer, size, service);
1777 break;
1778 case DE_TYPE_DES:
1779 case DE_TYPE_DEA:
1780 offset = SdpGetSequenceAttribute(attributeId, bufferInfo, service);
1781 return offset;
1782 case DE_TYPE_URL:
1783 offset = SdpGetAttributeForUrl(bufferInfo->buffer, size, service);
1784 break;
1785 default:
1786 break;
1787 }
1788 if (offset <= 0) {
1789 return BT_BAD_PARAM;
1790 }
1791 service->attribute[service->attributeNumber].attributeId = attributeId;
1792 service->attributeNumber++;
1793
1794 return offset;
1795 }
1796
SdpParseAttributeValue(BufferInfo * bufferInfo,uint16_t attributeId,SdpService * service)1797 static int SdpParseAttributeValue(BufferInfo *bufferInfo, uint16_t attributeId, SdpService *service)
1798 {
1799 int offset;
1800 LOG_INFO("[%{public}s][%{public}d] attributeId [0x%04x]", __FUNCTION__, __LINE__, attributeId);
1801
1802 if (attributeId == SDP_ATTRIBUTE_SERVICE_RECORD_HANDLE) {
1803 offset = SdpGetServiceRecordHandle(bufferInfo, service);
1804 } else if (attributeId == SDP_ATTRIBUTE_SERVICE_CLASS_ID_LIST) {
1805 offset = SdpGetServiceClassIdList(bufferInfo, service);
1806 } else if (attributeId == SDP_ATTRIBUTE_SERVICE_RECORD_STATE) {
1807 offset = SdpGetServiceRecordState(bufferInfo, service);
1808 } else if (attributeId == SDP_ATTRIBUTE_SERVICE_ID) {
1809 offset = SdpGetServiceId(bufferInfo->buffer, service);
1810 } else if (attributeId == SDP_ATTRIBUTE_PROTOCOL_DESCRIPTOR_LIST) {
1811 offset = SdpGetProtocolDescriptorList(bufferInfo, service);
1812 } else if (attributeId == SDP_ATTRIBUTE_ADDITIONAL_PROTOCOL_DESCRIPTOR_LIST) {
1813 offset = SdpGetAdditionalProtocolDescriptorList(bufferInfo, service);
1814 } else if (attributeId == SDP_ATTRIBUTE_BROWSE_GROUP_LIST) {
1815 offset = SdpGetBrowseGroupList(bufferInfo, service);
1816 } else if (attributeId == SDP_ATTRIBUTE_LANGUAGE_BASE_ATTRIBUTE_ID_LIST) {
1817 offset = SdpGetLanguageBaseAttributeIdList(bufferInfo, service);
1818 } else if (attributeId == SDP_ATTRIBUTE_SERVICE_INFO_TIME_TO_LIVE) {
1819 offset = SdpGetServiceInfoTimeToLive(bufferInfo, service);
1820 } else if (attributeId == SDP_ATTRIBUTE_SERVICE_AVAILABILITY) {
1821 offset = SdpGetServiceAvailability(bufferInfo->buffer, service);
1822 } else if (attributeId == SDP_ATTRIBUTE_BLUETOOTH_PROFILE_DESCRIPTOR_LIST) {
1823 offset = SdpGetBluetoothProfileDescriptorList(bufferInfo, service);
1824 } else if (attributeId == SDP_ATTRIBUTE_DOCUMENTATION_URL) {
1825 offset = SdpGetDocumentationUrl(bufferInfo, service);
1826 } else if (attributeId == SDP_ATTRIBUTE_CLIENT_EXECUTABLE_URL) {
1827 offset = SdpGetClientExecutableUrl(bufferInfo, service);
1828 } else if (attributeId == SDP_ATTRIBUTE_ICON_URL) {
1829 offset = SdpGetIconUrl(bufferInfo, service);
1830 } else if (attributeId == (SDP_ATTRIBUTE_PRIMARY_LANGUAGE_BASE + SDP_ATTRIBUTE_SERVICE_NAME)) {
1831 offset = SdpGetServiceName(bufferInfo, service);
1832 } else if (attributeId == (SDP_ATTRIBUTE_PRIMARY_LANGUAGE_BASE + SDP_ATTRIBUTE_DESCRIPTOR)) {
1833 offset = SdpGetServiceDescription(bufferInfo, service);
1834 } else if (attributeId == (SDP_ATTRIBUTE_PRIMARY_LANGUAGE_BASE + SDP_ATTRIBUTE_PROVIDER_NAME)) {
1835 offset = SdpGetProviderName(bufferInfo, service);
1836 } else {
1837 offset = SdpGetAttribute(attributeId, bufferInfo, service);
1838 }
1839 return offset;
1840 }
1841
SdpFreeServiceRemained(SdpService * service)1842 static void SdpFreeServiceRemained(SdpService *service)
1843 {
1844 if (service->serviceName) {
1845 MEM_MALLOC.free(service->serviceName);
1846 service->serviceName = NULL;
1847 }
1848 if (service->serviceDescription) {
1849 MEM_MALLOC.free(service->serviceDescription);
1850 service->serviceDescription = NULL;
1851 }
1852 if (service->providerName) {
1853 MEM_MALLOC.free(service->providerName);
1854 service->providerName = NULL;
1855 }
1856 if (service->attribute) {
1857 for (int i = 0; i < service->attributeNumber; i++) {
1858 if (service->attribute[i].attributeValue) {
1859 MEM_MALLOC.free(service->attribute[i].attributeValue);
1860 service->attribute[i].attributeValue = NULL;
1861 }
1862 }
1863 MEM_MALLOC.free(service->attribute);
1864 service->attribute = NULL;
1865 }
1866 if (service->sequenceAttribute) {
1867 for (int i = 0; i < service->sequenceAttributeNumber; i++) {
1868 if (service->sequenceAttribute[i].attributeValue) {
1869 MEM_MALLOC.free(service->sequenceAttribute[i].attributeValue);
1870 service->sequenceAttribute[i].attributeValue = NULL;
1871 }
1872 }
1873 MEM_MALLOC.free(service->sequenceAttribute);
1874 service->sequenceAttribute = NULL;
1875 }
1876 }
1877
SdpFreeService(SdpService * service)1878 static void SdpFreeService(SdpService *service)
1879 {
1880 if (service->classId) {
1881 MEM_MALLOC.free(service->classId);
1882 service->classId = NULL;
1883 }
1884 if (service->descriptor) {
1885 MEM_MALLOC.free(service->descriptor);
1886 service->descriptor = NULL;
1887 }
1888 if (service->descriptorList) {
1889 MEM_MALLOC.free(service->descriptorList);
1890 service->descriptorList = NULL;
1891 }
1892 if (service->browseUuid) {
1893 MEM_MALLOC.free(service->browseUuid);
1894 service->browseUuid = NULL;
1895 }
1896 if (service->baseAttributeId) {
1897 MEM_MALLOC.free(service->baseAttributeId);
1898 service->baseAttributeId = NULL;
1899 }
1900 if (service->profileDescriptor) {
1901 MEM_MALLOC.free(service->profileDescriptor);
1902 service->profileDescriptor = NULL;
1903 }
1904 if (service->documentationUrl) {
1905 MEM_MALLOC.free(service->documentationUrl);
1906 service->documentationUrl = NULL;
1907 }
1908 if (service->clientExecutableUrl) {
1909 MEM_MALLOC.free(service->clientExecutableUrl);
1910 service->clientExecutableUrl = NULL;
1911 }
1912 if (service->iconUrl) {
1913 MEM_MALLOC.free(service->iconUrl);
1914 service->iconUrl = NULL;
1915 }
1916 SdpFreeServiceRemained(service);
1917 }
1918
SdpFreeServiceArray(SdpService * serviceArray,uint16_t serviceNum)1919 static void SdpFreeServiceArray(SdpService *serviceArray, uint16_t serviceNum)
1920 {
1921 for (int i = 0; i < serviceNum; i++) {
1922 SdpFreeService(&serviceArray[i]);
1923 }
1924 }
1925