From 3f82313693ce503547073183f2dbcf8cd529a7fe Mon Sep 17 00:00:00 2001 From: fireknight-hJ <1290208782@qq.com> Date: Sun, 3 Dec 2023 22:17:32 +0800 Subject: [PATCH 1/2] fix vulnerability in BLE cordio --- .../source/cordio/stack_adaptation/hci_tr.c | 12 +++++++++++- 1 file changed, 11 insertions(+), 1 deletion(-) diff --git a/connectivity/FEATURE_BLE/source/cordio/stack_adaptation/hci_tr.c b/connectivity/FEATURE_BLE/source/cordio/stack_adaptation/hci_tr.c index 9245499fa19..81e9bbd4ed5 100644 --- a/connectivity/FEATURE_BLE/source/cordio/stack_adaptation/hci_tr.c +++ b/connectivity/FEATURE_BLE/source/cordio/stack_adaptation/hci_tr.c @@ -170,8 +170,18 @@ void hciTrSerialRxIncoming(uint8_t *pBuf, uint8_t len) hdrLen = HCI_EVT_HDR_LEN; break; default: - /* invalid packet type */ + /** + * invalid packet type + * + * fix: Simply employing WSF_ASSERT in the event of + * an "invalid packet type" is not reasonable. + * Instead, it is advisable to discard this data packet, + * exit the packet processing function, + * and adjust the stateRx back to HCI_RX_STATE_IDLE. + */ + stateRx = HCI_RX_STATE_IDLE; WSF_ASSERT(0); + return; break; } From 0cf98f6f95c70d63f36780959fb4394807ac1838 Mon Sep 17 00:00:00 2001 From: fireknight-hJ <1290208782@qq.com> Date: Sun, 3 Dec 2023 22:17:32 +0800 Subject: [PATCH 2/2] fix vulnerability in BLE cordio Delete 'break' --- connectivity/FEATURE_BLE/source/cordio/stack_adaptation/hci_tr.c | 1 - 1 file changed, 1 deletion(-) diff --git a/connectivity/FEATURE_BLE/source/cordio/stack_adaptation/hci_tr.c b/connectivity/FEATURE_BLE/source/cordio/stack_adaptation/hci_tr.c index 81e9bbd4ed5..7663276ec5b 100644 --- a/connectivity/FEATURE_BLE/source/cordio/stack_adaptation/hci_tr.c +++ b/connectivity/FEATURE_BLE/source/cordio/stack_adaptation/hci_tr.c @@ -182,7 +182,6 @@ void hciTrSerialRxIncoming(uint8_t *pBuf, uint8_t len) stateRx = HCI_RX_STATE_IDLE; WSF_ASSERT(0); return; - break; } /* see if entire header has been read */