fix(bt): Fixed SDP record integrity check bug

xiongweichao · xiongweichao · commit bc23851be7a0 · 2025-02-12T10:55:25.000+08:00
diff --git a/components/bt/host/bluedroid/api/esp_sdp_api.c b/components/bt/host/bluedroid/api/esp_sdp_api.c
@@ -1,5 +1,5 @@
 /*
- * SPDX-FileCopyrightText: 2015-2024 Espressif Systems (Shanghai) CO LTD
+ * SPDX-FileCopyrightText: 2015-2025 Espressif Systems (Shanghai) CO LTD
  *
  * SPDX-License-Identifier: Apache-2.0
  */
@@ -21,6 +21,10 @@ static bool esp_sdp_record_integrity_check(esp_bluetooth_sdp_record_t *record)
     bool ret = true;
 
     if (record != NULL) {
+        if (record->hdr.type < ESP_SDP_TYPE_RAW || record->hdr.type > ESP_SDP_TYPE_DIP_SERVER) {
+            LOG_ERROR("Invalid type!\n");
+            return false;
+        }
         switch (record->hdr.type) {
         case ESP_SDP_TYPE_DIP_SERVER:
             if (record->dip.vendor_id_source != ESP_SDP_VENDOR_ID_SRC_BT &&
@@ -43,12 +47,14 @@ static bool esp_sdp_record_integrity_check(esp_bluetooth_sdp_record_t *record)
             break;
 
         default:
+            break;
+        }
+        if (record->hdr.type != ESP_SDP_TYPE_DIP_SERVER) {
             if (record->hdr.service_name_length > ESP_SDP_SERVER_NAME_MAX ||
                 strlen(record->hdr.service_name) + 1 != record->hdr.service_name_length) {
                 LOG_ERROR("Invalid server name!\n");
                 ret = false;
             }
-            break;
         }
     } else {
         LOG_ERROR("record is NULL!\n");
