Skip to content

Commit 3ffe117

Browse files
alxelaxalxelax
committed
[nrf fromtree] bluetooth: mesh: improve oob size checking
Commit improves oob size checking to catch wrong size as early as possible and prevents zero size. Signed-off-by: Aleksandr Khromykh <[email protected]> (cherry picked from commit 666950e) Signed-off-by: Aleksandr Khromykh <[email protected]>
1 parent e98bcbf commit 3ffe117

File tree

1 file changed

+12
-11
lines changed

1 file changed

+12
-11
lines changed

subsys/bluetooth/mesh/prov.c

Lines changed: 12 additions & 11 deletions
Original file line numberDiff line numberDiff line change
@@ -96,7 +96,7 @@ static int check_output_auth(bt_mesh_output_action_t output, uint8_t size)
9696
return -EINVAL;
9797
}
9898

99-
if (size > bt_mesh_prov->output_size) {
99+
if (size > bt_mesh_prov->output_size || size == 0) {
100100
return -EINVAL;
101101
}
102102

@@ -113,7 +113,7 @@ static int check_input_auth(bt_mesh_input_action_t input, uint8_t size)
113113
return -EINVAL;
114114
}
115115

116-
if (size > bt_mesh_prov->input_size) {
116+
if (size > bt_mesh_prov->input_size || size == 0) {
117117
return -EINVAL;
118118
}
119119

@@ -176,6 +176,8 @@ int bt_mesh_prov_auth(bool is_provisioner, uint8_t method, uint8_t action, uint8
176176
uint8_t auth_size = bt_mesh_prov_auth_size_get();
177177
int err;
178178

179+
size = MIN(size, PROV_IO_OOB_SIZE_MAX);
180+
179181
switch (method) {
180182
case AUTH_METHOD_NO_OOB:
181183
if (action || size) {
@@ -195,6 +197,10 @@ int bt_mesh_prov_auth(bool is_provisioner, uint8_t method, uint8_t action, uint8
195197

196198
case AUTH_METHOD_OUTPUT:
197199
output = output_action(action);
200+
err = check_output_auth(output, size);
201+
if (err) {
202+
return err;
203+
}
198204

199205
if (is_provisioner) {
200206
if (output == BT_MESH_DISPLAY_STRING) {
@@ -208,10 +214,6 @@ int bt_mesh_prov_auth(bool is_provisioner, uint8_t method, uint8_t action, uint8
208214
return bt_mesh_prov->input(input, size);
209215
}
210216

211-
err = check_output_auth(output, size);
212-
if (err) {
213-
return err;
214-
}
215217

216218
if (output == BT_MESH_DISPLAY_STRING) {
217219
char str[9];
@@ -227,13 +229,12 @@ int bt_mesh_prov_auth(bool is_provisioner, uint8_t method, uint8_t action, uint8
227229

228230
case AUTH_METHOD_INPUT:
229231
input = input_action(action);
232+
err = check_input_auth(input, size);
233+
if (err) {
234+
return err;
235+
}
230236

231237
if (!is_provisioner) {
232-
err = check_input_auth(input, size);
233-
if (err) {
234-
return err;
235-
}
236-
237238
if (input == BT_MESH_ENTER_STRING) {
238239
atomic_set_bit(bt_mesh_prov_link.flags, WAIT_STRING);
239240
} else {

0 commit comments

Comments
 (0)