1 /******************************************************************************
2 *
3 * Copyright (C) 1999-2012 Broadcom Corporation
4 *
5 * Licensed under the Apache License, Version 2.0 (the "License");
6 * you may not use this file except in compliance with the License.
7 * You may obtain a copy of the License at:
8 *
9 * http://www.apache.org/licenses/LICENSE-2.0
10 *
11 * Unless required by applicable law or agreed to in writing, software
12 * distributed under the License is distributed on an "AS IS" BASIS,
13 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14 * See the License for the specific language governing permissions and
15 * limitations under the License.
16 *
17 ******************************************************************************/
18
19 /******************************************************************************
20 *
21 * This file contains SDP utility functions
22 *
23 ******************************************************************************/
24
25 #include <stdlib.h>
26 #include <string.h>
27 #include <netinet/in.h>
28 #include <stdio.h>
29
30 #include "bt_common.h"
31 #include "bt_types.h"
32
33 #include "l2cdefs.h"
34 #include "hcidefs.h"
35 #include "hcimsgs.h"
36
37 #include "sdp_api.h"
38 #include "sdpint.h"
39
40 #include "btu.h"
41
42
43 static const UINT8 sdp_base_uuid[] = {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x10, 0x00,
44 0x80, 0x00, 0x00, 0x80, 0x5F, 0x9B, 0x34, 0xFB};
45
46 /*******************************************************************************
47 **
48 ** Function sdpu_find_ccb_by_cid
49 **
50 ** Description This function searches the CCB table for an entry with the
51 ** passed CID.
52 **
53 ** Returns the CCB address, or NULL if not found.
54 **
55 *******************************************************************************/
sdpu_find_ccb_by_cid(UINT16 cid)56 tCONN_CB *sdpu_find_ccb_by_cid (UINT16 cid)
57 {
58 UINT16 xx;
59 tCONN_CB *p_ccb;
60
61 /* Look through each connection control block */
62 for (xx = 0, p_ccb = sdp_cb.ccb; xx < SDP_MAX_CONNECTIONS; xx++, p_ccb++)
63 {
64 if ((p_ccb->con_state != SDP_STATE_IDLE) && (p_ccb->connection_id == cid))
65 return (p_ccb);
66 }
67
68 /* If here, not found */
69 return (NULL);
70 }
71
72
73 /*******************************************************************************
74 **
75 ** Function sdpu_find_ccb_by_db
76 **
77 ** Description This function searches the CCB table for an entry with the
78 ** passed discovery db.
79 **
80 ** Returns the CCB address, or NULL if not found.
81 **
82 *******************************************************************************/
sdpu_find_ccb_by_db(tSDP_DISCOVERY_DB * p_db)83 tCONN_CB *sdpu_find_ccb_by_db (tSDP_DISCOVERY_DB *p_db)
84 {
85 #if SDP_CLIENT_ENABLED == TRUE
86 UINT16 xx;
87 tCONN_CB *p_ccb;
88
89 if (p_db)
90 {
91 /* Look through each connection control block */
92 for (xx = 0, p_ccb = sdp_cb.ccb; xx < SDP_MAX_CONNECTIONS; xx++, p_ccb++)
93 {
94 if ((p_ccb->con_state != SDP_STATE_IDLE) && (p_ccb->p_db == p_db))
95 return (p_ccb);
96 }
97 }
98 #endif
99 /* If here, not found */
100 return (NULL);
101 }
102
103
104 /*******************************************************************************
105 **
106 ** Function sdpu_allocate_ccb
107 **
108 ** Description This function allocates a new CCB.
109 **
110 ** Returns CCB address, or NULL if none available.
111 **
112 *******************************************************************************/
sdpu_allocate_ccb(void)113 tCONN_CB *sdpu_allocate_ccb (void)
114 {
115 UINT16 xx;
116 tCONN_CB *p_ccb;
117
118 /* Look through each connection control block for a free one */
119 for (xx = 0, p_ccb = sdp_cb.ccb; xx < SDP_MAX_CONNECTIONS; xx++, p_ccb++)
120 {
121 if (p_ccb->con_state == SDP_STATE_IDLE)
122 {
123 memset(p_ccb, 0, sizeof(tCONN_CB));
124 p_ccb->sdp_conn_timer = alarm_new("sdp.sdp_conn_timer");
125 return (p_ccb);
126 }
127 }
128
129 /* If here, no free CCB found */
130 return (NULL);
131 }
132
133
134 /*******************************************************************************
135 **
136 ** Function sdpu_release_ccb
137 **
138 ** Description This function releases a CCB.
139 **
140 ** Returns void
141 **
142 *******************************************************************************/
sdpu_release_ccb(tCONN_CB * p_ccb)143 void sdpu_release_ccb (tCONN_CB *p_ccb)
144 {
145 /* Ensure timer is stopped */
146 alarm_free(p_ccb->sdp_conn_timer);
147 p_ccb->sdp_conn_timer = NULL;
148
149 /* Drop any response pointer we may be holding */
150 p_ccb->con_state = SDP_STATE_IDLE;
151 #if SDP_CLIENT_ENABLED == TRUE
152 p_ccb->is_attr_search = FALSE;
153 #endif
154
155 /* Free the response buffer */
156 if (p_ccb->rsp_list)
157 SDP_TRACE_DEBUG("releasing SDP rsp_list");
158 osi_free_and_reset((void **)&p_ccb->rsp_list);
159 }
160
161
162 /*******************************************************************************
163 **
164 ** Function sdpu_build_attrib_seq
165 **
166 ** Description This function builds an attribute sequence from the list of
167 ** passed attributes. It is also passed the address of the output
168 ** buffer.
169 **
170 ** Returns Pointer to next byte in the output buffer.
171 **
172 *******************************************************************************/
sdpu_build_attrib_seq(UINT8 * p_out,UINT16 * p_attr,UINT16 num_attrs)173 UINT8 *sdpu_build_attrib_seq (UINT8 *p_out, UINT16 *p_attr, UINT16 num_attrs)
174 {
175 UINT16 xx;
176
177 /* First thing is the data element header. See if the length fits 1 byte */
178 /* If no attributes, assume a 4-byte wildcard */
179 if (!p_attr)
180 xx = 5;
181 else
182 xx = num_attrs * 3;
183
184 if (xx > 255)
185 {
186 UINT8_TO_BE_STREAM (p_out, (DATA_ELE_SEQ_DESC_TYPE << 3) | SIZE_IN_NEXT_WORD);
187 UINT16_TO_BE_STREAM (p_out, xx);
188 }
189 else
190 {
191 UINT8_TO_BE_STREAM (p_out, (DATA_ELE_SEQ_DESC_TYPE << 3) | SIZE_IN_NEXT_BYTE);
192 UINT8_TO_BE_STREAM (p_out, xx);
193 }
194
195 /* If there are no attributes specified, assume caller wants wildcard */
196 if (!p_attr)
197 {
198 UINT8_TO_BE_STREAM (p_out, (UINT_DESC_TYPE << 3) | SIZE_FOUR_BYTES);
199 UINT16_TO_BE_STREAM (p_out, 0);
200 UINT16_TO_BE_STREAM (p_out, 0xFFFF);
201 }
202 else
203 {
204 /* Loop through and put in all the attributes(s) */
205 for (xx = 0; xx < num_attrs; xx++, p_attr++)
206 {
207 UINT8_TO_BE_STREAM (p_out, (UINT_DESC_TYPE << 3) | SIZE_TWO_BYTES);
208 UINT16_TO_BE_STREAM (p_out, *p_attr);
209 }
210 }
211
212 return (p_out);
213 }
214
215
216 /*******************************************************************************
217 **
218 ** Function sdpu_build_attrib_entry
219 **
220 ** Description This function builds an attribute entry from the passed
221 ** attribute record. It is also passed the address of the output
222 ** buffer.
223 **
224 ** Returns Pointer to next byte in the output buffer.
225 **
226 *******************************************************************************/
sdpu_build_attrib_entry(UINT8 * p_out,tSDP_ATTRIBUTE * p_attr)227 UINT8 *sdpu_build_attrib_entry (UINT8 *p_out, tSDP_ATTRIBUTE *p_attr)
228 {
229 /* First, store the attribute ID. Goes as a UINT */
230 UINT8_TO_BE_STREAM (p_out, (UINT_DESC_TYPE << 3) | SIZE_TWO_BYTES);
231 UINT16_TO_BE_STREAM (p_out, p_attr->id);
232
233 /* the attribute is in the db record.
234 * assuming the attribute len is less than SDP_MAX_ATTR_LEN */
235 switch(p_attr->type)
236 {
237 case TEXT_STR_DESC_TYPE: /* 4 */
238 case DATA_ELE_SEQ_DESC_TYPE:/* 6 */
239 case DATA_ELE_ALT_DESC_TYPE:/* 7 */
240 case URL_DESC_TYPE: /* 8 */
241 #if (SDP_MAX_ATTR_LEN > 0xFFFF)
242 if(p_attr->len > 0xFFFF)
243 {
244 UINT8_TO_BE_STREAM (p_out, (p_attr->type << 3) | SIZE_IN_NEXT_LONG);
245 UINT32_TO_BE_STREAM (p_out, p_attr->len);
246 }
247 else
248
249 #endif /* 0xFFFF - 0xFF */
250 #if (SDP_MAX_ATTR_LEN > 0xFF)
251 if(p_attr->len > 0xFF)
252 {
253 UINT8_TO_BE_STREAM (p_out, (p_attr->type << 3) | SIZE_IN_NEXT_WORD);
254 UINT16_TO_BE_STREAM (p_out, p_attr->len);
255 }
256 else
257
258 #endif /* 0xFF and less*/
259 {
260 UINT8_TO_BE_STREAM (p_out, (p_attr->type << 3) | SIZE_IN_NEXT_BYTE);
261 UINT8_TO_BE_STREAM (p_out, p_attr->len);
262 }
263
264 if (p_attr->value_ptr != NULL) {
265 ARRAY_TO_BE_STREAM (p_out, p_attr->value_ptr, (int)p_attr->len);
266 }
267
268 return (p_out);
269 }
270
271 /* Now, store the attribute value */
272 switch (p_attr->len)
273 {
274 case 1:
275 UINT8_TO_BE_STREAM (p_out, (p_attr->type << 3) | SIZE_ONE_BYTE);
276 break;
277 case 2:
278 UINT8_TO_BE_STREAM (p_out, (p_attr->type << 3) | SIZE_TWO_BYTES);
279 break;
280 case 4:
281 UINT8_TO_BE_STREAM (p_out, (p_attr->type << 3) | SIZE_FOUR_BYTES);
282 break;
283 case 8:
284 UINT8_TO_BE_STREAM (p_out, (p_attr->type << 3) | SIZE_EIGHT_BYTES);
285 break;
286 case 16:
287 UINT8_TO_BE_STREAM (p_out, (p_attr->type << 3) | SIZE_SIXTEEN_BYTES);
288 break;
289 default:
290 UINT8_TO_BE_STREAM (p_out, (p_attr->type << 3) | SIZE_IN_NEXT_BYTE);
291 UINT8_TO_BE_STREAM (p_out, p_attr->len);
292 break;
293 }
294
295 if (p_attr->value_ptr != NULL) {
296 ARRAY_TO_BE_STREAM (p_out, p_attr->value_ptr, (int)p_attr->len);
297 }
298
299 return (p_out);
300 }
301
302
303 /*******************************************************************************
304 **
305 ** Function sdpu_build_n_send_error
306 **
307 ** Description This function builds and sends an error packet.
308 **
309 ** Returns void
310 **
311 *******************************************************************************/
sdpu_build_n_send_error(tCONN_CB * p_ccb,UINT16 trans_num,UINT16 error_code,char * p_error_text)312 void sdpu_build_n_send_error (tCONN_CB *p_ccb, UINT16 trans_num, UINT16 error_code, char *p_error_text)
313 {
314 UINT8 *p_rsp, *p_rsp_start, *p_rsp_param_len;
315 UINT16 rsp_param_len;
316 BT_HDR *p_buf = (BT_HDR *)osi_malloc(SDP_DATA_BUF_SIZE);
317
318
319 SDP_TRACE_WARNING ("SDP - sdpu_build_n_send_error code: 0x%x CID: 0x%x",
320 error_code, p_ccb->connection_id);
321
322 /* Send the packet to L2CAP */
323 p_buf->offset = L2CAP_MIN_OFFSET;
324 p_rsp = p_rsp_start = (UINT8 *)(p_buf + 1) + L2CAP_MIN_OFFSET;
325
326 UINT8_TO_BE_STREAM(p_rsp, SDP_PDU_ERROR_RESPONSE);
327 UINT16_TO_BE_STREAM(p_rsp, trans_num);
328
329 /* Skip the parameter length, we need to add it at the end */
330 p_rsp_param_len = p_rsp;
331 p_rsp += 2;
332
333 UINT16_TO_BE_STREAM (p_rsp, error_code);
334
335 /* Unplugfest example traces do not have any error text */
336 if (p_error_text)
337 ARRAY_TO_BE_STREAM(p_rsp, p_error_text, (int)strlen(p_error_text));
338
339 /* Go back and put the parameter length into the buffer */
340 rsp_param_len = p_rsp - p_rsp_param_len - 2;
341 UINT16_TO_BE_STREAM(p_rsp_param_len, rsp_param_len);
342
343 /* Set the length of the SDP data in the buffer */
344 p_buf->len = p_rsp - p_rsp_start;
345
346 /* Send the buffer through L2CAP */
347 L2CA_DataWrite(p_ccb->connection_id, p_buf);
348 }
349
350
351
352 /*******************************************************************************
353 **
354 ** Function sdpu_extract_uid_seq
355 **
356 ** Description This function extracts a UUID sequence from the passed input
357 ** buffer, and puts it into the passed output list.
358 **
359 ** Returns Pointer to next byte in the input buffer after the sequence.
360 **
361 *******************************************************************************/
sdpu_extract_uid_seq(UINT8 * p,UINT16 param_len,tSDP_UUID_SEQ * p_seq)362 UINT8 *sdpu_extract_uid_seq (UINT8 *p, UINT16 param_len, tSDP_UUID_SEQ *p_seq)
363 {
364 UINT8 *p_seq_end;
365 UINT8 descr, type, size;
366 UINT32 seq_len, uuid_len;
367
368 /* Assume none found */
369 p_seq->num_uids = 0;
370
371 /* A UID sequence is composed of a bunch of UIDs. */
372
373 BE_STREAM_TO_UINT8 (descr, p);
374 type = descr >> 3;
375 size = descr & 7;
376
377 if (type != DATA_ELE_SEQ_DESC_TYPE)
378 return (NULL);
379
380 switch (size)
381 {
382 case SIZE_TWO_BYTES:
383 seq_len = 2;
384 break;
385 case SIZE_FOUR_BYTES:
386 seq_len = 4;
387 break;
388 case SIZE_SIXTEEN_BYTES:
389 seq_len = 16;
390 break;
391 case SIZE_IN_NEXT_BYTE:
392 BE_STREAM_TO_UINT8 (seq_len, p);
393 break;
394 case SIZE_IN_NEXT_WORD:
395 BE_STREAM_TO_UINT16 (seq_len, p);
396 break;
397 case SIZE_IN_NEXT_LONG:
398 BE_STREAM_TO_UINT32 (seq_len, p);
399 break;
400 default:
401 return (NULL);
402 }
403
404 if (seq_len >= param_len)
405 return (NULL);
406
407 p_seq_end = p + seq_len;
408
409 /* Loop through, extracting the UIDs */
410 for ( ; p < p_seq_end ; )
411 {
412 BE_STREAM_TO_UINT8 (descr, p);
413 type = descr >> 3;
414 size = descr & 7;
415
416 if (type != UUID_DESC_TYPE)
417 return (NULL);
418
419 switch (size)
420 {
421 case SIZE_TWO_BYTES:
422 uuid_len = 2;
423 break;
424 case SIZE_FOUR_BYTES:
425 uuid_len = 4;
426 break;
427 case SIZE_SIXTEEN_BYTES:
428 uuid_len = 16;
429 break;
430 case SIZE_IN_NEXT_BYTE:
431 BE_STREAM_TO_UINT8 (uuid_len, p);
432 break;
433 case SIZE_IN_NEXT_WORD:
434 BE_STREAM_TO_UINT16 (uuid_len, p);
435 break;
436 case SIZE_IN_NEXT_LONG:
437 BE_STREAM_TO_UINT32 (uuid_len, p);
438 break;
439 default:
440 return (NULL);
441 }
442
443 /* If UUID length is valid, copy it across */
444 if ((uuid_len == 2) || (uuid_len == 4) || (uuid_len == 16))
445 {
446 p_seq->uuid_entry[p_seq->num_uids].len = (UINT16) uuid_len;
447 BE_STREAM_TO_ARRAY (p, p_seq->uuid_entry[p_seq->num_uids].value, (int)uuid_len);
448 p_seq->num_uids++;
449 }
450 else
451 return (NULL);
452
453 /* We can only do so many */
454 if (p_seq->num_uids >= MAX_UUIDS_PER_SEQ)
455 return (NULL);
456 }
457
458 if (p != p_seq_end)
459 return (NULL);
460
461 return (p);
462 }
463
464
465
466 /*******************************************************************************
467 **
468 ** Function sdpu_extract_attr_seq
469 **
470 ** Description This function extracts an attribute sequence from the passed
471 ** input buffer, and puts it into the passed output list.
472 **
473 ** Returns Pointer to next byte in the input buffer after the sequence.
474 **
475 *******************************************************************************/
sdpu_extract_attr_seq(UINT8 * p,UINT16 param_len,tSDP_ATTR_SEQ * p_seq)476 UINT8 *sdpu_extract_attr_seq (UINT8 *p, UINT16 param_len, tSDP_ATTR_SEQ *p_seq)
477 {
478 UINT8 *p_end_list;
479 UINT8 descr, type, size;
480 UINT32 list_len, attr_len;
481
482 /* Assume none found */
483 p_seq->num_attr = 0;
484
485 /* Get attribute sequence info */
486 BE_STREAM_TO_UINT8 (descr, p);
487 type = descr >> 3;
488 size = descr & 7;
489
490 if (type != DATA_ELE_SEQ_DESC_TYPE)
491 return (p);
492
493 switch (size)
494 {
495 case SIZE_IN_NEXT_BYTE:
496 BE_STREAM_TO_UINT8 (list_len, p);
497 break;
498
499 case SIZE_IN_NEXT_WORD:
500 BE_STREAM_TO_UINT16 (list_len, p);
501 break;
502
503 case SIZE_IN_NEXT_LONG:
504 BE_STREAM_TO_UINT32 (list_len, p);
505 break;
506
507 default:
508 return (p);
509 }
510
511 if (list_len > param_len)
512 return (p);
513
514 p_end_list = p + list_len;
515
516 /* Loop through, extracting the attribute IDs */
517 for ( ; p < p_end_list ; )
518 {
519 BE_STREAM_TO_UINT8 (descr, p);
520 type = descr >> 3;
521 size = descr & 7;
522
523 if (type != UINT_DESC_TYPE)
524 return (p);
525
526 switch (size)
527 {
528 case SIZE_TWO_BYTES:
529 attr_len = 2;
530 break;
531 case SIZE_FOUR_BYTES:
532 attr_len = 4;
533 break;
534 case SIZE_IN_NEXT_BYTE:
535 BE_STREAM_TO_UINT8 (attr_len, p);
536 break;
537 case SIZE_IN_NEXT_WORD:
538 BE_STREAM_TO_UINT16 (attr_len, p);
539 break;
540 case SIZE_IN_NEXT_LONG:
541 BE_STREAM_TO_UINT32 (attr_len, p);
542 break;
543 default:
544 return (NULL);
545 break;
546 }
547
548 /* Attribute length must be 2-bytes or 4-bytes for a paired entry. */
549 if (attr_len == 2)
550 {
551 BE_STREAM_TO_UINT16 (p_seq->attr_entry[p_seq->num_attr].start, p);
552 p_seq->attr_entry[p_seq->num_attr].end = p_seq->attr_entry[p_seq->num_attr].start;
553 }
554 else if (attr_len == 4)
555 {
556 BE_STREAM_TO_UINT16 (p_seq->attr_entry[p_seq->num_attr].start, p);
557 BE_STREAM_TO_UINT16 (p_seq->attr_entry[p_seq->num_attr].end, p);
558 }
559 else
560 return (NULL);
561
562 /* We can only do so many */
563 if (++p_seq->num_attr >= MAX_ATTR_PER_SEQ)
564 return (NULL);
565 }
566
567 return (p);
568 }
569
570
571 /*******************************************************************************
572 **
573 ** Function sdpu_get_len_from_type
574 **
575 ** Description This function gets the length
576 **
577 ** Returns void
578 **
579 *******************************************************************************/
sdpu_get_len_from_type(UINT8 * p,UINT8 type,UINT32 * p_len)580 UINT8 *sdpu_get_len_from_type (UINT8 *p, UINT8 type, UINT32 *p_len)
581 {
582 UINT8 u8;
583 UINT16 u16;
584 UINT32 u32;
585
586 switch (type & 7)
587 {
588 case SIZE_ONE_BYTE:
589 *p_len = 1;
590 break;
591 case SIZE_TWO_BYTES:
592 *p_len = 2;
593 break;
594 case SIZE_FOUR_BYTES:
595 *p_len = 4;
596 break;
597 case SIZE_EIGHT_BYTES:
598 *p_len = 8;
599 break;
600 case SIZE_SIXTEEN_BYTES:
601 *p_len = 16;
602 break;
603 case SIZE_IN_NEXT_BYTE:
604 BE_STREAM_TO_UINT8 (u8, p);
605 *p_len = u8;
606 break;
607 case SIZE_IN_NEXT_WORD:
608 BE_STREAM_TO_UINT16 (u16, p);
609 *p_len = u16;
610 break;
611 case SIZE_IN_NEXT_LONG:
612 BE_STREAM_TO_UINT32 (u32, p);
613 *p_len = (UINT16) u32;
614 break;
615 }
616
617 return (p);
618 }
619
620
621 /*******************************************************************************
622 **
623 ** Function sdpu_is_base_uuid
624 **
625 ** Description This function checks a 128-bit UUID with the base to see if
626 ** it matches. Only the last 12 bytes are compared.
627 **
628 ** Returns TRUE if matched, else FALSE
629 **
630 *******************************************************************************/
sdpu_is_base_uuid(UINT8 * p_uuid)631 BOOLEAN sdpu_is_base_uuid (UINT8 *p_uuid)
632 {
633 UINT16 xx;
634
635 for (xx = 4; xx < MAX_UUID_SIZE; xx++)
636 if (p_uuid[xx] != sdp_base_uuid[xx])
637 return (FALSE);
638
639 /* If here, matched */
640 return (TRUE);
641 }
642
643
644 /*******************************************************************************
645 **
646 ** Function sdpu_compare_uuid_arrays
647 **
648 ** Description This function compares 2 BE UUIDs. If needed, they are expanded
649 ** to 128-bit UUIDs, then compared.
650 **
651 ** NOTE it is assumed that the arrays are in Big Endian format
652 **
653 ** Returns TRUE if matched, else FALSE
654 **
655 *******************************************************************************/
sdpu_compare_uuid_arrays(UINT8 * p_uuid1,UINT32 len1,UINT8 * p_uuid2,UINT16 len2)656 BOOLEAN sdpu_compare_uuid_arrays (UINT8 *p_uuid1, UINT32 len1, UINT8 *p_uuid2, UINT16 len2)
657 {
658 UINT8 nu1[MAX_UUID_SIZE];
659 UINT8 nu2[MAX_UUID_SIZE];
660
661 if( ((len1 != 2) && (len1 != 4) && (len1 != 16)) ||
662 ((len2 != 2) && (len2 != 4) && (len2 != 16)) )
663 {
664 SDP_TRACE_ERROR("%s: invalid length", __func__);
665 return FALSE;
666 }
667
668 /* If lengths match, do a straight compare */
669 if (len1 == len2)
670 {
671 if (len1 == 2)
672 return ((p_uuid1[0] == p_uuid2[0]) && (p_uuid1[1] == p_uuid2[1]));
673 if (len1 == 4)
674 return ( (p_uuid1[0] == p_uuid2[0]) && (p_uuid1[1] == p_uuid2[1])
675 && (p_uuid1[2] == p_uuid2[2]) && (p_uuid1[3] == p_uuid2[3]) );
676 else
677 return (memcmp (p_uuid1, p_uuid2, (size_t)len1) == 0);
678 }
679 else if (len1 > len2)
680 {
681 /* If the len1 was 4-byte, (so len2 is 2-byte), compare on the fly */
682 if (len1 == 4)
683 {
684 return ( (p_uuid1[0] == 0) && (p_uuid1[1] == 0)
685 && (p_uuid1[2] == p_uuid2[0]) && (p_uuid1[3] == p_uuid2[1]) );
686 }
687 else
688 {
689 /* Normalize UUIDs to 16-byte form, then compare. Len1 must be 16 */
690 memcpy (nu1, p_uuid1, MAX_UUID_SIZE);
691 memcpy (nu2, sdp_base_uuid, MAX_UUID_SIZE);
692
693 if (len2 == 4)
694 memcpy (nu2, p_uuid2, len2);
695 else if (len2 == 2)
696 memcpy (nu2 + 2, p_uuid2, len2);
697
698 return (memcmp (nu1, nu2, MAX_UUID_SIZE) == 0);
699 }
700 }
701 else
702 {
703 /* len2 is greater than len1 */
704 /* If the len2 was 4-byte, (so len1 is 2-byte), compare on the fly */
705 if (len2 == 4)
706 {
707 return ( (p_uuid2[0] == 0) && (p_uuid2[1] == 0)
708 && (p_uuid2[2] == p_uuid1[0]) && (p_uuid2[3] == p_uuid1[1]) );
709 }
710 else
711 {
712 /* Normalize UUIDs to 16-byte form, then compare. Len1 must be 16 */
713 memcpy (nu2, p_uuid2, MAX_UUID_SIZE);
714 memcpy (nu1, sdp_base_uuid, MAX_UUID_SIZE);
715
716 if (len1 == 4)
717 memcpy (nu1, p_uuid1, (size_t)len1);
718 else if (len1 == 2)
719 memcpy (nu1 + 2, p_uuid1, (size_t)len1);
720
721 return (memcmp (nu1, nu2, MAX_UUID_SIZE) == 0);
722 }
723 }
724 }
725
726
727 /*******************************************************************************
728 **
729 ** Function sdpu_compare_bt_uuids
730 **
731 ** Description This function compares 2 BT UUID structures.
732 **
733 ** NOTE it is assumed that BT UUID structures are compressed to the
734 ** smallest possible UUIDs (by removing the base SDP UUID)
735 **
736 ** Returns TRUE if matched, else FALSE
737 **
738 *******************************************************************************/
sdpu_compare_bt_uuids(tBT_UUID * p_uuid1,tBT_UUID * p_uuid2)739 BOOLEAN sdpu_compare_bt_uuids (tBT_UUID *p_uuid1, tBT_UUID *p_uuid2)
740 {
741 /* Lengths must match for BT UUIDs to match */
742 if (p_uuid1->len == p_uuid2->len)
743 {
744 if (p_uuid1->len == 2)
745 return (p_uuid1->uu.uuid16 == p_uuid2->uu.uuid16);
746 else if (p_uuid1->len == 4)
747 return (p_uuid1->uu.uuid32 == p_uuid2->uu.uuid32);
748 else if (!memcmp (p_uuid1->uu.uuid128, p_uuid2->uu.uuid128, 16))
749 return (TRUE);
750 }
751
752 return (FALSE);
753 }
754
755
756 /*******************************************************************************
757 **
758 ** Function sdpu_compare_uuid_with_attr
759 **
760 ** Description This function compares a BT UUID structure with the UUID in an
761 ** SDP attribute record. If needed, they are expanded to 128-bit
762 ** UUIDs, then compared.
763 **
764 ** NOTE - it is assumed that BT UUID structures are compressed to the
765 ** smallest possible UUIDs (by removing the base SDP UUID).
766 ** - it is also assumed that the discovery atribute is compressed
767 ** to the smallest possible
768 **
769 ** Returns TRUE if matched, else FALSE
770 **
771 *******************************************************************************/
sdpu_compare_uuid_with_attr(tBT_UUID * p_btuuid,tSDP_DISC_ATTR * p_attr)772 BOOLEAN sdpu_compare_uuid_with_attr (tBT_UUID *p_btuuid, tSDP_DISC_ATTR *p_attr)
773 {
774 UINT16 attr_len = SDP_DISC_ATTR_LEN (p_attr->attr_len_type);
775
776 /* Since both UUIDs are compressed, lengths must match */
777 if (p_btuuid->len != attr_len)
778 return (FALSE);
779
780 if (p_btuuid->len == 2)
781 return (BOOLEAN)(p_btuuid->uu.uuid16 == p_attr->attr_value.v.u16);
782 else if (p_btuuid->len == 4)
783 return (BOOLEAN)(p_btuuid->uu.uuid32 == p_attr->attr_value.v.u32);
784 /* coverity[overrun-buffer-arg] */
785 /*
786 Event overrun-buffer-arg: Overrun of static array "&p_attr->attr_value.v.array" of size 4 bytes by passing it to a function which indexes it with argument "16U" at byte position 15
787 FALSE-POSITIVE error from Coverity test tool. Please do NOT remove following comment.
788 False-positive: SDP uses scratch buffer to hold the attribute value.
789 The actual size of tSDP_DISC_ATVAL does not matter.
790 If the array size in tSDP_DISC_ATVAL is increase, we would increase the system RAM usage unnecessarily
791 */
792 else if (!memcmp (p_btuuid->uu.uuid128,(void*) p_attr->attr_value.v.array, MAX_UUID_SIZE))
793 return (TRUE);
794
795 return (FALSE);
796 }
797
798 /*******************************************************************************
799 **
800 ** Function sdpu_sort_attr_list
801 **
802 ** Description sorts a list of attributes in numeric order from lowest to
803 ** highest to conform to SDP specification
804 **
805 ** Returns void
806 **
807 *******************************************************************************/
sdpu_sort_attr_list(UINT16 num_attr,tSDP_DISCOVERY_DB * p_db)808 void sdpu_sort_attr_list( UINT16 num_attr, tSDP_DISCOVERY_DB *p_db )
809 {
810 UINT16 i;
811 UINT16 x;
812
813 /* Done if no attributes to sort */
814 if (num_attr <= 1)
815 {
816 return;
817 }
818 else if (num_attr > SDP_MAX_ATTR_FILTERS)
819 {
820 num_attr = SDP_MAX_ATTR_FILTERS;
821 }
822
823 num_attr--; /* for the for-loop */
824 for( i = 0; i < num_attr; )
825 {
826 if( p_db->attr_filters[i] > p_db->attr_filters[i+1] )
827 {
828 /* swap the attribute IDs and start from the beginning */
829 x = p_db->attr_filters[i];
830 p_db->attr_filters[i] = p_db->attr_filters[i+1];
831 p_db->attr_filters[i+1] = x;
832
833 i = 0;
834 }
835 else
836 i++;
837 }
838 }
839
840
841 /*******************************************************************************
842 **
843 ** Function sdpu_get_list_len
844 **
845 ** Description gets the total list length in the sdp database for a given
846 ** uid sequence and attr sequence
847 **
848 ** Returns void
849 **
850 *******************************************************************************/
sdpu_get_list_len(tSDP_UUID_SEQ * uid_seq,tSDP_ATTR_SEQ * attr_seq)851 UINT16 sdpu_get_list_len(tSDP_UUID_SEQ *uid_seq, tSDP_ATTR_SEQ *attr_seq)
852 {
853 tSDP_RECORD *p_rec;
854 UINT16 len = 0;
855 UINT16 len1;
856
857 for (p_rec = sdp_db_service_search (NULL, uid_seq); p_rec; p_rec = sdp_db_service_search (p_rec, uid_seq))
858 {
859 len += 3;
860
861 len1 = sdpu_get_attrib_seq_len(p_rec, attr_seq );
862
863 if (len1 != 0)
864 len += len1;
865 else
866 len -= 3;
867 }
868 return len;
869 }
870
871 /*******************************************************************************
872 **
873 ** Function sdpu_get_attrib_seq_len
874 **
875 ** Description gets the length of the specific attributes in a given
876 ** sdp record
877 **
878 ** Returns void
879 **
880 *******************************************************************************/
sdpu_get_attrib_seq_len(tSDP_RECORD * p_rec,tSDP_ATTR_SEQ * attr_seq)881 UINT16 sdpu_get_attrib_seq_len(tSDP_RECORD *p_rec, tSDP_ATTR_SEQ *attr_seq)
882 {
883 tSDP_ATTRIBUTE *p_attr;
884 UINT16 len1 = 0;
885 UINT16 xx;
886 BOOLEAN is_range = FALSE;
887 UINT16 start_id=0, end_id=0;
888
889 for (xx = 0; xx < attr_seq->num_attr; xx++)
890 {
891 if (is_range == FALSE)
892 {
893 start_id = attr_seq->attr_entry[xx].start;
894 end_id = attr_seq->attr_entry[xx].end;
895 }
896 p_attr = sdp_db_find_attr_in_rec (p_rec,
897 start_id,
898 end_id);
899 if (p_attr)
900 {
901 len1 += sdpu_get_attrib_entry_len (p_attr);
902
903 /* If doing a range, stick with this one till no more attributes found */
904 if (start_id != end_id)
905 {
906 /* Update for next time through */
907 start_id = p_attr->id + 1;
908 xx--;
909 is_range = TRUE;
910 }
911 else
912 is_range = FALSE;
913 }
914 else
915 is_range = FALSE;
916 }
917 return len1;
918 }
919
920 /*******************************************************************************
921 **
922 ** Function sdpu_get_attrib_entry_len
923 **
924 ** Description gets the length of a specific attribute
925 **
926 ** Returns void
927 **
928 *******************************************************************************/
sdpu_get_attrib_entry_len(tSDP_ATTRIBUTE * p_attr)929 UINT16 sdpu_get_attrib_entry_len(tSDP_ATTRIBUTE *p_attr)
930 {
931 UINT16 len = 3;
932
933 /* the attribute is in the db record.
934 * assuming the attribute len is less than SDP_MAX_ATTR_LEN */
935 switch(p_attr->type)
936 {
937 case TEXT_STR_DESC_TYPE: /* 4 */
938 case DATA_ELE_SEQ_DESC_TYPE:/* 6 */
939 case DATA_ELE_ALT_DESC_TYPE:/* 7 */
940 case URL_DESC_TYPE: /* 8 */
941 #if (SDP_MAX_ATTR_LEN > 0xFFFF)
942 if(p_attr->len > 0xFFFF)
943 {
944 len += 5;
945 }
946 else
947
948 #endif/* 0xFFFF - 0xFF */
949 #if (SDP_MAX_ATTR_LEN > 0xFF)
950 if(p_attr->len > 0xFF)
951 {
952 len += 3;
953 }
954 else
955
956 #endif /* 0xFF and less*/
957 {
958 len += 2;
959 }
960 len += p_attr->len;
961 return len;
962 }
963
964 /* Now, the attribute value */
965 switch (p_attr->len)
966 {
967 case 1:
968 case 2:
969 case 4:
970 case 8:
971 case 16:
972 len += 1;
973 break;
974 default:
975 len += 2;
976 break;
977 }
978
979 len += p_attr->len;
980 return len;
981 }
982
983
984 /*******************************************************************************
985 **
986 ** Function sdpu_build_partial_attrib_entry
987 **
988 ** Description This function fills a buffer with partial attribute. It is
989 ** assumed that the maximum size of any attribute is 256 bytes.
990 **
991 ** p_out: output buffer
992 ** p_attr: attribute to be copied partially into p_out
993 ** rem_len: num bytes to copy into p_out
994 ** offset: current start offset within the attr that needs to be copied
995 **
996 ** Returns Pointer to next byte in the output buffer.
997 ** offset is also updated
998 **
999 *******************************************************************************/
sdpu_build_partial_attrib_entry(UINT8 * p_out,tSDP_ATTRIBUTE * p_attr,UINT16 len,UINT16 * offset)1000 UINT8 *sdpu_build_partial_attrib_entry (UINT8 *p_out, tSDP_ATTRIBUTE *p_attr, UINT16 len, UINT16 *offset)
1001 {
1002 UINT8 *p_attr_buff = (UINT8 *)osi_malloc(sizeof(UINT8) * SDP_MAX_ATTR_LEN);
1003 sdpu_build_attrib_entry(p_attr_buff, p_attr);
1004
1005 UINT16 attr_len = sdpu_get_attrib_entry_len(p_attr);
1006
1007 if (len > SDP_MAX_ATTR_LEN)
1008 {
1009 SDP_TRACE_ERROR("%s len %d exceeds SDP_MAX_ATTR_LEN", __func__, len);
1010 len = SDP_MAX_ATTR_LEN;
1011 }
1012
1013 size_t len_to_copy = ((attr_len - *offset) < len) ? (attr_len - *offset) : len;
1014 memcpy(p_out, &p_attr_buff[*offset], len_to_copy);
1015
1016 p_out = &p_out[len_to_copy];
1017 *offset += len_to_copy;
1018
1019 osi_free(p_attr_buff);
1020 return p_out;
1021 }
1022
1023 /*******************************************************************************
1024 **
1025 ** Function sdpu_uuid16_to_uuid128
1026 **
1027 ** Description This function converts UUID-16 to UUID-128 by including the base UUID
1028 **
1029 ** uuid16: 2-byte UUID
1030 ** p_uuid128: Expanded 128-bit UUID
1031 **
1032 ** Returns None
1033 **
1034 *******************************************************************************/
sdpu_uuid16_to_uuid128(UINT16 uuid16,UINT8 * p_uuid128)1035 void sdpu_uuid16_to_uuid128(UINT16 uuid16, UINT8* p_uuid128)
1036 {
1037 UINT16 uuid16_bo;
1038 memset(p_uuid128, 0, 16);
1039
1040 memcpy(p_uuid128, sdp_base_uuid, MAX_UUID_SIZE);
1041 uuid16_bo = ntohs(uuid16);
1042 memcpy(p_uuid128+ 2, &uuid16_bo, sizeof(uint16_t));
1043 }
1044