usr.sbin/bluetooth/sdpd/ssar.c

   1 /*-
   2  * ssar.c
   3  *
   4  * SPDX-License-Identifier: BSD-2-Clause-FreeBSD
   5  *
   6  * Copyright (c) 2004 Maksim Yevmenkin <m_evmenkin@yahoo.com>
   7  * All rights reserved.
   8  *
   9  * Redistribution and use in source and binary forms, with or without
  10  * modification, are permitted provided that the following conditions
  11  * are met:
  12  * 1. Redistributions of source code must retain the above copyright
  13  *    notice, this list of conditions and the following disclaimer.
  14  * 2. Redistributions in binary form must reproduce the above copyright
  15  *    notice, this list of conditions and the following disclaimer in the
  16  *    documentation and/or other materials provided with the distribution.
  17  *
  18  * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
  19  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
  20  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
  21  * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
  22  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
  23  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
  24  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
  25  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
  26  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  27  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  28  * SUCH DAMAGE.
  29  *
  30  * $Id: ssar.c,v 1.4 2004/01/12 22:54:31 max Exp $
  31  * $FreeBSD$
  32  */
  33
  34 #include <sys/queue.h>
  35 #define L2CAP_SOCKET_CHECKED
  36 #include <bluetooth.h>
  37 #include <sdp.h>
  38 #include <string.h>
  39 #include "profile.h"
  40 #include "provider.h"
  41 #include "server.h"
  42 #include "uuid-private.h"
  43
  44 /* from sar.c */
  45 int32_t server_prepare_attr_list(provider_p const provider,
  46                 uint8_t const *req, uint8_t const * const req_end,
  47                 uint8_t *rsp, uint8_t const * const rsp_end);
  48
  49 /*
  50  * Scan an attribute for matching UUID.
  51  */
  52 static int
  53 server_search_uuid_sub(uint8_t *buf, uint8_t const * const eob, const uint128_t *uuid)
  54 {
  55         int128_t duuid;
  56         uint32_t value;
  57         uint8_t type;
  58
  59         while (buf < eob) {
  60
  61                 SDP_GET8(type, buf);
  62
  63                 switch (type) {
  64                 case SDP_DATA_UUID16:
  65                         if (buf + 2 > eob)
  66                                 continue;
  67                         SDP_GET16(value, buf);
  68
  69                         memcpy(&duuid, &uuid_base, sizeof(duuid));
  70                         duuid.b[2] = value >> 8 & 0xff;
  71                         duuid.b[3] = value & 0xff;
  72
  73                         if (memcmp(&duuid, uuid, sizeof(duuid)) == 0)
  74                                 return (0);
  75                         break;
  76                 case SDP_DATA_UUID32:
  77                         if (buf + 4 > eob)
  78                                 continue;
  79                         SDP_GET32(value, buf);
  80                         memcpy(&duuid, &uuid_base, sizeof(duuid));
  81                         duuid.b[0] = value >> 24 & 0xff;
  82                         duuid.b[1] = value >> 16 & 0xff;
  83                         duuid.b[2] = value >> 8 & 0xff;
  84                         duuid.b[3] = value & 0xff;
  85
  86                         if (memcmp(&duuid, uuid, sizeof(duuid)) == 0)
  87                                 return (0);
  88                         break;
  89                 case SDP_DATA_UUID128:
  90                         if (buf + 16 > eob)
  91                                 continue;
  92                         SDP_GET_UUID128(&duuid, buf);
  93
  94                         if (memcmp(&duuid, uuid, sizeof(duuid)) == 0)
  95                                 return (0);
  96                         break;
  97                 case SDP_DATA_UINT8:
  98                 case SDP_DATA_INT8:
  99                 case SDP_DATA_SEQ8:
 100                         buf++;
 101                         break;
 102                 case SDP_DATA_UINT16:
 103                 case SDP_DATA_INT16:
 104                 case SDP_DATA_SEQ16:
 105                         buf += 2;
 106                         break;
 107                 case SDP_DATA_UINT32:
 108                 case SDP_DATA_INT32:
 109                 case SDP_DATA_SEQ32:
 110                         buf += 4;
 111                         break;
 112                 case SDP_DATA_UINT64:
 113                 case SDP_DATA_INT64:
 114                         buf += 8;
 115                         break;
 116                 case SDP_DATA_UINT128:
 117                 case SDP_DATA_INT128:
 118                         buf += 16;
 119                         break;
 120                 case SDP_DATA_STR8:
 121                         if (buf + 1 > eob)
 122                                 continue;
 123                         SDP_GET8(value, buf);
 124                         buf += value;
 125                         break;
 126                 case SDP_DATA_STR16:
 127                         if (buf + 2 > eob)
 128                                 continue;
 129                         SDP_GET16(value, buf);
 130                         if (value > (eob - buf))
 131                                 return (1);
 132                         buf += value;
 133                         break;
 134                 case SDP_DATA_STR32:
 135                         if (buf + 4 > eob)
 136                                 continue;
 137                         SDP_GET32(value, buf);
 138                         if (value > (eob - buf))
 139                                 return (1);
 140                         buf += value;
 141                         break;
 142                 case SDP_DATA_BOOL:
 143                         buf += 1;
 144                         break;
 145                 default:
 146                         return (1);
 147                 }
 148         }
 149         return (1);
 150 }
 151
 152 /*
 153  * Search a provider for matching UUID in its attributes.
 154  */
 155 static int
 156 server_search_uuid(provider_p const provider, const uint128_t *uuid)
 157 {
 158         uint8_t buffer[256];
 159         const attr_t *attr;
 160         int len;
 161
 162         for (attr = provider->profile->attrs; attr->create != NULL; attr++) {
 163
 164                 len = attr->create(buffer, buffer + sizeof(buffer),
 165                     (const uint8_t *)provider->profile, sizeof(*provider->profile));
 166                 if (len < 0)
 167                         continue;
 168                 if (server_search_uuid_sub(buffer, buffer + len, uuid) == 0)
 169                         return (0);
 170         }
 171         return (1);
 172 }
 173
 174 /*
 175  * Prepare SDP Service Search Attribute Response
 176  */
 177
 178 int32_t
 179 server_prepare_service_search_attribute_response(server_p srv, int32_t fd)
 180 {
 181         uint8_t const   *req = srv->req + sizeof(sdp_pdu_t);
 182         uint8_t const   *req_end = req + ((sdp_pdu_p)(srv->req))->len;
 183         uint8_t         *rsp = srv->fdidx[fd].rsp;
 184         uint8_t const   *rsp_end = rsp + NG_L2CAP_MTU_MAXIMUM;
 185
 186         uint8_t const   *sspptr = NULL, *aidptr = NULL;
 187         uint8_t         *ptr = NULL;
 188
 189         provider_t      *provider = NULL;
 190         int32_t          type, rsp_limit, ssplen, aidlen, cslen, cs;
 191         uint128_t        uuid, puuid;
 192
 193         /*
 194          * Minimal Service Search Attribute Request request
 195          *
 196          * seq8 len8            - 2 bytes
 197          *      uuid16 value16  - 3 bytes ServiceSearchPattern
 198          * value16              - 2 bytes MaximumAttributeByteCount
 199          * seq8 len8            - 2 bytes
 200          *      uint16 value16  - 3 bytes AttributeIDList
 201          * value8               - 1 byte  ContinuationState
 202          */
 203
 204         if (req_end - req < 13)
 205                 return (SDP_ERROR_CODE_INVALID_REQUEST_SYNTAX);
 206
 207         /* Get size of ServiceSearchPattern */
 208         ssplen = 0;
 209         SDP_GET8(type, req);
 210         switch (type) {
 211         case SDP_DATA_SEQ8:
 212                 SDP_GET8(ssplen, req);
 213                 break;
 214
 215         case SDP_DATA_SEQ16:
 216                 SDP_GET16(ssplen, req);
 217                 break;
 218
 219         case SDP_DATA_SEQ32:
 220                 SDP_GET32(ssplen, req);
 221                 break;
 222         }
 223         if (ssplen <= 0)
 224                 return (SDP_ERROR_CODE_INVALID_REQUEST_SYNTAX);
 225
 226         sspptr = req;
 227         req += ssplen;
 228
 229         /* Get MaximumAttributeByteCount */
 230         if (req + 2 > req_end)
 231                 return (SDP_ERROR_CODE_INVALID_REQUEST_SYNTAX);
 232
 233         SDP_GET16(rsp_limit, req);
 234         if (rsp_limit <= 0)
 235                 return (SDP_ERROR_CODE_INVALID_REQUEST_SYNTAX);
 236
 237         /* Get size of AttributeIDList */
 238         if (req + 1 > req_end)
 239                 return (SDP_ERROR_CODE_INVALID_REQUEST_SYNTAX);
 240
 241         aidlen = 0;
 242         SDP_GET8(type, req);
 243         switch (type) {
 244         case SDP_DATA_SEQ8:
 245                 if (req + 1 > req_end)
 246                         return (SDP_ERROR_CODE_INVALID_REQUEST_SYNTAX);
 247
 248                 SDP_GET8(aidlen, req);
 249                 break;
 250
 251         case SDP_DATA_SEQ16:
 252                 if (req + 2 > req_end)
 253                         return (SDP_ERROR_CODE_INVALID_REQUEST_SYNTAX);
 254
 255                 SDP_GET16(aidlen, req);
 256                 break;
 257
 258         case SDP_DATA_SEQ32:
 259                 if (req + 4 > req_end)
 260                         return (SDP_ERROR_CODE_INVALID_REQUEST_SYNTAX);
 261
 262                 SDP_GET32(aidlen, req);
 263                 break;
 264         }
 265         if (aidlen <= 0)
 266                 return (SDP_ERROR_CODE_INVALID_REQUEST_SYNTAX);
 267
 268         aidptr = req;
 269         req += aidlen;
 270
 271         /* Get ContinuationState */
 272         if (req + 1 > req_end)
 273                 return (SDP_ERROR_CODE_INVALID_REQUEST_SYNTAX);
 274
 275         SDP_GET8(cslen, req);
 276         if (cslen != 0) {
 277                 if (cslen != 2 || req_end - req != 2)
 278                         return (SDP_ERROR_CODE_INVALID_REQUEST_SYNTAX);
 279
 280                 SDP_GET16(cs, req);
 281         } else
 282                 cs = 0;
 283
 284         /* Process the request. First, check continuation state */
 285         if (srv->fdidx[fd].rsp_cs != cs)
 286                 return (SDP_ERROR_CODE_INVALID_CONTINUATION_STATE);
 287         if (srv->fdidx[fd].rsp_size > 0)
 288                 return (0);
 289
 290         /*
 291          * Service Search Attribute Response format
 292          *
 293          * value16              - 2 bytes  AttributeListByteCount (not incl.)
 294          * seq8 len16           - 3 bytes
 295          *      attr list       - 3+ bytes AttributeLists
 296          *      [ attr list ]
 297          */
 298
 299         ptr = rsp + 3;
 300
 301         while (ssplen > 0) {
 302                 SDP_GET8(type, sspptr);
 303                 ssplen --;
 304
 305                 switch (type) {
 306                 case SDP_DATA_UUID16:
 307                         if (ssplen < 2)
 308                                 return (SDP_ERROR_CODE_INVALID_REQUEST_SYNTAX);
 309
 310                         memcpy(&uuid, &uuid_base, sizeof(uuid));
 311                         uuid.b[2] = *sspptr ++;
 312                         uuid.b[3] = *sspptr ++;
 313                         ssplen -= 2;
 314                         break;
 315
 316                 case SDP_DATA_UUID32:
 317                         if (ssplen < 4)
 318                                 return (SDP_ERROR_CODE_INVALID_REQUEST_SYNTAX);
 319
 320                         memcpy(&uuid, &uuid_base, sizeof(uuid));
 321                         uuid.b[0] = *sspptr ++;
 322                         uuid.b[1] = *sspptr ++;
 323                         uuid.b[2] = *sspptr ++;
 324                         uuid.b[3] = *sspptr ++;
 325                         ssplen -= 4;
 326                         break;
 327
 328                 case SDP_DATA_UUID128:
 329                         if (ssplen < 16)
 330                                 return (SDP_ERROR_CODE_INVALID_REQUEST_SYNTAX);
 331
 332                         memcpy(uuid.b, sspptr, 16);
 333                         sspptr += 16;
 334                         ssplen -= 16;
 335                         break;
 336
 337                 default:
 338                         return (SDP_ERROR_CODE_INVALID_REQUEST_SYNTAX);
 339                         /* NOT REACHED */
 340                 }
 341
 342                 for (provider = provider_get_first();
 343                      provider != NULL;
 344                      provider = provider_get_next(provider)) {
 345                         if (!provider_match_bdaddr(provider, &srv->req_sa.l2cap_bdaddr))
 346                                 continue;
 347
 348                         memcpy(&puuid, &uuid_base, sizeof(puuid));
 349                         puuid.b[2] = provider->profile->uuid >> 8;
 350                         puuid.b[3] = provider->profile->uuid;
 351
 352                         if (memcmp(&uuid, &puuid, sizeof(uuid)) != 0 &&
 353                             memcmp(&uuid, &uuid_public_browse_group, sizeof(uuid)) != 0 &&
 354                             server_search_uuid(provider, &uuid) != 0)
 355                                 continue;
 356
 357                         cs = server_prepare_attr_list(provider,
 358                                 aidptr, aidptr + aidlen, ptr, rsp_end);
 359                         if (cs < 0)
 360                                 return (SDP_ERROR_CODE_INSUFFICIENT_RESOURCES);
 361
 362                         ptr += cs;
 363                 }
 364         }
 365
 366         /* Set reply size (not counting PDU header and continuation state) */
 367         srv->fdidx[fd].rsp_limit = srv->fdidx[fd].omtu - sizeof(sdp_pdu_t) - 2;
 368         if (srv->fdidx[fd].rsp_limit > rsp_limit)
 369                 srv->fdidx[fd].rsp_limit = rsp_limit;
 370
 371         srv->fdidx[fd].rsp_size = ptr - rsp;
 372         srv->fdidx[fd].rsp_cs = 0;
 373
 374         /* Fix AttributeLists sequence header */
 375         ptr = rsp;
 376         SDP_PUT8(SDP_DATA_SEQ16, ptr);
 377         SDP_PUT16(srv->fdidx[fd].rsp_size - 3, ptr);
 378
 379         return (0);
 380 }
 381