Merge branch 'bugfix/sdp_uuid16_match_err_v5.4' into 'release/v5.4'

fix(bt): Fix the incorrect record found using uuid16 search(v5.4)

See merge request espressif/esp-idf!36843

Author: Jiang Jiang Jian

components/bt/host/bluedroid/api/esp_sdp_api.c

@@ -1,5 +1,5 @@
 /*
- * SPDX-FileCopyrightText: 2015-2024 Espressif Systems (Shanghai) CO LTD
+ * SPDX-FileCopyrightText: 2015-2025 Espressif Systems (Shanghai) CO LTD
  *
  * SPDX-License-Identifier: Apache-2.0
  */
@@ -21,6 +21,10 @@ static bool esp_sdp_record_integrity_check(esp_bluetooth_sdp_record_t *record)
     bool ret = true;
 
     if (record != NULL) {
+        if (record->hdr.type < ESP_SDP_TYPE_RAW || record->hdr.type > ESP_SDP_TYPE_DIP_SERVER) {
+            LOG_ERROR("Invalid type!\n");
+            return false;
+        }
         switch (record->hdr.type) {
         case ESP_SDP_TYPE_DIP_SERVER:
             if (record->dip.vendor_id_source != ESP_SDP_VENDOR_ID_SRC_BT &&
@@ -29,14 +33,28 @@ static bool esp_sdp_record_integrity_check(esp_bluetooth_sdp_record_t *record)
                 ret = false;
             }
             break;
+        case ESP_SDP_TYPE_MAP_MAS:
+            if ((record->mas.mas_instance_id >> 8) || (record->mas.supported_message_types >> 8)) {
+                LOG_ERROR("mas_instance_id and supported_message_types are defined as uint8_t in the spec!\n");
+               ret = false;
+            }
+            break;
+        case ESP_SDP_TYPE_PBAP_PSE:
+            if (record->pse.supported_repositories >> 8) {
+                LOG_ERROR("supported_repositories is defined in the spec as uint8_t!\n");
+               ret = false;
+            }
+            break;
 
         default:
+            break;
+        }
+        if (record->hdr.type != ESP_SDP_TYPE_DIP_SERVER) {
             if (record->hdr.service_name_length > ESP_SDP_SERVER_NAME_MAX ||
                 strlen(record->hdr.service_name) + 1 != record->hdr.service_name_length) {
                 LOG_ERROR("Invalid server name!\n");
                 ret = false;
             }
-            break;
         }
     } else {
         LOG_ERROR("record is NULL!\n");

components/bt/host/bluedroid/bta/sdp/bta_sdp_act.c

@@ -40,31 +40,6 @@
 
 #if (SDP_INCLUDED == TRUE)
 
-/*****************************************************************************
-**  Constants
-*****************************************************************************/
-
-static const uint8_t  UUID_OBEX_OBJECT_PUSH[] = {0x00, 0x00, 0x11, 0x05, 0x00, 0x00, 0x10, 0x00,
-                                                 0x80, 0x00, 0x00, 0x80, 0x5F, 0x9B, 0x34, 0xFB
-                                                };
-static const uint8_t  UUID_PBAP_PSE[] = {0x00, 0x00, 0x11, 0x2F, 0x00, 0x00, 0x10, 0x00,
-                                         0x80, 0x00, 0x00, 0x80, 0x5F, 0x9B, 0x34, 0xFB
-                                        };
-static const uint8_t  UUID_PBAP_PCE[] = {0x00, 0x00, 0x11, 0x2E, 0x00, 0x00, 0x10, 0x00,
-                                         0x80, 0x00, 0x00, 0x80, 0x5F, 0x9B, 0x34, 0xFB
-                                        };
-static const uint8_t  UUID_MAP_MAS[] = {0x00, 0x00, 0x11, 0x32, 0x00, 0x00, 0x10, 0x00,
-                                        0x80, 0x00, 0x00, 0x80, 0x5F, 0x9B, 0x34, 0xFB
-                                       };
-static const uint8_t  UUID_MAP_MNS[] = {0x00, 0x00, 0x11, 0x33, 0x00, 0x00, 0x10, 0x00,
-                                        0x80, 0x00, 0x00, 0x80, 0x5F, 0x9B, 0x34, 0xFB
-                                       };
-static const uint8_t  UUID_SPP[] = {0x00, 0x00, 0x11, 0x01, 0x00, 0x00, 0x10, 0x00,
-                                    0x80, 0x00, 0x00, 0x80, 0x5F, 0x9B, 0x34, 0xFB
-                                   };
-static const uint8_t  UUID_SAP[] = {0x00, 0x00, 0x11, 0x2D, 0x00, 0x00, 0x10, 0x00,
-                                    0x80, 0x00, 0x00, 0x80, 0x5F, 0x9B, 0x34, 0xFB
-                                   };
 // TODO:
 // Both the fact that the UUIDs are declared in multiple places, plus the fact
 // that there is a mess of UUID comparison and shortening methods will have to
@@ -369,7 +344,7 @@ static void bta_create_sap_sdp_record(bluetooth_sdp_record *record, tSDP_DISC_RE
     tSDP_PROTOCOL_ELEM pe;
     UINT16 pversion = -1;
 
-    record->sap.hdr.type = SDP_TYPE_MAP_MAS;
+    record->sap.hdr.type = SDP_TYPE_SAP_SERVER;
     record->sap.hdr.service_name_length = 0;
     record->sap.hdr.service_name = NULL;
     record->sap.hdr.rfcomm_channel_number = 0;
@@ -420,6 +395,15 @@ static void bta_create_raw_sdp_record(bluetooth_sdp_record *record, tSDP_DISC_RE
     record->raw.hdr.user1_ptr = p_bta_sdp_cfg->p_sdp_db->raw_data;
 }
 
+static bool check_if_uuid16_match(UINT16 uuid16, tBT_UUID *uuid)
+{
+    // Because it is converted to a short UUID, only uuid16 needs to be checked.
+    if (uuid->len == 2 && uuid->uu.uuid16 == uuid16) {
+        return TRUE;
+    } else {
+        return FALSE;
+    }
+}
 
 /*******************************************************************************
 **
@@ -456,25 +440,25 @@ static void bta_sdp_search_cback(UINT16 result, void *user_data)
             /* generate the matching record data pointer */
             if (p_rec != NULL) {
                 status = BTA_SDP_SUCCESS;
-                if (uuid->uu.uuid16 == UUID_SERVCLASS_PNP_INFORMATION) {
+                if (check_if_uuid16_match(UUID_SERVCLASS_PNP_INFORMATION, &su)) {
                     APPL_TRACE_DEBUG("%s() - found DIP uuid\n", __func__);
                     bta_create_dip_sdp_record(&evt_data.records[count], p_rec);
-                } else if (IS_UUID(UUID_MAP_MAS, uuid->uu.uuid128)) {
+                } else if (check_if_uuid16_match(UUID_SERVCLASS_MESSAGE_ACCESS, &su)) {
                     APPL_TRACE_DEBUG("%s() - found MAP (MAS) uuid\n", __func__);
                     bta_create_mas_sdp_record(&evt_data.records[count], p_rec);
-                } else if (IS_UUID(UUID_MAP_MNS, uuid->uu.uuid128)) {
+                } else if (check_if_uuid16_match(UUID_SERVCLASS_MESSAGE_NOTIFICATION, &su)) {
                     APPL_TRACE_DEBUG("%s() - found MAP (MNS) uuid\n", __func__);
                     bta_create_mns_sdp_record(&evt_data.records[count], p_rec);
-                } else if (IS_UUID(UUID_PBAP_PSE, uuid->uu.uuid128)) {
+                } else if (check_if_uuid16_match(UUID_SERVCLASS_PBAP_PSE, &su)) {
                     APPL_TRACE_DEBUG("%s() - found PBAP (PSE) uuid\n", __func__);
                     bta_create_pse_sdp_record(&evt_data.records[count], p_rec);
-                } else if (IS_UUID(UUID_PBAP_PCE, uuid->uu.uuid128)) {
+                } else if (check_if_uuid16_match(UUID_SERVCLASS_PBAP_PCE, &su)) {
                     APPL_TRACE_DEBUG("%s() - found PBAP (PCE) uuid\n", __func__);
                     bta_create_pce_sdp_record(&evt_data.records[count], p_rec);
-                } else if (IS_UUID(UUID_OBEX_OBJECT_PUSH, uuid->uu.uuid128)) {
+                } else if (check_if_uuid16_match(UUID_SERVCLASS_OBEX_OBJECT_PUSH, &su)) {
                     APPL_TRACE_DEBUG("%s() - found Object Push Server (OPS) uuid\n", __func__);
                     bta_create_ops_sdp_record(&evt_data.records[count], p_rec);
-                } else if (IS_UUID(UUID_SAP, uuid->uu.uuid128)) {
+                } else if (check_if_uuid16_match(UUID_SERVCLASS_SAP, &su)) {
                     APPL_TRACE_DEBUG("%s() - found SAP uuid\n", __func__);
                     bta_create_sap_sdp_record(&evt_data.records[count], p_rec);
                 } else {

examples/bluetooth/bluedroid/classic_bt/a2dp_sink/main/main.c

@@ -104,12 +104,12 @@ static void bt_app_gap_cb(esp_bt_gap_cb_event_t event, esp_bt_gap_cb_param_t *pa
 #if (CONFIG_EXAMPLE_A2DP_SINK_SSP_ENABLED == true)
     /* when Security Simple Pairing user confirmation requested, this event comes */
     case ESP_BT_GAP_CFM_REQ_EVT:
-        ESP_LOGI(BT_AV_TAG, "ESP_BT_GAP_CFM_REQ_EVT Please compare the numeric value: %"PRIu32, param->cfm_req.num_val);
+        ESP_LOGI(BT_AV_TAG, "ESP_BT_GAP_CFM_REQ_EVT Please compare the numeric value: %06"PRIu32, param->cfm_req.num_val);
         esp_bt_gap_ssp_confirm_reply(param->cfm_req.bda, true);
         break;
     /* when Security Simple Pairing passkey notified, this event comes */
     case ESP_BT_GAP_KEY_NOTIF_EVT:
-        ESP_LOGI(BT_AV_TAG, "ESP_BT_GAP_KEY_NOTIF_EVT passkey: %"PRIu32, param->key_notif.passkey);
+        ESP_LOGI(BT_AV_TAG, "ESP_BT_GAP_KEY_NOTIF_EVT passkey: %06"PRIu32, param->key_notif.passkey);
         break;
     /* when Security Simple Pairing passkey requested, this event comes */
     case ESP_BT_GAP_KEY_REQ_EVT:

examples/bluetooth/bluedroid/classic_bt/a2dp_source/main/main.c

@@ -271,12 +271,12 @@ static void bt_app_gap_cb(esp_bt_gap_cb_event_t event, esp_bt_gap_cb_param_t *pa
 #if (CONFIG_EXAMPLE_SSP_ENABLED == true)
     /* when Security Simple Pairing user confirmation requested, this event comes */
     case ESP_BT_GAP_CFM_REQ_EVT:
-        ESP_LOGI(BT_AV_TAG, "ESP_BT_GAP_CFM_REQ_EVT Please compare the numeric value: %"PRIu32, param->cfm_req.num_val);
+        ESP_LOGI(BT_AV_TAG, "ESP_BT_GAP_CFM_REQ_EVT Please compare the numeric value: %06"PRIu32, param->cfm_req.num_val);
         esp_bt_gap_ssp_confirm_reply(param->cfm_req.bda, true);
         break;
     /* when Security Simple Pairing passkey notified, this event comes */
     case ESP_BT_GAP_KEY_NOTIF_EVT:
-        ESP_LOGI(BT_AV_TAG, "ESP_BT_GAP_KEY_NOTIF_EVT passkey: %"PRIu32, param->key_notif.passkey);
+        ESP_LOGI(BT_AV_TAG, "ESP_BT_GAP_KEY_NOTIF_EVT passkey: %06"PRIu32, param->key_notif.passkey);
         break;
     /* when Security Simple Pairing passkey requested, this event comes */
     case ESP_BT_GAP_KEY_REQ_EVT:

examples/bluetooth/bluedroid/classic_bt/bt_hid_mouse_device/main/main.c

@@ -205,11 +205,11 @@ void esp_bt_gap_cb(esp_bt_gap_cb_event_t event, esp_bt_gap_cb_param_t *param)
 
 #if (CONFIG_EXAMPLE_SSP_ENABLED == true)
     case ESP_BT_GAP_CFM_REQ_EVT:
-        ESP_LOGI(TAG, "ESP_BT_GAP_CFM_REQ_EVT Please compare the numeric value: %"PRIu32, param->cfm_req.num_val);
+        ESP_LOGI(TAG, "ESP_BT_GAP_CFM_REQ_EVT Please compare the numeric value: %06"PRIu32, param->cfm_req.num_val);
         esp_bt_gap_ssp_confirm_reply(param->cfm_req.bda, true);
         break;
     case ESP_BT_GAP_KEY_NOTIF_EVT:
-        ESP_LOGI(TAG, "ESP_BT_GAP_KEY_NOTIF_EVT passkey:%"PRIu32, param->key_notif.passkey);
+        ESP_LOGI(TAG, "ESP_BT_GAP_KEY_NOTIF_EVT passkey:%06"PRIu32, param->key_notif.passkey);
         break;
     case ESP_BT_GAP_KEY_REQ_EVT:
         ESP_LOGI(TAG, "ESP_BT_GAP_KEY_REQ_EVT Please enter passkey!");

examples/bluetooth/bluedroid/classic_bt/bt_l2cap_client/main/main.c

@@ -179,12 +179,12 @@ static void esp_bt_gap_cb(esp_bt_gap_cb_event_t event, esp_bt_gap_cb_param_t *pa
 #if (CONFIG_EXAMPLE_SSP_ENABLED == true)
     /* when Security Simple Pairing user confirmation requested, this event comes */
     case ESP_BT_GAP_CFM_REQ_EVT:
-        ESP_LOGI(L2CAP_TAG, "ESP_BT_GAP_CFM_REQ_EVT Please compare the numeric value: %"PRIu32, param->cfm_req.num_val);
+        ESP_LOGI(L2CAP_TAG, "ESP_BT_GAP_CFM_REQ_EVT Please compare the numeric value: %06"PRIu32, param->cfm_req.num_val);
         esp_bt_gap_ssp_confirm_reply(param->cfm_req.bda, true);
         break;
     /* when Security Simple Pairing passkey notified, this event comes */
     case ESP_BT_GAP_KEY_NOTIF_EVT:
-        ESP_LOGI(L2CAP_TAG, "ESP_BT_GAP_KEY_NOTIF_EVT passkey: %"PRIu32, param->key_notif.passkey);
+        ESP_LOGI(L2CAP_TAG, "ESP_BT_GAP_KEY_NOTIF_EVT passkey: %06"PRIu32, param->key_notif.passkey);
         break;
     /* when Security Simple Pairing passkey requested, this event comes */
     case ESP_BT_GAP_KEY_REQ_EVT:

examples/bluetooth/bluedroid/classic_bt/bt_l2cap_server/main/main.c

@@ -93,12 +93,12 @@ static void esp_bt_gap_cb(esp_bt_gap_cb_event_t event, esp_bt_gap_cb_param_t *pa
 #if (CONFIG_EXAMPLE_SSP_ENABLED == true)
     /* when Security Simple Pairing user confirmation requested, this event comes */
     case ESP_BT_GAP_CFM_REQ_EVT:
-        ESP_LOGI(L2CAP_TAG, "ESP_BT_GAP_CFM_REQ_EVT Please compare the numeric value: %"PRIu32, param->cfm_req.num_val);
+        ESP_LOGI(L2CAP_TAG, "ESP_BT_GAP_CFM_REQ_EVT Please compare the numeric value: %06"PRIu32, param->cfm_req.num_val);
         esp_bt_gap_ssp_confirm_reply(param->cfm_req.bda, true);
         break;
     /* when Security Simple Pairing passkey notified, this event comes */
     case ESP_BT_GAP_KEY_NOTIF_EVT:
-        ESP_LOGI(L2CAP_TAG, "ESP_BT_GAP_KEY_NOTIF_EVT passkey:%"PRIu32, param->key_notif.passkey);
+        ESP_LOGI(L2CAP_TAG, "ESP_BT_GAP_KEY_NOTIF_EVT passkey:%06"PRIu32, param->key_notif.passkey);
         break;
     /* when Security Simple Pairing passkey requested, this event comes */
     case ESP_BT_GAP_KEY_REQ_EVT:

examples/bluetooth/bluedroid/classic_bt/bt_spp_acceptor/main/main.c

@@ -176,11 +176,11 @@ void esp_bt_gap_cb(esp_bt_gap_cb_event_t event, esp_bt_gap_cb_param_t *param)
 
 #if (CONFIG_EXAMPLE_SSP_ENABLED == true)
     case ESP_BT_GAP_CFM_REQ_EVT:
-        ESP_LOGI(SPP_TAG, "ESP_BT_GAP_CFM_REQ_EVT Please compare the numeric value: %"PRIu32, param->cfm_req.num_val);
+        ESP_LOGI(SPP_TAG, "ESP_BT_GAP_CFM_REQ_EVT Please compare the numeric value: %06"PRIu32, param->cfm_req.num_val);
         esp_bt_gap_ssp_confirm_reply(param->cfm_req.bda, true);
         break;
     case ESP_BT_GAP_KEY_NOTIF_EVT:
-        ESP_LOGI(SPP_TAG, "ESP_BT_GAP_KEY_NOTIF_EVT passkey:%"PRIu32, param->key_notif.passkey);
+        ESP_LOGI(SPP_TAG, "ESP_BT_GAP_KEY_NOTIF_EVT passkey:%06"PRIu32, param->key_notif.passkey);
         break;
     case ESP_BT_GAP_KEY_REQ_EVT:
         ESP_LOGI(SPP_TAG, "ESP_BT_GAP_KEY_REQ_EVT Please enter passkey!");

examples/bluetooth/bluedroid/classic_bt/bt_spp_initiator/main/main.c

@@ -305,11 +305,11 @@ static void esp_bt_gap_cb(esp_bt_gap_cb_event_t event, esp_bt_gap_cb_param_t *pa
 
 #if (CONFIG_EXAMPLE_SSP_ENABLED == true)
     case ESP_BT_GAP_CFM_REQ_EVT:
-        ESP_LOGI(SPP_TAG, "ESP_BT_GAP_CFM_REQ_EVT Please compare the numeric value: %"PRIu32, param->cfm_req.num_val);
+        ESP_LOGI(SPP_TAG, "ESP_BT_GAP_CFM_REQ_EVT Please compare the numeric value: %06"PRIu32, param->cfm_req.num_val);
         ESP_LOGW(SPP_TAG, "To confirm the value, type `spp ok;`");
         break;
     case ESP_BT_GAP_KEY_NOTIF_EVT:
-        ESP_LOGI(SPP_TAG, "ESP_BT_GAP_KEY_NOTIF_EVT passkey:%"PRIu32, param->key_notif.passkey);
+        ESP_LOGI(SPP_TAG, "ESP_BT_GAP_KEY_NOTIF_EVT passkey:%06"PRIu32, param->key_notif.passkey);
         ESP_LOGW(SPP_TAG, "Waiting response...");
         break;
     case ESP_BT_GAP_KEY_REQ_EVT:

examples/bluetooth/bluedroid/classic_bt/bt_spp_vfs_acceptor/main/main.c

@@ -188,11 +188,11 @@ void esp_bt_gap_cb(esp_bt_gap_cb_event_t event, esp_bt_gap_cb_param_t *param)
 
 #if (CONFIG_EXAMPLE_SSP_ENABLED == true)
     case ESP_BT_GAP_CFM_REQ_EVT:
-        ESP_LOGI(SPP_TAG, "ESP_BT_GAP_CFM_REQ_EVT Please compare the numeric value: %"PRIu32, param->cfm_req.num_val);
+        ESP_LOGI(SPP_TAG, "ESP_BT_GAP_CFM_REQ_EVT Please compare the numeric value: %06"PRIu32, param->cfm_req.num_val);
         esp_bt_gap_ssp_confirm_reply(param->cfm_req.bda, true);
         break;
     case ESP_BT_GAP_KEY_NOTIF_EVT:
-        ESP_LOGI(SPP_TAG, "ESP_BT_GAP_KEY_NOTIF_EVT passkey:%"PRIu32, param->key_notif.passkey);
+        ESP_LOGI(SPP_TAG, "ESP_BT_GAP_KEY_NOTIF_EVT passkey:%06"PRIu32, param->key_notif.passkey);
         break;
     case ESP_BT_GAP_KEY_REQ_EVT:
         ESP_LOGI(SPP_TAG, "ESP_BT_GAP_KEY_REQ_EVT Please enter passkey!");