Skip to content

Buffer overflow with Giga R1 WiFi #313

New issue
New issue
Open
Open
Buffer overflow with Giga R1 WiFi#313
Labels
topic: codeRelated to content of the project itselftype: imperfectionPerceived defect in any part of project
@controllercustom

Description

@controllercustom
controllercustom
opened on Jul 24, 2023

On Giga R1 WiFi with Murata 1DX Bluetooth 5.1, the ATT error response PDU is 5 bytes (see Bluetooth Core v5.1, section 3.4.1.1) but the response buffer is only 4 bytes long. respLength is 5.

A buffer size of 256 avoids the buffer overflow but might be overkill.

However, fixing this still does not fix any problems with subscribing/reading characteristics on some devices. But at least the failure code in the PDU does point to insufficent authentication (error code 0x05). So perhaps the peripheral is not satisfied with pairing/bonding.

Testing is done using PeripheralExplorer.

Metadata

Metadata

Assignees

No one assigned

    Labels

    topic: codeRelated to content of the project itselftype: imperfectionPerceived defect in any part of project

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions