1 /******************************************************************************
2  *
3  *  Copyright (C) 1999-2012 Broadcom Corporation
4  *
5  *  Licensed under the Apache License, Version 2.0 (the "License");
6  *  you may not use this file except in compliance with the License.
7  *  You may obtain a copy of the License at:
8  *
9  *  http://www.apache.org/licenses/LICENSE-2.0
10  *
11  *  Unless required by applicable law or agreed to in writing, software
12  *  distributed under the License is distributed on an "AS IS" BASIS,
13  *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14  *  See the License for the specific language governing permissions and
15  *  limitations under the License.
16  *
17  ******************************************************************************/
18 
19 /******************************************************************************
20  *
21  *  This file contains SDP utility functions
22  *
23  ******************************************************************************/
24 
25 #include <stdlib.h>
26 #include <string.h>
27 #include <netinet/in.h>
28 #include <stdio.h>
29 
30 #include "gki.h"
31 #include "bt_types.h"
32 
33 #include "l2cdefs.h"
34 #include "hcidefs.h"
35 #include "hcimsgs.h"
36 
37 #include "sdp_api.h"
38 #include "sdpint.h"
39 
40 #include "btu.h"
41 
42 
43 static const UINT8  sdp_base_uuid[] = {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x10, 0x00,
44                                        0x80, 0x00, 0x00, 0x80, 0x5F, 0x9B, 0x34, 0xFB};
45 
46 /*******************************************************************************
47 **
48 ** Function         sdpu_find_ccb_by_cid
49 **
50 ** Description      This function searches the CCB table for an entry with the
51 **                  passed CID.
52 **
53 ** Returns          the CCB address, or NULL if not found.
54 **
55 *******************************************************************************/
sdpu_find_ccb_by_cid(UINT16 cid)56 tCONN_CB *sdpu_find_ccb_by_cid (UINT16 cid)
57 {
58     UINT16       xx;
59     tCONN_CB     *p_ccb;
60 
61     /* Look through each connection control block */
62     for (xx = 0, p_ccb = sdp_cb.ccb; xx < SDP_MAX_CONNECTIONS; xx++, p_ccb++)
63     {
64         if ((p_ccb->con_state != SDP_STATE_IDLE) && (p_ccb->connection_id == cid))
65             return (p_ccb);
66     }
67 
68     /* If here, not found */
69     return (NULL);
70 }
71 
72 
73 /*******************************************************************************
74 **
75 ** Function         sdpu_find_ccb_by_db
76 **
77 ** Description      This function searches the CCB table for an entry with the
78 **                  passed discovery db.
79 **
80 ** Returns          the CCB address, or NULL if not found.
81 **
82 *******************************************************************************/
sdpu_find_ccb_by_db(tSDP_DISCOVERY_DB * p_db)83 tCONN_CB *sdpu_find_ccb_by_db (tSDP_DISCOVERY_DB *p_db)
84 {
85 #if SDP_CLIENT_ENABLED == TRUE
86     UINT16       xx;
87     tCONN_CB     *p_ccb;
88 
89     if (p_db)
90     {
91         /* Look through each connection control block */
92         for (xx = 0, p_ccb = sdp_cb.ccb; xx < SDP_MAX_CONNECTIONS; xx++, p_ccb++)
93         {
94             if ((p_ccb->con_state != SDP_STATE_IDLE) && (p_ccb->p_db == p_db))
95                 return (p_ccb);
96         }
97     }
98 #endif
99     /* If here, not found */
100     return (NULL);
101 }
102 
103 
104 /*******************************************************************************
105 **
106 ** Function         sdpu_allocate_ccb
107 **
108 ** Description      This function allocates a new CCB.
109 **
110 ** Returns          CCB address, or NULL if none available.
111 **
112 *******************************************************************************/
sdpu_allocate_ccb(void)113 tCONN_CB *sdpu_allocate_ccb (void)
114 {
115     UINT16       xx;
116     tCONN_CB     *p_ccb;
117 
118     /* Look through each connection control block for a free one */
119     for (xx = 0, p_ccb = sdp_cb.ccb; xx < SDP_MAX_CONNECTIONS; xx++, p_ccb++)
120     {
121         if (p_ccb->con_state == SDP_STATE_IDLE)
122         {
123             memset (p_ccb, 0, sizeof (tCONN_CB));
124 
125             p_ccb->timer_entry.param = (UINT32) p_ccb;
126 
127             return (p_ccb);
128         }
129     }
130 
131     /* If here, no free CCB found */
132     return (NULL);
133 }
134 
135 
136 /*******************************************************************************
137 **
138 ** Function         sdpu_release_ccb
139 **
140 ** Description      This function releases a CCB.
141 **
142 ** Returns          void
143 **
144 *******************************************************************************/
sdpu_release_ccb(tCONN_CB * p_ccb)145 void sdpu_release_ccb (tCONN_CB *p_ccb)
146 {
147     /* Ensure timer is stopped */
148     btu_stop_timer (&p_ccb->timer_entry);
149 
150     /* Drop any response pointer we may be holding */
151     p_ccb->con_state = SDP_STATE_IDLE;
152 #if SDP_CLIENT_ENABLED == TRUE
153     p_ccb->is_attr_search = FALSE;
154 #endif
155 
156     /* Free the response buffer */
157     if (p_ccb->rsp_list)
158     {
159        SDP_TRACE_DEBUG("releasing SDP rsp_list");
160 
161         GKI_freebuf(p_ccb->rsp_list);
162         p_ccb->rsp_list = NULL;
163     }
164 }
165 
166 
167 /*******************************************************************************
168 **
169 ** Function         sdpu_build_attrib_seq
170 **
171 ** Description      This function builds an attribute sequence from the list of
172 **                  passed attributes. It is also passed the address of the output
173 **                  buffer.
174 **
175 ** Returns          Pointer to next byte in the output buffer.
176 **
177 *******************************************************************************/
sdpu_build_attrib_seq(UINT8 * p_out,UINT16 * p_attr,UINT16 num_attrs)178 UINT8 *sdpu_build_attrib_seq (UINT8 *p_out, UINT16 *p_attr, UINT16 num_attrs)
179 {
180     UINT16  xx;
181 
182     /* First thing is the data element header. See if the length fits 1 byte */
183     /* If no attributes, assume a 4-byte wildcard */
184     if (!p_attr)
185         xx = 5;
186     else
187         xx = num_attrs * 3;
188 
189     if (xx > 255)
190     {
191         UINT8_TO_BE_STREAM  (p_out, (DATA_ELE_SEQ_DESC_TYPE << 3) | SIZE_IN_NEXT_WORD);
192         UINT16_TO_BE_STREAM (p_out, xx);
193     }
194     else
195     {
196         UINT8_TO_BE_STREAM (p_out, (DATA_ELE_SEQ_DESC_TYPE << 3) | SIZE_IN_NEXT_BYTE);
197         UINT8_TO_BE_STREAM (p_out, xx);
198     }
199 
200     /* If there are no attributes specified, assume caller wants wildcard */
201     if (!p_attr)
202     {
203         UINT8_TO_BE_STREAM  (p_out, (UINT_DESC_TYPE << 3) | SIZE_FOUR_BYTES);
204         UINT16_TO_BE_STREAM (p_out, 0);
205         UINT16_TO_BE_STREAM (p_out, 0xFFFF);
206     }
207     else
208     {
209         /* Loop through and put in all the attributes(s) */
210         for (xx = 0; xx < num_attrs; xx++, p_attr++)
211         {
212             UINT8_TO_BE_STREAM  (p_out, (UINT_DESC_TYPE << 3) | SIZE_TWO_BYTES);
213             UINT16_TO_BE_STREAM (p_out, *p_attr);
214         }
215     }
216 
217     return (p_out);
218 }
219 
220 
221 /*******************************************************************************
222 **
223 ** Function         sdpu_build_attrib_entry
224 **
225 ** Description      This function builds an attribute entry from the passed
226 **                  attribute record. It is also passed the address of the output
227 **                  buffer.
228 **
229 ** Returns          Pointer to next byte in the output buffer.
230 **
231 *******************************************************************************/
sdpu_build_attrib_entry(UINT8 * p_out,tSDP_ATTRIBUTE * p_attr)232 UINT8 *sdpu_build_attrib_entry (UINT8 *p_out, tSDP_ATTRIBUTE *p_attr)
233 {
234     /* First, store the attribute ID. Goes as a UINT */
235     UINT8_TO_BE_STREAM  (p_out, (UINT_DESC_TYPE << 3) | SIZE_TWO_BYTES);
236     UINT16_TO_BE_STREAM (p_out, p_attr->id);
237 
238     /* the attribute is in the db record.
239      * assuming the attribute len is less than SDP_MAX_ATTR_LEN */
240     switch(p_attr->type)
241     {
242     case TEXT_STR_DESC_TYPE:    /* 4 */
243     case DATA_ELE_SEQ_DESC_TYPE:/* 6 */
244     case DATA_ELE_ALT_DESC_TYPE:/* 7 */
245     case URL_DESC_TYPE:         /* 8 */
246 #if (SDP_MAX_ATTR_LEN > 0xFFFF)
247         if(p_attr->len > 0xFFFF)
248         {
249             UINT8_TO_BE_STREAM (p_out, (p_attr->type << 3) | SIZE_IN_NEXT_LONG);
250             UINT32_TO_BE_STREAM (p_out, p_attr->len);
251         }
252         else
253 
254 #endif /* 0xFFFF - 0xFF */
255 #if (SDP_MAX_ATTR_LEN > 0xFF)
256         if(p_attr->len > 0xFF)
257         {
258             UINT8_TO_BE_STREAM (p_out, (p_attr->type << 3) | SIZE_IN_NEXT_WORD);
259             UINT16_TO_BE_STREAM (p_out, p_attr->len);
260         }
261         else
262 
263 #endif /* 0xFF and less*/
264         {
265             UINT8_TO_BE_STREAM (p_out, (p_attr->type << 3) | SIZE_IN_NEXT_BYTE);
266             UINT8_TO_BE_STREAM (p_out, p_attr->len);
267         }
268 
269         if (p_attr->value_ptr != NULL) {
270             ARRAY_TO_BE_STREAM (p_out, p_attr->value_ptr, (int)p_attr->len);
271         }
272 
273         return (p_out);
274     }
275 
276     /* Now, store the attribute value */
277     switch (p_attr->len)
278     {
279     case 1:
280         UINT8_TO_BE_STREAM (p_out, (p_attr->type << 3) | SIZE_ONE_BYTE);
281         break;
282     case 2:
283         UINT8_TO_BE_STREAM  (p_out, (p_attr->type << 3) | SIZE_TWO_BYTES);
284         break;
285     case 4:
286         UINT8_TO_BE_STREAM  (p_out, (p_attr->type << 3) | SIZE_FOUR_BYTES);
287         break;
288     case 8:
289         UINT8_TO_BE_STREAM  (p_out, (p_attr->type << 3) | SIZE_EIGHT_BYTES);
290         break;
291     case 16:
292         UINT8_TO_BE_STREAM  (p_out, (p_attr->type << 3) | SIZE_SIXTEEN_BYTES);
293         break;
294     default:
295         UINT8_TO_BE_STREAM (p_out, (p_attr->type << 3) | SIZE_IN_NEXT_BYTE);
296         UINT8_TO_BE_STREAM (p_out, p_attr->len);
297         break;
298     }
299 
300     if (p_attr->value_ptr != NULL) {
301         ARRAY_TO_BE_STREAM (p_out, p_attr->value_ptr, (int)p_attr->len);
302     }
303 
304     return (p_out);
305 }
306 
307 
308 /*******************************************************************************
309 **
310 ** Function         sdpu_build_n_send_error
311 **
312 ** Description      This function builds and sends an error packet.
313 **
314 ** Returns          void
315 **
316 *******************************************************************************/
sdpu_build_n_send_error(tCONN_CB * p_ccb,UINT16 trans_num,UINT16 error_code,char * p_error_text)317 void sdpu_build_n_send_error (tCONN_CB *p_ccb, UINT16 trans_num, UINT16 error_code, char *p_error_text)
318 {
319     UINT8           *p_rsp, *p_rsp_start, *p_rsp_param_len;
320     UINT16          rsp_param_len;
321     BT_HDR          *p_buf;
322 
323 
324     SDP_TRACE_WARNING ("SDP - sdpu_build_n_send_error  code: 0x%x  CID: 0x%x",
325                         error_code, p_ccb->connection_id);
326 
327     /* Get a buffer to use to build and send the packet to L2CAP */
328     if ((p_buf = (BT_HDR *)GKI_getpoolbuf (SDP_POOL_ID)) == NULL)
329     {
330         SDP_TRACE_ERROR ("SDP - no buf for err msg");
331         return;
332     }
333     p_buf->offset = L2CAP_MIN_OFFSET;
334     p_rsp = p_rsp_start = (UINT8 *)(p_buf + 1) + L2CAP_MIN_OFFSET;
335 
336     UINT8_TO_BE_STREAM  (p_rsp, SDP_PDU_ERROR_RESPONSE);
337     UINT16_TO_BE_STREAM  (p_rsp, trans_num);
338 
339     /* Skip the parameter length, we need to add it at the end */
340     p_rsp_param_len = p_rsp;
341     p_rsp += 2;
342 
343     UINT16_TO_BE_STREAM  (p_rsp, error_code);
344 
345     /* Unplugfest example traces do not have any error text */
346     if (p_error_text)
347         ARRAY_TO_BE_STREAM (p_rsp, p_error_text, (int) strlen (p_error_text));
348 
349     /* Go back and put the parameter length into the buffer */
350     rsp_param_len = p_rsp - p_rsp_param_len - 2;
351     UINT16_TO_BE_STREAM (p_rsp_param_len, rsp_param_len);
352 
353     /* Set the length of the SDP data in the buffer */
354     p_buf->len = p_rsp - p_rsp_start;
355 
356 
357     /* Send the buffer through L2CAP */
358     L2CA_DataWrite (p_ccb->connection_id, p_buf);
359 }
360 
361 
362 
363 /*******************************************************************************
364 **
365 ** Function         sdpu_extract_uid_seq
366 **
367 ** Description      This function extracts a UUID sequence from the passed input
368 **                  buffer, and puts it into the passed output list.
369 **
370 ** Returns          Pointer to next byte in the input buffer after the sequence.
371 **
372 *******************************************************************************/
sdpu_extract_uid_seq(UINT8 * p,UINT16 param_len,tSDP_UUID_SEQ * p_seq)373 UINT8 *sdpu_extract_uid_seq (UINT8 *p, UINT16 param_len, tSDP_UUID_SEQ *p_seq)
374 {
375     UINT8   *p_seq_end;
376     UINT8   descr, type, size;
377     UINT32  seq_len, uuid_len;
378 
379     /* Assume none found */
380     p_seq->num_uids = 0;
381 
382     /* A UID sequence is composed of a bunch of UIDs. */
383 
384     BE_STREAM_TO_UINT8 (descr, p);
385     type = descr >> 3;
386     size = descr & 7;
387 
388     if (type != DATA_ELE_SEQ_DESC_TYPE)
389         return (NULL);
390 
391     switch (size)
392     {
393     case SIZE_TWO_BYTES:
394         seq_len = 2;
395         break;
396     case SIZE_FOUR_BYTES:
397         seq_len = 4;
398         break;
399     case SIZE_SIXTEEN_BYTES:
400         seq_len = 16;
401         break;
402     case SIZE_IN_NEXT_BYTE:
403         BE_STREAM_TO_UINT8 (seq_len, p);
404         break;
405     case SIZE_IN_NEXT_WORD:
406         BE_STREAM_TO_UINT16 (seq_len, p);
407         break;
408     case SIZE_IN_NEXT_LONG:
409         BE_STREAM_TO_UINT32 (seq_len, p);
410         break;
411     default:
412         return (NULL);
413     }
414 
415     if (seq_len >= param_len)
416         return (NULL);
417 
418     p_seq_end = p + seq_len;
419 
420     /* Loop through, extracting the UIDs */
421     for ( ; p < p_seq_end ; )
422     {
423         BE_STREAM_TO_UINT8 (descr, p);
424         type = descr >> 3;
425         size = descr & 7;
426 
427         if (type != UUID_DESC_TYPE)
428             return (NULL);
429 
430         switch (size)
431         {
432         case SIZE_TWO_BYTES:
433             uuid_len = 2;
434             break;
435         case SIZE_FOUR_BYTES:
436             uuid_len = 4;
437             break;
438         case SIZE_SIXTEEN_BYTES:
439             uuid_len = 16;
440             break;
441         case SIZE_IN_NEXT_BYTE:
442             BE_STREAM_TO_UINT8 (uuid_len, p);
443             break;
444         case SIZE_IN_NEXT_WORD:
445             BE_STREAM_TO_UINT16 (uuid_len, p);
446             break;
447         case SIZE_IN_NEXT_LONG:
448             BE_STREAM_TO_UINT32 (uuid_len, p);
449             break;
450         default:
451             return (NULL);
452         }
453 
454         /* If UUID length is valid, copy it across */
455         if ((uuid_len == 2) || (uuid_len == 4) || (uuid_len == 16))
456         {
457             p_seq->uuid_entry[p_seq->num_uids].len = (UINT16) uuid_len;
458             BE_STREAM_TO_ARRAY (p, p_seq->uuid_entry[p_seq->num_uids].value, (int)uuid_len);
459             p_seq->num_uids++;
460         }
461         else
462             return (NULL);
463 
464         /* We can only do so many */
465         if (p_seq->num_uids >= MAX_UUIDS_PER_SEQ)
466             return (NULL);
467     }
468 
469     if (p != p_seq_end)
470         return (NULL);
471 
472     return (p);
473 }
474 
475 
476 
477 /*******************************************************************************
478 **
479 ** Function         sdpu_extract_attr_seq
480 **
481 ** Description      This function extracts an attribute sequence from the passed
482 **                  input buffer, and puts it into the passed output list.
483 **
484 ** Returns          Pointer to next byte in the input buffer after the sequence.
485 **
486 *******************************************************************************/
sdpu_extract_attr_seq(UINT8 * p,UINT16 param_len,tSDP_ATTR_SEQ * p_seq)487 UINT8 *sdpu_extract_attr_seq (UINT8 *p, UINT16 param_len, tSDP_ATTR_SEQ *p_seq)
488 {
489     UINT8   *p_end_list;
490     UINT8   descr, type, size;
491     UINT32  list_len, attr_len;
492 
493     /* Assume none found */
494     p_seq->num_attr = 0;
495 
496     /* Get attribute sequence info */
497     BE_STREAM_TO_UINT8 (descr, p);
498     type = descr >> 3;
499     size = descr & 7;
500 
501     if (type != DATA_ELE_SEQ_DESC_TYPE)
502         return (p);
503 
504     switch (size)
505     {
506     case SIZE_IN_NEXT_BYTE:
507         BE_STREAM_TO_UINT8 (list_len, p);
508         break;
509 
510     case SIZE_IN_NEXT_WORD:
511         BE_STREAM_TO_UINT16 (list_len, p);
512         break;
513 
514     case SIZE_IN_NEXT_LONG:
515         BE_STREAM_TO_UINT32 (list_len, p);
516         break;
517 
518     default:
519         return (p);
520     }
521 
522     if (list_len > param_len)
523         return (p);
524 
525     p_end_list = p + list_len;
526 
527     /* Loop through, extracting the attribute IDs */
528     for ( ; p < p_end_list ; )
529     {
530         BE_STREAM_TO_UINT8 (descr, p);
531         type = descr >> 3;
532         size = descr & 7;
533 
534         if (type != UINT_DESC_TYPE)
535             return (p);
536 
537         switch (size)
538         {
539         case SIZE_TWO_BYTES:
540             attr_len = 2;
541             break;
542         case SIZE_FOUR_BYTES:
543             attr_len = 4;
544             break;
545         case SIZE_IN_NEXT_BYTE:
546             BE_STREAM_TO_UINT8 (attr_len, p);
547             break;
548         case SIZE_IN_NEXT_WORD:
549             BE_STREAM_TO_UINT16 (attr_len, p);
550             break;
551         case SIZE_IN_NEXT_LONG:
552             BE_STREAM_TO_UINT32 (attr_len, p);
553             break;
554         default:
555             return (NULL);
556             break;
557         }
558 
559         /* Attribute length must be 2-bytes or 4-bytes for a paired entry. */
560         if (attr_len == 2)
561         {
562             BE_STREAM_TO_UINT16 (p_seq->attr_entry[p_seq->num_attr].start, p);
563             p_seq->attr_entry[p_seq->num_attr].end = p_seq->attr_entry[p_seq->num_attr].start;
564         }
565         else if (attr_len == 4)
566         {
567             BE_STREAM_TO_UINT16 (p_seq->attr_entry[p_seq->num_attr].start, p);
568             BE_STREAM_TO_UINT16 (p_seq->attr_entry[p_seq->num_attr].end, p);
569         }
570         else
571             return (NULL);
572 
573         /* We can only do so many */
574         if (++p_seq->num_attr >= MAX_ATTR_PER_SEQ)
575             return (NULL);
576     }
577 
578     return (p);
579 }
580 
581 
582 /*******************************************************************************
583 **
584 ** Function         sdpu_get_len_from_type
585 **
586 ** Description      This function gets the length
587 **
588 ** Returns          void
589 **
590 *******************************************************************************/
sdpu_get_len_from_type(UINT8 * p,UINT8 type,UINT32 * p_len)591 UINT8 *sdpu_get_len_from_type (UINT8 *p, UINT8 type, UINT32 *p_len)
592 {
593     UINT8   u8;
594     UINT16  u16;
595     UINT32  u32;
596 
597     switch (type & 7)
598     {
599     case SIZE_ONE_BYTE:
600         *p_len = 1;
601         break;
602     case SIZE_TWO_BYTES:
603         *p_len = 2;
604         break;
605     case SIZE_FOUR_BYTES:
606         *p_len = 4;
607         break;
608     case SIZE_EIGHT_BYTES:
609         *p_len = 8;
610         break;
611     case SIZE_SIXTEEN_BYTES:
612         *p_len = 16;
613         break;
614     case SIZE_IN_NEXT_BYTE:
615         BE_STREAM_TO_UINT8 (u8, p);
616         *p_len = u8;
617         break;
618     case SIZE_IN_NEXT_WORD:
619         BE_STREAM_TO_UINT16 (u16, p);
620         *p_len = u16;
621         break;
622     case SIZE_IN_NEXT_LONG:
623         BE_STREAM_TO_UINT32 (u32, p);
624         *p_len = (UINT16) u32;
625         break;
626     }
627 
628     return (p);
629 }
630 
631 
632 /*******************************************************************************
633 **
634 ** Function         sdpu_is_base_uuid
635 **
636 ** Description      This function checks a 128-bit UUID with the base to see if
637 **                  it matches. Only the last 12 bytes are compared.
638 **
639 ** Returns          TRUE if matched, else FALSE
640 **
641 *******************************************************************************/
sdpu_is_base_uuid(UINT8 * p_uuid)642 BOOLEAN sdpu_is_base_uuid (UINT8 *p_uuid)
643 {
644     UINT16    xx;
645 
646     for (xx = 4; xx < MAX_UUID_SIZE; xx++)
647         if (p_uuid[xx] != sdp_base_uuid[xx])
648             return (FALSE);
649 
650     /* If here, matched */
651     return (TRUE);
652 }
653 
654 
655 /*******************************************************************************
656 **
657 ** Function         sdpu_compare_uuid_arrays
658 **
659 ** Description      This function compares 2 BE UUIDs. If needed, they are expanded
660 **                  to 128-bit UUIDs, then compared.
661 **
662 ** NOTE             it is assumed that the arrays are in Big Endian format
663 **
664 ** Returns          TRUE if matched, else FALSE
665 **
666 *******************************************************************************/
sdpu_compare_uuid_arrays(UINT8 * p_uuid1,UINT32 len1,UINT8 * p_uuid2,UINT16 len2)667 BOOLEAN sdpu_compare_uuid_arrays (UINT8 *p_uuid1, UINT32 len1, UINT8 *p_uuid2, UINT16 len2)
668 {
669     UINT8       nu1[MAX_UUID_SIZE];
670     UINT8       nu2[MAX_UUID_SIZE];
671 
672     if( ((len1 != 2) && (len1 != 4) && (len1 != 16)) ||
673         ((len2 != 2) && (len2 != 4) && (len2 != 16)) )
674     {
675         SDP_TRACE_ERROR("%s: invalid length", __func__);
676         return FALSE;
677     }
678 
679     /* If lengths match, do a straight compare */
680     if (len1 == len2)
681     {
682         if (len1 == 2)
683             return ((p_uuid1[0] == p_uuid2[0]) && (p_uuid1[1] == p_uuid2[1]));
684         if (len1 == 4)
685             return (  (p_uuid1[0] == p_uuid2[0]) && (p_uuid1[1] == p_uuid2[1])
686                    && (p_uuid1[2] == p_uuid2[2]) && (p_uuid1[3] == p_uuid2[3]) );
687         else
688             return (memcmp (p_uuid1, p_uuid2, (size_t)len1) == 0);
689     }
690     else if (len1 > len2)
691     {
692         /* If the len1 was 4-byte, (so len2 is 2-byte), compare on the fly */
693         if (len1 == 4)
694         {
695             return ( (p_uuid1[0] == 0) && (p_uuid1[1] == 0)
696                   && (p_uuid1[2] == p_uuid2[0]) && (p_uuid1[3] == p_uuid2[1]) );
697         }
698         else
699         {
700             /* Normalize UUIDs to 16-byte form, then compare. Len1 must be 16 */
701             memcpy (nu1, p_uuid1,       MAX_UUID_SIZE);
702             memcpy (nu2, sdp_base_uuid, MAX_UUID_SIZE);
703 
704             if (len2 == 4)
705                 memcpy (nu2, p_uuid2, len2);
706             else if (len2 == 2)
707                 memcpy (nu2 + 2, p_uuid2, len2);
708 
709             return (memcmp (nu1, nu2, MAX_UUID_SIZE) == 0);
710         }
711     }
712     else
713     {
714         /* len2 is greater than len1 */
715         /* If the len2 was 4-byte, (so len1 is 2-byte), compare on the fly */
716         if (len2 == 4)
717         {
718             return ( (p_uuid2[0] == 0) && (p_uuid2[1] == 0)
719                   && (p_uuid2[2] == p_uuid1[0]) && (p_uuid2[3] == p_uuid1[1]) );
720         }
721         else
722         {
723             /* Normalize UUIDs to 16-byte form, then compare. Len1 must be 16 */
724             memcpy (nu2, p_uuid2,       MAX_UUID_SIZE);
725             memcpy (nu1, sdp_base_uuid, MAX_UUID_SIZE);
726 
727             if (len1 == 4)
728                 memcpy (nu1, p_uuid1, (size_t)len1);
729             else if (len1 == 2)
730                 memcpy (nu1 + 2, p_uuid1, (size_t)len1);
731 
732             return (memcmp (nu1, nu2, MAX_UUID_SIZE) == 0);
733         }
734     }
735 }
736 
737 
738 /*******************************************************************************
739 **
740 ** Function         sdpu_compare_bt_uuids
741 **
742 ** Description      This function compares 2 BT UUID structures.
743 **
744 ** NOTE             it is assumed that BT UUID structures are compressed to the
745 **                  smallest possible UUIDs (by removing the base SDP UUID)
746 **
747 ** Returns          TRUE if matched, else FALSE
748 **
749 *******************************************************************************/
sdpu_compare_bt_uuids(tBT_UUID * p_uuid1,tBT_UUID * p_uuid2)750 BOOLEAN sdpu_compare_bt_uuids (tBT_UUID *p_uuid1, tBT_UUID *p_uuid2)
751 {
752     /* Lengths must match for BT UUIDs to match */
753     if (p_uuid1->len == p_uuid2->len)
754     {
755         if (p_uuid1->len == 2)
756             return (p_uuid1->uu.uuid16 == p_uuid2->uu.uuid16);
757         else if (p_uuid1->len == 4)
758             return (p_uuid1->uu.uuid32 == p_uuid2->uu.uuid32);
759         else if (!memcmp (p_uuid1->uu.uuid128, p_uuid2->uu.uuid128, 16))
760             return (TRUE);
761     }
762 
763     return (FALSE);
764 }
765 
766 
767 /*******************************************************************************
768 **
769 ** Function         sdpu_compare_uuid_with_attr
770 **
771 ** Description      This function compares a BT UUID structure with the UUID in an
772 **                  SDP attribute record. If needed, they are expanded to 128-bit
773 **                  UUIDs, then compared.
774 **
775 ** NOTE           - it is assumed that BT UUID structures are compressed to the
776 **                  smallest possible UUIDs (by removing the base SDP UUID).
777 **                - it is also assumed that the discovery atribute is compressed
778 **                  to the smallest possible
779 **
780 ** Returns          TRUE if matched, else FALSE
781 **
782 *******************************************************************************/
sdpu_compare_uuid_with_attr(tBT_UUID * p_btuuid,tSDP_DISC_ATTR * p_attr)783 BOOLEAN sdpu_compare_uuid_with_attr (tBT_UUID *p_btuuid, tSDP_DISC_ATTR *p_attr)
784 {
785     UINT16      attr_len = SDP_DISC_ATTR_LEN (p_attr->attr_len_type);
786 
787     /* Since both UUIDs are compressed, lengths must match  */
788     if (p_btuuid->len != attr_len)
789         return (FALSE);
790 
791     if (p_btuuid->len == 2)
792         return (BOOLEAN)(p_btuuid->uu.uuid16 == p_attr->attr_value.v.u16);
793     else if (p_btuuid->len == 4)
794         return (BOOLEAN)(p_btuuid->uu.uuid32 == p_attr->attr_value.v.u32);
795     /* coverity[overrun-buffer-arg] */
796     /*
797        Event overrun-buffer-arg: Overrun of static array "&p_attr->attr_value.v.array" of size 4 bytes by passing it to a function which indexes it with argument "16U" at byte position 15
798        FALSE-POSITIVE error from Coverity test tool. Please do NOT remove following comment.
799        False-positive: SDP uses scratch buffer to hold the attribute value.
800        The actual size of tSDP_DISC_ATVAL does not matter.
801        If the array size in tSDP_DISC_ATVAL is increase, we would increase the system RAM usage unnecessarily
802     */
803     else if (!memcmp (p_btuuid->uu.uuid128,(void*) p_attr->attr_value.v.array, MAX_UUID_SIZE))
804         return (TRUE);
805 
806     return (FALSE);
807 }
808 
809 /*******************************************************************************
810 **
811 ** Function         sdpu_sort_attr_list
812 **
813 ** Description      sorts a list of attributes in numeric order from lowest to
814 **                  highest to conform to SDP specification
815 **
816 ** Returns          void
817 **
818 *******************************************************************************/
sdpu_sort_attr_list(UINT16 num_attr,tSDP_DISCOVERY_DB * p_db)819 void sdpu_sort_attr_list( UINT16 num_attr, tSDP_DISCOVERY_DB *p_db )
820 {
821     UINT16 i;
822     UINT16 x;
823 
824     /* Done if no attributes to sort */
825     if (num_attr <= 1)
826     {
827         return;
828     }
829     else if (num_attr > SDP_MAX_ATTR_FILTERS)
830     {
831         num_attr = SDP_MAX_ATTR_FILTERS;
832     }
833 
834     num_attr--; /* for the for-loop */
835     for( i = 0; i < num_attr; )
836     {
837         if( p_db->attr_filters[i] > p_db->attr_filters[i+1] )
838         {
839             /* swap the attribute IDs and start from the beginning */
840             x = p_db->attr_filters[i];
841             p_db->attr_filters[i] = p_db->attr_filters[i+1];
842             p_db->attr_filters[i+1] = x;
843 
844             i = 0;
845         }
846         else
847             i++;
848     }
849 }
850 
851 
852 /*******************************************************************************
853 **
854 ** Function         sdpu_get_list_len
855 **
856 ** Description      gets the total list length in the sdp database for a given
857 **                  uid sequence and attr sequence
858 **
859 ** Returns          void
860 **
861 *******************************************************************************/
sdpu_get_list_len(tSDP_UUID_SEQ * uid_seq,tSDP_ATTR_SEQ * attr_seq)862 UINT16 sdpu_get_list_len(tSDP_UUID_SEQ *uid_seq, tSDP_ATTR_SEQ *attr_seq)
863 {
864     tSDP_RECORD    *p_rec;
865     UINT16 len = 0;
866     UINT16 len1;
867 
868     for (p_rec = sdp_db_service_search (NULL, uid_seq); p_rec; p_rec = sdp_db_service_search (p_rec, uid_seq))
869     {
870         len += 3;
871 
872         len1 = sdpu_get_attrib_seq_len(p_rec, attr_seq );
873 
874         if (len1 != 0)
875             len += len1;
876         else
877             len -= 3;
878     }
879     return len;
880 }
881 
882 /*******************************************************************************
883 **
884 ** Function         sdpu_get_attrib_seq_len
885 **
886 ** Description      gets the length of the specific attributes in a given
887 **                  sdp record
888 **
889 ** Returns          void
890 **
891 *******************************************************************************/
sdpu_get_attrib_seq_len(tSDP_RECORD * p_rec,tSDP_ATTR_SEQ * attr_seq)892 UINT16 sdpu_get_attrib_seq_len(tSDP_RECORD *p_rec, tSDP_ATTR_SEQ *attr_seq)
893 {
894     tSDP_ATTRIBUTE *p_attr;
895     UINT16 len1 = 0;
896     UINT16 xx;
897     BOOLEAN is_range = FALSE;
898     UINT16 start_id=0, end_id=0;
899 
900     for (xx = 0; xx < attr_seq->num_attr; xx++)
901     {
902         if (is_range == FALSE)
903         {
904             start_id = attr_seq->attr_entry[xx].start;
905             end_id = attr_seq->attr_entry[xx].end;
906         }
907         p_attr = sdp_db_find_attr_in_rec (p_rec,
908                                           start_id,
909                                           end_id);
910         if (p_attr)
911         {
912             len1 += sdpu_get_attrib_entry_len (p_attr);
913 
914             /* If doing a range, stick with this one till no more attributes found */
915             if (start_id != end_id)
916             {
917                 /* Update for next time through */
918                 start_id = p_attr->id + 1;
919                 xx--;
920                 is_range = TRUE;
921             }
922             else
923                 is_range = FALSE;
924         }
925         else
926             is_range = FALSE;
927     }
928     return len1;
929 }
930 
931 /*******************************************************************************
932 **
933 ** Function         sdpu_get_attrib_entry_len
934 **
935 ** Description      gets the length of a specific attribute
936 **
937 ** Returns          void
938 **
939 *******************************************************************************/
sdpu_get_attrib_entry_len(tSDP_ATTRIBUTE * p_attr)940 UINT16 sdpu_get_attrib_entry_len(tSDP_ATTRIBUTE *p_attr)
941 {
942     UINT16 len = 3;
943 
944     /* the attribute is in the db record.
945      * assuming the attribute len is less than SDP_MAX_ATTR_LEN */
946     switch(p_attr->type)
947     {
948     case TEXT_STR_DESC_TYPE:    /* 4 */
949     case DATA_ELE_SEQ_DESC_TYPE:/* 6 */
950     case DATA_ELE_ALT_DESC_TYPE:/* 7 */
951     case URL_DESC_TYPE:         /* 8 */
952 #if (SDP_MAX_ATTR_LEN > 0xFFFF)
953         if(p_attr->len > 0xFFFF)
954         {
955             len += 5;
956         }
957         else
958 
959 #endif/* 0xFFFF - 0xFF */
960 #if (SDP_MAX_ATTR_LEN > 0xFF)
961         if(p_attr->len > 0xFF)
962         {
963             len += 3;
964         }
965         else
966 
967 #endif /* 0xFF and less*/
968         {
969             len += 2;
970         }
971         len += p_attr->len;
972         return len;
973 	}
974 
975     /* Now, the attribute value */
976     switch (p_attr->len)
977     {
978     case 1:
979     case 2:
980     case 4:
981     case 8:
982     case 16:
983         len += 1;
984         break;
985     default:
986         len += 2;
987         break;
988     }
989 
990     len += p_attr->len;
991     return len;
992 }
993 
994 
995 /*******************************************************************************
996 **
997 ** Function         sdpu_build_partial_attrib_entry
998 **
999 ** Description      This function fills a buffer with partial attribute. It is
1000 **                  assumed that the maximum size of any attribute is 256 bytes.
1001 **
1002 **                  p_out: output buffer
1003 **                  p_attr: attribute to be copied partially into p_out
1004 **                  rem_len: num bytes to copy into p_out
1005 **                  offset: current start offset within the attr that needs to be copied
1006 **
1007 ** Returns          Pointer to next byte in the output buffer.
1008 **                  offset is also updated
1009 **
1010 *******************************************************************************/
sdpu_build_partial_attrib_entry(UINT8 * p_out,tSDP_ATTRIBUTE * p_attr,UINT16 len,UINT16 * offset)1011 UINT8 *sdpu_build_partial_attrib_entry (UINT8 *p_out, tSDP_ATTRIBUTE *p_attr, UINT16 len, UINT16 *offset)
1012 {
1013     UINT8   *p_attr_buff;
1014     UINT8   *p_tmp_attr;
1015     size_t  len_to_copy;
1016     UINT16  attr_len;
1017 
1018     if ((p_attr_buff = (UINT8 *) GKI_getbuf(sizeof(UINT8) * SDP_MAX_ATTR_LEN )) == NULL)
1019     {
1020         SDP_TRACE_ERROR("sdpu_build_partial_attrib_entry cannot get a buffer!");
1021         return NULL;
1022     }
1023     p_tmp_attr = p_attr_buff;
1024 
1025     sdpu_build_attrib_entry(p_tmp_attr, p_attr);
1026     attr_len = sdpu_get_attrib_entry_len(p_attr);
1027 
1028     len_to_copy = ((attr_len - *offset) < len) ? (attr_len - *offset): len;
1029 
1030     memcpy(p_out, &p_attr_buff[*offset], len_to_copy);
1031 
1032     p_out = &p_out[len_to_copy];
1033     *offset += len_to_copy;
1034 
1035     GKI_freebuf(p_attr_buff);
1036     return p_out;
1037 }
1038 
1039 /*******************************************************************************
1040 **
1041 ** Function         sdpu_uuid16_to_uuid128
1042 **
1043 ** Description      This function converts UUID-16 to UUID-128 by including the base UUID
1044 **
1045 **                  uuid16: 2-byte UUID
1046 **                  p_uuid128: Expanded 128-bit UUID
1047 **
1048 ** Returns          None
1049 **
1050 *******************************************************************************/
sdpu_uuid16_to_uuid128(UINT16 uuid16,UINT8 * p_uuid128)1051 void sdpu_uuid16_to_uuid128(UINT16 uuid16, UINT8* p_uuid128)
1052 {
1053     UINT16 uuid16_bo;
1054     memset(p_uuid128, 0, 16);
1055 
1056     memcpy(p_uuid128, sdp_base_uuid, MAX_UUID_SIZE);
1057     uuid16_bo = ntohs(uuid16);
1058     memcpy(p_uuid128+ 2, &uuid16_bo, sizeof(uint16_t));
1059 }
1060