1 /******************************************************************************
2 *
3 * Copyright (C) 1999-2012 Broadcom Corporation
4 *
5 * Licensed under the Apache License, Version 2.0 (the "License");
6 * you may not use this file except in compliance with the License.
7 * You may obtain a copy of the License at:
8 *
9 * http://www.apache.org/licenses/LICENSE-2.0
10 *
11 * Unless required by applicable law or agreed to in writing, software
12 * distributed under the License is distributed on an "AS IS" BASIS,
13 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14 * See the License for the specific language governing permissions and
15 * limitations under the License.
16 *
17 ******************************************************************************/
18
19 /******************************************************************************
20 *
21 * This file contains SDP utility functions
22 *
23 ******************************************************************************/
24
25 #include <stdlib.h>
26 #include <string.h>
27 #include <netinet/in.h>
28 #include <stdio.h>
29
30 #include "gki.h"
31 #include "bt_types.h"
32
33 #include "l2cdefs.h"
34 #include "hcidefs.h"
35 #include "hcimsgs.h"
36
37 #include "sdp_api.h"
38 #include "sdpint.h"
39
40 #include "btu.h"
41
42
43 static const UINT8 sdp_base_uuid[] = {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x10, 0x00,
44 0x80, 0x00, 0x00, 0x80, 0x5F, 0x9B, 0x34, 0xFB};
45
46 /*******************************************************************************
47 **
48 ** Function sdpu_find_ccb_by_cid
49 **
50 ** Description This function searches the CCB table for an entry with the
51 ** passed CID.
52 **
53 ** Returns the CCB address, or NULL if not found.
54 **
55 *******************************************************************************/
sdpu_find_ccb_by_cid(UINT16 cid)56 tCONN_CB *sdpu_find_ccb_by_cid (UINT16 cid)
57 {
58 UINT16 xx;
59 tCONN_CB *p_ccb;
60
61 /* Look through each connection control block */
62 for (xx = 0, p_ccb = sdp_cb.ccb; xx < SDP_MAX_CONNECTIONS; xx++, p_ccb++)
63 {
64 if ((p_ccb->con_state != SDP_STATE_IDLE) && (p_ccb->connection_id == cid))
65 return (p_ccb);
66 }
67
68 /* If here, not found */
69 return (NULL);
70 }
71
72
73 /*******************************************************************************
74 **
75 ** Function sdpu_find_ccb_by_db
76 **
77 ** Description This function searches the CCB table for an entry with the
78 ** passed discovery db.
79 **
80 ** Returns the CCB address, or NULL if not found.
81 **
82 *******************************************************************************/
sdpu_find_ccb_by_db(tSDP_DISCOVERY_DB * p_db)83 tCONN_CB *sdpu_find_ccb_by_db (tSDP_DISCOVERY_DB *p_db)
84 {
85 #if SDP_CLIENT_ENABLED == TRUE
86 UINT16 xx;
87 tCONN_CB *p_ccb;
88
89 if (p_db)
90 {
91 /* Look through each connection control block */
92 for (xx = 0, p_ccb = sdp_cb.ccb; xx < SDP_MAX_CONNECTIONS; xx++, p_ccb++)
93 {
94 if ((p_ccb->con_state != SDP_STATE_IDLE) && (p_ccb->p_db == p_db))
95 return (p_ccb);
96 }
97 }
98 #endif
99 /* If here, not found */
100 return (NULL);
101 }
102
103
104 /*******************************************************************************
105 **
106 ** Function sdpu_allocate_ccb
107 **
108 ** Description This function allocates a new CCB.
109 **
110 ** Returns CCB address, or NULL if none available.
111 **
112 *******************************************************************************/
sdpu_allocate_ccb(void)113 tCONN_CB *sdpu_allocate_ccb (void)
114 {
115 UINT16 xx;
116 tCONN_CB *p_ccb;
117
118 /* Look through each connection control block for a free one */
119 for (xx = 0, p_ccb = sdp_cb.ccb; xx < SDP_MAX_CONNECTIONS; xx++, p_ccb++)
120 {
121 if (p_ccb->con_state == SDP_STATE_IDLE)
122 {
123 memset (p_ccb, 0, sizeof (tCONN_CB));
124
125 p_ccb->timer_entry.param = (UINT32) p_ccb;
126
127 return (p_ccb);
128 }
129 }
130
131 /* If here, no free CCB found */
132 return (NULL);
133 }
134
135
136 /*******************************************************************************
137 **
138 ** Function sdpu_release_ccb
139 **
140 ** Description This function releases a CCB.
141 **
142 ** Returns void
143 **
144 *******************************************************************************/
sdpu_release_ccb(tCONN_CB * p_ccb)145 void sdpu_release_ccb (tCONN_CB *p_ccb)
146 {
147 /* Ensure timer is stopped */
148 btu_stop_timer (&p_ccb->timer_entry);
149
150 /* Drop any response pointer we may be holding */
151 p_ccb->con_state = SDP_STATE_IDLE;
152 #if SDP_CLIENT_ENABLED == TRUE
153 p_ccb->is_attr_search = FALSE;
154 #endif
155
156 /* Free the response buffer */
157 if (p_ccb->rsp_list)
158 {
159 SDP_TRACE_DEBUG("releasing SDP rsp_list");
160
161 GKI_freebuf(p_ccb->rsp_list);
162 p_ccb->rsp_list = NULL;
163 }
164 }
165
166
167 /*******************************************************************************
168 **
169 ** Function sdpu_build_attrib_seq
170 **
171 ** Description This function builds an attribute sequence from the list of
172 ** passed attributes. It is also passed the address of the output
173 ** buffer.
174 **
175 ** Returns Pointer to next byte in the output buffer.
176 **
177 *******************************************************************************/
sdpu_build_attrib_seq(UINT8 * p_out,UINT16 * p_attr,UINT16 num_attrs)178 UINT8 *sdpu_build_attrib_seq (UINT8 *p_out, UINT16 *p_attr, UINT16 num_attrs)
179 {
180 UINT16 xx;
181
182 /* First thing is the data element header. See if the length fits 1 byte */
183 /* If no attributes, assume a 4-byte wildcard */
184 if (!p_attr)
185 xx = 5;
186 else
187 xx = num_attrs * 3;
188
189 if (xx > 255)
190 {
191 UINT8_TO_BE_STREAM (p_out, (DATA_ELE_SEQ_DESC_TYPE << 3) | SIZE_IN_NEXT_WORD);
192 UINT16_TO_BE_STREAM (p_out, xx);
193 }
194 else
195 {
196 UINT8_TO_BE_STREAM (p_out, (DATA_ELE_SEQ_DESC_TYPE << 3) | SIZE_IN_NEXT_BYTE);
197 UINT8_TO_BE_STREAM (p_out, xx);
198 }
199
200 /* If there are no attributes specified, assume caller wants wildcard */
201 if (!p_attr)
202 {
203 UINT8_TO_BE_STREAM (p_out, (UINT_DESC_TYPE << 3) | SIZE_FOUR_BYTES);
204 UINT16_TO_BE_STREAM (p_out, 0);
205 UINT16_TO_BE_STREAM (p_out, 0xFFFF);
206 }
207 else
208 {
209 /* Loop through and put in all the attributes(s) */
210 for (xx = 0; xx < num_attrs; xx++, p_attr++)
211 {
212 UINT8_TO_BE_STREAM (p_out, (UINT_DESC_TYPE << 3) | SIZE_TWO_BYTES);
213 UINT16_TO_BE_STREAM (p_out, *p_attr);
214 }
215 }
216
217 return (p_out);
218 }
219
220
221 /*******************************************************************************
222 **
223 ** Function sdpu_build_attrib_entry
224 **
225 ** Description This function builds an attribute entry from the passed
226 ** attribute record. It is also passed the address of the output
227 ** buffer.
228 **
229 ** Returns Pointer to next byte in the output buffer.
230 **
231 *******************************************************************************/
sdpu_build_attrib_entry(UINT8 * p_out,tSDP_ATTRIBUTE * p_attr)232 UINT8 *sdpu_build_attrib_entry (UINT8 *p_out, tSDP_ATTRIBUTE *p_attr)
233 {
234 /* First, store the attribute ID. Goes as a UINT */
235 UINT8_TO_BE_STREAM (p_out, (UINT_DESC_TYPE << 3) | SIZE_TWO_BYTES);
236 UINT16_TO_BE_STREAM (p_out, p_attr->id);
237
238 /* the attribute is in the db record.
239 * assuming the attribute len is less than SDP_MAX_ATTR_LEN */
240 switch(p_attr->type)
241 {
242 case TEXT_STR_DESC_TYPE: /* 4 */
243 case DATA_ELE_SEQ_DESC_TYPE:/* 6 */
244 case DATA_ELE_ALT_DESC_TYPE:/* 7 */
245 case URL_DESC_TYPE: /* 8 */
246 #if (SDP_MAX_ATTR_LEN > 0xFFFF)
247 if(p_attr->len > 0xFFFF)
248 {
249 UINT8_TO_BE_STREAM (p_out, (p_attr->type << 3) | SIZE_IN_NEXT_LONG);
250 UINT32_TO_BE_STREAM (p_out, p_attr->len);
251 }
252 else
253
254 #endif /* 0xFFFF - 0xFF */
255 #if (SDP_MAX_ATTR_LEN > 0xFF)
256 if(p_attr->len > 0xFF)
257 {
258 UINT8_TO_BE_STREAM (p_out, (p_attr->type << 3) | SIZE_IN_NEXT_WORD);
259 UINT16_TO_BE_STREAM (p_out, p_attr->len);
260 }
261 else
262
263 #endif /* 0xFF and less*/
264 {
265 UINT8_TO_BE_STREAM (p_out, (p_attr->type << 3) | SIZE_IN_NEXT_BYTE);
266 UINT8_TO_BE_STREAM (p_out, p_attr->len);
267 }
268
269 if (p_attr->value_ptr != NULL) {
270 ARRAY_TO_BE_STREAM (p_out, p_attr->value_ptr, (int)p_attr->len);
271 }
272
273 return (p_out);
274 }
275
276 /* Now, store the attribute value */
277 switch (p_attr->len)
278 {
279 case 1:
280 UINT8_TO_BE_STREAM (p_out, (p_attr->type << 3) | SIZE_ONE_BYTE);
281 break;
282 case 2:
283 UINT8_TO_BE_STREAM (p_out, (p_attr->type << 3) | SIZE_TWO_BYTES);
284 break;
285 case 4:
286 UINT8_TO_BE_STREAM (p_out, (p_attr->type << 3) | SIZE_FOUR_BYTES);
287 break;
288 case 8:
289 UINT8_TO_BE_STREAM (p_out, (p_attr->type << 3) | SIZE_EIGHT_BYTES);
290 break;
291 case 16:
292 UINT8_TO_BE_STREAM (p_out, (p_attr->type << 3) | SIZE_SIXTEEN_BYTES);
293 break;
294 default:
295 UINT8_TO_BE_STREAM (p_out, (p_attr->type << 3) | SIZE_IN_NEXT_BYTE);
296 UINT8_TO_BE_STREAM (p_out, p_attr->len);
297 break;
298 }
299
300 if (p_attr->value_ptr != NULL) {
301 ARRAY_TO_BE_STREAM (p_out, p_attr->value_ptr, (int)p_attr->len);
302 }
303
304 return (p_out);
305 }
306
307
308 /*******************************************************************************
309 **
310 ** Function sdpu_build_n_send_error
311 **
312 ** Description This function builds and sends an error packet.
313 **
314 ** Returns void
315 **
316 *******************************************************************************/
sdpu_build_n_send_error(tCONN_CB * p_ccb,UINT16 trans_num,UINT16 error_code,char * p_error_text)317 void sdpu_build_n_send_error (tCONN_CB *p_ccb, UINT16 trans_num, UINT16 error_code, char *p_error_text)
318 {
319 UINT8 *p_rsp, *p_rsp_start, *p_rsp_param_len;
320 UINT16 rsp_param_len;
321 BT_HDR *p_buf;
322
323
324 SDP_TRACE_WARNING ("SDP - sdpu_build_n_send_error code: 0x%x CID: 0x%x",
325 error_code, p_ccb->connection_id);
326
327 /* Get a buffer to use to build and send the packet to L2CAP */
328 if ((p_buf = (BT_HDR *)GKI_getpoolbuf (SDP_POOL_ID)) == NULL)
329 {
330 SDP_TRACE_ERROR ("SDP - no buf for err msg");
331 return;
332 }
333 p_buf->offset = L2CAP_MIN_OFFSET;
334 p_rsp = p_rsp_start = (UINT8 *)(p_buf + 1) + L2CAP_MIN_OFFSET;
335
336 UINT8_TO_BE_STREAM (p_rsp, SDP_PDU_ERROR_RESPONSE);
337 UINT16_TO_BE_STREAM (p_rsp, trans_num);
338
339 /* Skip the parameter length, we need to add it at the end */
340 p_rsp_param_len = p_rsp;
341 p_rsp += 2;
342
343 UINT16_TO_BE_STREAM (p_rsp, error_code);
344
345 /* Unplugfest example traces do not have any error text */
346 if (p_error_text)
347 ARRAY_TO_BE_STREAM (p_rsp, p_error_text, (int) strlen (p_error_text));
348
349 /* Go back and put the parameter length into the buffer */
350 rsp_param_len = p_rsp - p_rsp_param_len - 2;
351 UINT16_TO_BE_STREAM (p_rsp_param_len, rsp_param_len);
352
353 /* Set the length of the SDP data in the buffer */
354 p_buf->len = p_rsp - p_rsp_start;
355
356
357 /* Send the buffer through L2CAP */
358 L2CA_DataWrite (p_ccb->connection_id, p_buf);
359 }
360
361
362
363 /*******************************************************************************
364 **
365 ** Function sdpu_extract_uid_seq
366 **
367 ** Description This function extracts a UUID sequence from the passed input
368 ** buffer, and puts it into the passed output list.
369 **
370 ** Returns Pointer to next byte in the input buffer after the sequence.
371 **
372 *******************************************************************************/
sdpu_extract_uid_seq(UINT8 * p,UINT16 param_len,tSDP_UUID_SEQ * p_seq)373 UINT8 *sdpu_extract_uid_seq (UINT8 *p, UINT16 param_len, tSDP_UUID_SEQ *p_seq)
374 {
375 UINT8 *p_seq_end;
376 UINT8 descr, type, size;
377 UINT32 seq_len, uuid_len;
378
379 /* Assume none found */
380 p_seq->num_uids = 0;
381
382 /* A UID sequence is composed of a bunch of UIDs. */
383
384 BE_STREAM_TO_UINT8 (descr, p);
385 type = descr >> 3;
386 size = descr & 7;
387
388 if (type != DATA_ELE_SEQ_DESC_TYPE)
389 return (NULL);
390
391 switch (size)
392 {
393 case SIZE_TWO_BYTES:
394 seq_len = 2;
395 break;
396 case SIZE_FOUR_BYTES:
397 seq_len = 4;
398 break;
399 case SIZE_SIXTEEN_BYTES:
400 seq_len = 16;
401 break;
402 case SIZE_IN_NEXT_BYTE:
403 BE_STREAM_TO_UINT8 (seq_len, p);
404 break;
405 case SIZE_IN_NEXT_WORD:
406 BE_STREAM_TO_UINT16 (seq_len, p);
407 break;
408 case SIZE_IN_NEXT_LONG:
409 BE_STREAM_TO_UINT32 (seq_len, p);
410 break;
411 default:
412 return (NULL);
413 }
414
415 if (seq_len >= param_len)
416 return (NULL);
417
418 p_seq_end = p + seq_len;
419
420 /* Loop through, extracting the UIDs */
421 for ( ; p < p_seq_end ; )
422 {
423 BE_STREAM_TO_UINT8 (descr, p);
424 type = descr >> 3;
425 size = descr & 7;
426
427 if (type != UUID_DESC_TYPE)
428 return (NULL);
429
430 switch (size)
431 {
432 case SIZE_TWO_BYTES:
433 uuid_len = 2;
434 break;
435 case SIZE_FOUR_BYTES:
436 uuid_len = 4;
437 break;
438 case SIZE_SIXTEEN_BYTES:
439 uuid_len = 16;
440 break;
441 case SIZE_IN_NEXT_BYTE:
442 BE_STREAM_TO_UINT8 (uuid_len, p);
443 break;
444 case SIZE_IN_NEXT_WORD:
445 BE_STREAM_TO_UINT16 (uuid_len, p);
446 break;
447 case SIZE_IN_NEXT_LONG:
448 BE_STREAM_TO_UINT32 (uuid_len, p);
449 break;
450 default:
451 return (NULL);
452 }
453
454 /* If UUID length is valid, copy it across */
455 if ((uuid_len == 2) || (uuid_len == 4) || (uuid_len == 16))
456 {
457 p_seq->uuid_entry[p_seq->num_uids].len = (UINT16) uuid_len;
458 BE_STREAM_TO_ARRAY (p, p_seq->uuid_entry[p_seq->num_uids].value, (int)uuid_len);
459 p_seq->num_uids++;
460 }
461 else
462 return (NULL);
463
464 /* We can only do so many */
465 if (p_seq->num_uids >= MAX_UUIDS_PER_SEQ)
466 return (NULL);
467 }
468
469 if (p != p_seq_end)
470 return (NULL);
471
472 return (p);
473 }
474
475
476
477 /*******************************************************************************
478 **
479 ** Function sdpu_extract_attr_seq
480 **
481 ** Description This function extracts an attribute sequence from the passed
482 ** input buffer, and puts it into the passed output list.
483 **
484 ** Returns Pointer to next byte in the input buffer after the sequence.
485 **
486 *******************************************************************************/
sdpu_extract_attr_seq(UINT8 * p,UINT16 param_len,tSDP_ATTR_SEQ * p_seq)487 UINT8 *sdpu_extract_attr_seq (UINT8 *p, UINT16 param_len, tSDP_ATTR_SEQ *p_seq)
488 {
489 UINT8 *p_end_list;
490 UINT8 descr, type, size;
491 UINT32 list_len, attr_len;
492
493 /* Assume none found */
494 p_seq->num_attr = 0;
495
496 /* Get attribute sequence info */
497 BE_STREAM_TO_UINT8 (descr, p);
498 type = descr >> 3;
499 size = descr & 7;
500
501 if (type != DATA_ELE_SEQ_DESC_TYPE)
502 return (p);
503
504 switch (size)
505 {
506 case SIZE_IN_NEXT_BYTE:
507 BE_STREAM_TO_UINT8 (list_len, p);
508 break;
509
510 case SIZE_IN_NEXT_WORD:
511 BE_STREAM_TO_UINT16 (list_len, p);
512 break;
513
514 case SIZE_IN_NEXT_LONG:
515 BE_STREAM_TO_UINT32 (list_len, p);
516 break;
517
518 default:
519 return (p);
520 }
521
522 if (list_len > param_len)
523 return (p);
524
525 p_end_list = p + list_len;
526
527 /* Loop through, extracting the attribute IDs */
528 for ( ; p < p_end_list ; )
529 {
530 BE_STREAM_TO_UINT8 (descr, p);
531 type = descr >> 3;
532 size = descr & 7;
533
534 if (type != UINT_DESC_TYPE)
535 return (p);
536
537 switch (size)
538 {
539 case SIZE_TWO_BYTES:
540 attr_len = 2;
541 break;
542 case SIZE_FOUR_BYTES:
543 attr_len = 4;
544 break;
545 case SIZE_IN_NEXT_BYTE:
546 BE_STREAM_TO_UINT8 (attr_len, p);
547 break;
548 case SIZE_IN_NEXT_WORD:
549 BE_STREAM_TO_UINT16 (attr_len, p);
550 break;
551 case SIZE_IN_NEXT_LONG:
552 BE_STREAM_TO_UINT32 (attr_len, p);
553 break;
554 default:
555 return (NULL);
556 break;
557 }
558
559 /* Attribute length must be 2-bytes or 4-bytes for a paired entry. */
560 if (attr_len == 2)
561 {
562 BE_STREAM_TO_UINT16 (p_seq->attr_entry[p_seq->num_attr].start, p);
563 p_seq->attr_entry[p_seq->num_attr].end = p_seq->attr_entry[p_seq->num_attr].start;
564 }
565 else if (attr_len == 4)
566 {
567 BE_STREAM_TO_UINT16 (p_seq->attr_entry[p_seq->num_attr].start, p);
568 BE_STREAM_TO_UINT16 (p_seq->attr_entry[p_seq->num_attr].end, p);
569 }
570 else
571 return (NULL);
572
573 /* We can only do so many */
574 if (++p_seq->num_attr >= MAX_ATTR_PER_SEQ)
575 return (NULL);
576 }
577
578 return (p);
579 }
580
581
582 /*******************************************************************************
583 **
584 ** Function sdpu_get_len_from_type
585 **
586 ** Description This function gets the length
587 **
588 ** Returns void
589 **
590 *******************************************************************************/
sdpu_get_len_from_type(UINT8 * p,UINT8 type,UINT32 * p_len)591 UINT8 *sdpu_get_len_from_type (UINT8 *p, UINT8 type, UINT32 *p_len)
592 {
593 UINT8 u8;
594 UINT16 u16;
595 UINT32 u32;
596
597 switch (type & 7)
598 {
599 case SIZE_ONE_BYTE:
600 *p_len = 1;
601 break;
602 case SIZE_TWO_BYTES:
603 *p_len = 2;
604 break;
605 case SIZE_FOUR_BYTES:
606 *p_len = 4;
607 break;
608 case SIZE_EIGHT_BYTES:
609 *p_len = 8;
610 break;
611 case SIZE_SIXTEEN_BYTES:
612 *p_len = 16;
613 break;
614 case SIZE_IN_NEXT_BYTE:
615 BE_STREAM_TO_UINT8 (u8, p);
616 *p_len = u8;
617 break;
618 case SIZE_IN_NEXT_WORD:
619 BE_STREAM_TO_UINT16 (u16, p);
620 *p_len = u16;
621 break;
622 case SIZE_IN_NEXT_LONG:
623 BE_STREAM_TO_UINT32 (u32, p);
624 *p_len = (UINT16) u32;
625 break;
626 }
627
628 return (p);
629 }
630
631
632 /*******************************************************************************
633 **
634 ** Function sdpu_is_base_uuid
635 **
636 ** Description This function checks a 128-bit UUID with the base to see if
637 ** it matches. Only the last 12 bytes are compared.
638 **
639 ** Returns TRUE if matched, else FALSE
640 **
641 *******************************************************************************/
sdpu_is_base_uuid(UINT8 * p_uuid)642 BOOLEAN sdpu_is_base_uuid (UINT8 *p_uuid)
643 {
644 UINT16 xx;
645
646 for (xx = 4; xx < MAX_UUID_SIZE; xx++)
647 if (p_uuid[xx] != sdp_base_uuid[xx])
648 return (FALSE);
649
650 /* If here, matched */
651 return (TRUE);
652 }
653
654
655 /*******************************************************************************
656 **
657 ** Function sdpu_compare_uuid_arrays
658 **
659 ** Description This function compares 2 BE UUIDs. If needed, they are expanded
660 ** to 128-bit UUIDs, then compared.
661 **
662 ** NOTE it is assumed that the arrays are in Big Endian format
663 **
664 ** Returns TRUE if matched, else FALSE
665 **
666 *******************************************************************************/
sdpu_compare_uuid_arrays(UINT8 * p_uuid1,UINT32 len1,UINT8 * p_uuid2,UINT16 len2)667 BOOLEAN sdpu_compare_uuid_arrays (UINT8 *p_uuid1, UINT32 len1, UINT8 *p_uuid2, UINT16 len2)
668 {
669 UINT8 nu1[MAX_UUID_SIZE];
670 UINT8 nu2[MAX_UUID_SIZE];
671
672 if( ((len1 != 2) && (len1 != 4) && (len1 != 16)) ||
673 ((len2 != 2) && (len2 != 4) && (len2 != 16)) )
674 {
675 SDP_TRACE_ERROR("%s: invalid length", __func__);
676 return FALSE;
677 }
678
679 /* If lengths match, do a straight compare */
680 if (len1 == len2)
681 {
682 if (len1 == 2)
683 return ((p_uuid1[0] == p_uuid2[0]) && (p_uuid1[1] == p_uuid2[1]));
684 if (len1 == 4)
685 return ( (p_uuid1[0] == p_uuid2[0]) && (p_uuid1[1] == p_uuid2[1])
686 && (p_uuid1[2] == p_uuid2[2]) && (p_uuid1[3] == p_uuid2[3]) );
687 else
688 return (memcmp (p_uuid1, p_uuid2, (size_t)len1) == 0);
689 }
690 else if (len1 > len2)
691 {
692 /* If the len1 was 4-byte, (so len2 is 2-byte), compare on the fly */
693 if (len1 == 4)
694 {
695 return ( (p_uuid1[0] == 0) && (p_uuid1[1] == 0)
696 && (p_uuid1[2] == p_uuid2[0]) && (p_uuid1[3] == p_uuid2[1]) );
697 }
698 else
699 {
700 /* Normalize UUIDs to 16-byte form, then compare. Len1 must be 16 */
701 memcpy (nu1, p_uuid1, MAX_UUID_SIZE);
702 memcpy (nu2, sdp_base_uuid, MAX_UUID_SIZE);
703
704 if (len2 == 4)
705 memcpy (nu2, p_uuid2, len2);
706 else if (len2 == 2)
707 memcpy (nu2 + 2, p_uuid2, len2);
708
709 return (memcmp (nu1, nu2, MAX_UUID_SIZE) == 0);
710 }
711 }
712 else
713 {
714 /* len2 is greater than len1 */
715 /* If the len2 was 4-byte, (so len1 is 2-byte), compare on the fly */
716 if (len2 == 4)
717 {
718 return ( (p_uuid2[0] == 0) && (p_uuid2[1] == 0)
719 && (p_uuid2[2] == p_uuid1[0]) && (p_uuid2[3] == p_uuid1[1]) );
720 }
721 else
722 {
723 /* Normalize UUIDs to 16-byte form, then compare. Len1 must be 16 */
724 memcpy (nu2, p_uuid2, MAX_UUID_SIZE);
725 memcpy (nu1, sdp_base_uuid, MAX_UUID_SIZE);
726
727 if (len1 == 4)
728 memcpy (nu1, p_uuid1, (size_t)len1);
729 else if (len1 == 2)
730 memcpy (nu1 + 2, p_uuid1, (size_t)len1);
731
732 return (memcmp (nu1, nu2, MAX_UUID_SIZE) == 0);
733 }
734 }
735 }
736
737
738 /*******************************************************************************
739 **
740 ** Function sdpu_compare_bt_uuids
741 **
742 ** Description This function compares 2 BT UUID structures.
743 **
744 ** NOTE it is assumed that BT UUID structures are compressed to the
745 ** smallest possible UUIDs (by removing the base SDP UUID)
746 **
747 ** Returns TRUE if matched, else FALSE
748 **
749 *******************************************************************************/
sdpu_compare_bt_uuids(tBT_UUID * p_uuid1,tBT_UUID * p_uuid2)750 BOOLEAN sdpu_compare_bt_uuids (tBT_UUID *p_uuid1, tBT_UUID *p_uuid2)
751 {
752 /* Lengths must match for BT UUIDs to match */
753 if (p_uuid1->len == p_uuid2->len)
754 {
755 if (p_uuid1->len == 2)
756 return (p_uuid1->uu.uuid16 == p_uuid2->uu.uuid16);
757 else if (p_uuid1->len == 4)
758 return (p_uuid1->uu.uuid32 == p_uuid2->uu.uuid32);
759 else if (!memcmp (p_uuid1->uu.uuid128, p_uuid2->uu.uuid128, 16))
760 return (TRUE);
761 }
762
763 return (FALSE);
764 }
765
766
767 /*******************************************************************************
768 **
769 ** Function sdpu_compare_uuid_with_attr
770 **
771 ** Description This function compares a BT UUID structure with the UUID in an
772 ** SDP attribute record. If needed, they are expanded to 128-bit
773 ** UUIDs, then compared.
774 **
775 ** NOTE - it is assumed that BT UUID structures are compressed to the
776 ** smallest possible UUIDs (by removing the base SDP UUID).
777 ** - it is also assumed that the discovery atribute is compressed
778 ** to the smallest possible
779 **
780 ** Returns TRUE if matched, else FALSE
781 **
782 *******************************************************************************/
sdpu_compare_uuid_with_attr(tBT_UUID * p_btuuid,tSDP_DISC_ATTR * p_attr)783 BOOLEAN sdpu_compare_uuid_with_attr (tBT_UUID *p_btuuid, tSDP_DISC_ATTR *p_attr)
784 {
785 UINT16 attr_len = SDP_DISC_ATTR_LEN (p_attr->attr_len_type);
786
787 /* Since both UUIDs are compressed, lengths must match */
788 if (p_btuuid->len != attr_len)
789 return (FALSE);
790
791 if (p_btuuid->len == 2)
792 return (BOOLEAN)(p_btuuid->uu.uuid16 == p_attr->attr_value.v.u16);
793 else if (p_btuuid->len == 4)
794 return (BOOLEAN)(p_btuuid->uu.uuid32 == p_attr->attr_value.v.u32);
795 /* coverity[overrun-buffer-arg] */
796 /*
797 Event overrun-buffer-arg: Overrun of static array "&p_attr->attr_value.v.array" of size 4 bytes by passing it to a function which indexes it with argument "16U" at byte position 15
798 FALSE-POSITIVE error from Coverity test tool. Please do NOT remove following comment.
799 False-positive: SDP uses scratch buffer to hold the attribute value.
800 The actual size of tSDP_DISC_ATVAL does not matter.
801 If the array size in tSDP_DISC_ATVAL is increase, we would increase the system RAM usage unnecessarily
802 */
803 else if (!memcmp (p_btuuid->uu.uuid128,(void*) p_attr->attr_value.v.array, MAX_UUID_SIZE))
804 return (TRUE);
805
806 return (FALSE);
807 }
808
809 /*******************************************************************************
810 **
811 ** Function sdpu_sort_attr_list
812 **
813 ** Description sorts a list of attributes in numeric order from lowest to
814 ** highest to conform to SDP specification
815 **
816 ** Returns void
817 **
818 *******************************************************************************/
sdpu_sort_attr_list(UINT16 num_attr,tSDP_DISCOVERY_DB * p_db)819 void sdpu_sort_attr_list( UINT16 num_attr, tSDP_DISCOVERY_DB *p_db )
820 {
821 UINT16 i;
822 UINT16 x;
823
824 /* Done if no attributes to sort */
825 if (num_attr <= 1)
826 {
827 return;
828 }
829 else if (num_attr > SDP_MAX_ATTR_FILTERS)
830 {
831 num_attr = SDP_MAX_ATTR_FILTERS;
832 }
833
834 num_attr--; /* for the for-loop */
835 for( i = 0; i < num_attr; )
836 {
837 if( p_db->attr_filters[i] > p_db->attr_filters[i+1] )
838 {
839 /* swap the attribute IDs and start from the beginning */
840 x = p_db->attr_filters[i];
841 p_db->attr_filters[i] = p_db->attr_filters[i+1];
842 p_db->attr_filters[i+1] = x;
843
844 i = 0;
845 }
846 else
847 i++;
848 }
849 }
850
851
852 /*******************************************************************************
853 **
854 ** Function sdpu_get_list_len
855 **
856 ** Description gets the total list length in the sdp database for a given
857 ** uid sequence and attr sequence
858 **
859 ** Returns void
860 **
861 *******************************************************************************/
sdpu_get_list_len(tSDP_UUID_SEQ * uid_seq,tSDP_ATTR_SEQ * attr_seq)862 UINT16 sdpu_get_list_len(tSDP_UUID_SEQ *uid_seq, tSDP_ATTR_SEQ *attr_seq)
863 {
864 tSDP_RECORD *p_rec;
865 UINT16 len = 0;
866 UINT16 len1;
867
868 for (p_rec = sdp_db_service_search (NULL, uid_seq); p_rec; p_rec = sdp_db_service_search (p_rec, uid_seq))
869 {
870 len += 3;
871
872 len1 = sdpu_get_attrib_seq_len(p_rec, attr_seq );
873
874 if (len1 != 0)
875 len += len1;
876 else
877 len -= 3;
878 }
879 return len;
880 }
881
882 /*******************************************************************************
883 **
884 ** Function sdpu_get_attrib_seq_len
885 **
886 ** Description gets the length of the specific attributes in a given
887 ** sdp record
888 **
889 ** Returns void
890 **
891 *******************************************************************************/
sdpu_get_attrib_seq_len(tSDP_RECORD * p_rec,tSDP_ATTR_SEQ * attr_seq)892 UINT16 sdpu_get_attrib_seq_len(tSDP_RECORD *p_rec, tSDP_ATTR_SEQ *attr_seq)
893 {
894 tSDP_ATTRIBUTE *p_attr;
895 UINT16 len1 = 0;
896 UINT16 xx;
897 BOOLEAN is_range = FALSE;
898 UINT16 start_id=0, end_id=0;
899
900 for (xx = 0; xx < attr_seq->num_attr; xx++)
901 {
902 if (is_range == FALSE)
903 {
904 start_id = attr_seq->attr_entry[xx].start;
905 end_id = attr_seq->attr_entry[xx].end;
906 }
907 p_attr = sdp_db_find_attr_in_rec (p_rec,
908 start_id,
909 end_id);
910 if (p_attr)
911 {
912 len1 += sdpu_get_attrib_entry_len (p_attr);
913
914 /* If doing a range, stick with this one till no more attributes found */
915 if (start_id != end_id)
916 {
917 /* Update for next time through */
918 start_id = p_attr->id + 1;
919 xx--;
920 is_range = TRUE;
921 }
922 else
923 is_range = FALSE;
924 }
925 else
926 is_range = FALSE;
927 }
928 return len1;
929 }
930
931 /*******************************************************************************
932 **
933 ** Function sdpu_get_attrib_entry_len
934 **
935 ** Description gets the length of a specific attribute
936 **
937 ** Returns void
938 **
939 *******************************************************************************/
sdpu_get_attrib_entry_len(tSDP_ATTRIBUTE * p_attr)940 UINT16 sdpu_get_attrib_entry_len(tSDP_ATTRIBUTE *p_attr)
941 {
942 UINT16 len = 3;
943
944 /* the attribute is in the db record.
945 * assuming the attribute len is less than SDP_MAX_ATTR_LEN */
946 switch(p_attr->type)
947 {
948 case TEXT_STR_DESC_TYPE: /* 4 */
949 case DATA_ELE_SEQ_DESC_TYPE:/* 6 */
950 case DATA_ELE_ALT_DESC_TYPE:/* 7 */
951 case URL_DESC_TYPE: /* 8 */
952 #if (SDP_MAX_ATTR_LEN > 0xFFFF)
953 if(p_attr->len > 0xFFFF)
954 {
955 len += 5;
956 }
957 else
958
959 #endif/* 0xFFFF - 0xFF */
960 #if (SDP_MAX_ATTR_LEN > 0xFF)
961 if(p_attr->len > 0xFF)
962 {
963 len += 3;
964 }
965 else
966
967 #endif /* 0xFF and less*/
968 {
969 len += 2;
970 }
971 len += p_attr->len;
972 return len;
973 }
974
975 /* Now, the attribute value */
976 switch (p_attr->len)
977 {
978 case 1:
979 case 2:
980 case 4:
981 case 8:
982 case 16:
983 len += 1;
984 break;
985 default:
986 len += 2;
987 break;
988 }
989
990 len += p_attr->len;
991 return len;
992 }
993
994
995 /*******************************************************************************
996 **
997 ** Function sdpu_build_partial_attrib_entry
998 **
999 ** Description This function fills a buffer with partial attribute. It is
1000 ** assumed that the maximum size of any attribute is 256 bytes.
1001 **
1002 ** p_out: output buffer
1003 ** p_attr: attribute to be copied partially into p_out
1004 ** rem_len: num bytes to copy into p_out
1005 ** offset: current start offset within the attr that needs to be copied
1006 **
1007 ** Returns Pointer to next byte in the output buffer.
1008 ** offset is also updated
1009 **
1010 *******************************************************************************/
sdpu_build_partial_attrib_entry(UINT8 * p_out,tSDP_ATTRIBUTE * p_attr,UINT16 len,UINT16 * offset)1011 UINT8 *sdpu_build_partial_attrib_entry (UINT8 *p_out, tSDP_ATTRIBUTE *p_attr, UINT16 len, UINT16 *offset)
1012 {
1013 UINT8 *p_attr_buff;
1014 UINT8 *p_tmp_attr;
1015 size_t len_to_copy;
1016 UINT16 attr_len;
1017
1018 if ((p_attr_buff = (UINT8 *) GKI_getbuf(sizeof(UINT8) * SDP_MAX_ATTR_LEN )) == NULL)
1019 {
1020 SDP_TRACE_ERROR("sdpu_build_partial_attrib_entry cannot get a buffer!");
1021 return NULL;
1022 }
1023 p_tmp_attr = p_attr_buff;
1024
1025 sdpu_build_attrib_entry(p_tmp_attr, p_attr);
1026 attr_len = sdpu_get_attrib_entry_len(p_attr);
1027
1028 len_to_copy = ((attr_len - *offset) < len) ? (attr_len - *offset): len;
1029
1030 memcpy(p_out, &p_attr_buff[*offset], len_to_copy);
1031
1032 p_out = &p_out[len_to_copy];
1033 *offset += len_to_copy;
1034
1035 GKI_freebuf(p_attr_buff);
1036 return p_out;
1037 }
1038
1039 /*******************************************************************************
1040 **
1041 ** Function sdpu_uuid16_to_uuid128
1042 **
1043 ** Description This function converts UUID-16 to UUID-128 by including the base UUID
1044 **
1045 ** uuid16: 2-byte UUID
1046 ** p_uuid128: Expanded 128-bit UUID
1047 **
1048 ** Returns None
1049 **
1050 *******************************************************************************/
sdpu_uuid16_to_uuid128(UINT16 uuid16,UINT8 * p_uuid128)1051 void sdpu_uuid16_to_uuid128(UINT16 uuid16, UINT8* p_uuid128)
1052 {
1053 UINT16 uuid16_bo;
1054 memset(p_uuid128, 0, 16);
1055
1056 memcpy(p_uuid128, sdp_base_uuid, MAX_UUID_SIZE);
1057 uuid16_bo = ntohs(uuid16);
1058 memcpy(p_uuid128+ 2, &uuid16_bo, sizeof(uint16_t));
1059 }
1060