1 /******************************************************************************
3 * Copyright (C) 1999-2012 Broadcom Corporation
5 * Licensed under the Apache License, Version 2.0 (the "License");
6 * you may not use this file except in compliance with the License.
7 * You may obtain a copy of the License at:
9 * http://www.apache.org/licenses/LICENSE-2.0
11 * Unless required by applicable law or agreed to in writing, software
12 * distributed under the License is distributed on an "AS IS" BASIS,
13 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14 * See the License for the specific language governing permissions and
15 * limitations under the License.
17 ******************************************************************************/
19 /******************************************************************************
21 * this file contains SDP discovery functions
23 ******************************************************************************/
29 #include "bt_target.h"
30 #include "bt_common.h"
41 #define SDP_DEBUG_RAW FALSE
44 /********************************************************************************/
45 /* L O C A L F U N C T I O N P R O T O T Y P E S */
46 /********************************************************************************/
47 #if SDP_CLIENT_ENABLED == TRUE
48 static void process_service_search_rsp (tCONN_CB *p_ccb, UINT8 *p_reply);
49 static void process_service_attr_rsp (tCONN_CB *p_ccb, UINT8 *p_reply);
50 static void process_service_search_attr_rsp (tCONN_CB *p_ccb, UINT8 *p_reply);
51 static UINT8 *save_attr_seq (tCONN_CB *p_ccb, UINT8 *p, UINT8 *p_msg_end);
52 static tSDP_DISC_REC *add_record (tSDP_DISCOVERY_DB *p_db, BD_ADDR p_bda);
53 static UINT8 *add_attr (UINT8 *p, tSDP_DISCOVERY_DB *p_db, tSDP_DISC_REC *p_rec,
54 UINT16 attr_id, tSDP_DISC_ATTR *p_parent_attr, UINT8 nest_level);
56 /* Safety check in case we go crazy */
57 #define MAX_NEST_LEVELS 5
60 /*******************************************************************************
62 ** Function sdpu_build_uuid_seq
64 ** Description This function builds a UUID sequence from the list of
65 ** passed UUIDs. It is also passed the address of the output
68 ** Returns Pointer to next byte in the output buffer.
70 *******************************************************************************/
71 static UINT8 *sdpu_build_uuid_seq (UINT8 *p_out, UINT16 num_uuids, tSDP_UUID *p_uuid_list)
76 /* First thing is the data element header */
77 UINT8_TO_BE_STREAM (p_out, (DATA_ELE_SEQ_DESC_TYPE << 3) | SIZE_IN_NEXT_BYTE);
79 /* Remember where the length goes. Leave space for it. */
83 /* Now, loop through and put in all the UUID(s) */
84 for (xx = 0; xx < num_uuids; xx++, p_uuid_list++)
86 if (p_uuid_list->len == 2)
88 UINT8_TO_BE_STREAM (p_out, (UUID_DESC_TYPE << 3) | SIZE_TWO_BYTES);
89 UINT16_TO_BE_STREAM (p_out, p_uuid_list->uu.uuid16);
91 else if (p_uuid_list->len == 4)
93 UINT8_TO_BE_STREAM (p_out, (UUID_DESC_TYPE << 3) | SIZE_FOUR_BYTES);
94 UINT32_TO_BE_STREAM (p_out, p_uuid_list->uu.uuid32);
98 UINT8_TO_BE_STREAM (p_out, (UUID_DESC_TYPE << 3) | SIZE_SIXTEEN_BYTES);
99 ARRAY_TO_BE_STREAM (p_out, p_uuid_list->uu.uuid128, p_uuid_list->len);
103 /* Now, put in the length */
104 xx = (UINT16)(p_out - p_len - 1);
105 UINT8_TO_BE_STREAM (p_len, xx);
110 /*******************************************************************************
112 ** Function sdp_snd_service_search_req
114 ** Description Send a service search request to the SDP server.
118 *******************************************************************************/
119 static void sdp_snd_service_search_req(tCONN_CB *p_ccb, UINT8 cont_len, UINT8 * p_cont)
121 UINT8 *p, *p_start, *p_param_len;
122 BT_HDR *p_cmd = (BT_HDR *) osi_getbuf(SDP_DATA_BUF_SIZE);
125 /* Check the buffer for sending the packet to L2CAP */
128 sdp_disconnect (p_ccb, SDP_NO_RESOURCES);
132 p_cmd->offset = L2CAP_MIN_OFFSET;
133 p = p_start = (UINT8 *)(p_cmd + 1) + L2CAP_MIN_OFFSET;
135 /* Build a service search request packet */
136 UINT8_TO_BE_STREAM (p, SDP_PDU_SERVICE_SEARCH_REQ);
137 UINT16_TO_BE_STREAM (p, p_ccb->transaction_id);
138 p_ccb->transaction_id++;
140 /* Skip the length, we need to add it at the end */
144 /* Build the UID sequence. */
145 #if (defined(SDP_BROWSE_PLUS) && SDP_BROWSE_PLUS == TRUE)
146 p = sdpu_build_uuid_seq (p, 1, &p_ccb->p_db->uuid_filters[p_ccb->cur_uuid_idx]);
148 p = sdpu_build_uuid_seq (p, p_ccb->p_db->num_uuid_filters, p_ccb->p_db->uuid_filters);
151 /* Set max service record count */
152 UINT16_TO_BE_STREAM (p, sdp_cb.max_recs_per_search);
154 /* Set continuation state */
155 UINT8_TO_BE_STREAM (p, cont_len);
157 /* if this is not the first request */
158 if(cont_len && p_cont)
160 memcpy(p, p_cont, cont_len);
164 /* Go back and put the parameter length into the buffer */
165 param_len = (UINT16)(p - p_param_len - 2);
166 UINT16_TO_BE_STREAM (p_param_len, param_len);
168 p_ccb->disc_state = SDP_DISC_WAIT_HANDLES;
170 /* Set the length of the SDP data in the buffer */
171 p_cmd->len = (UINT16)(p - p_start);
173 #if (SDP_DEBUG_RAW == TRUE)
174 SDP_TRACE_WARNING("sdp_snd_service_search_req cont_len :%d disc_state:%d",cont_len, p_ccb->disc_state);
178 L2CA_DataWrite (p_ccb->connection_id, p_cmd);
180 /* Start inactivity timer */
181 btu_start_timer (&p_ccb->timer_entry, BTU_TTYPE_SDP, SDP_INACT_TIMEOUT);
185 /*******************************************************************************
187 ** Function sdp_disc_connected
189 ** Description This function is called when an SDP discovery attempt is
194 *******************************************************************************/
195 void sdp_disc_connected (tCONN_CB *p_ccb)
197 if (p_ccb->is_attr_search)
199 p_ccb->disc_state = SDP_DISC_WAIT_SEARCH_ATTR;
201 process_service_search_attr_rsp (p_ccb, NULL);
205 /* First step is to get a list of the handles from the server. */
206 /* We are not searching for a specific attribute, so we will */
207 /* first search for the service, then get all attributes of it */
209 p_ccb->num_handles = 0;
210 sdp_snd_service_search_req(p_ccb, 0, NULL);
215 /*******************************************************************************
217 ** Function sdp_disc_server_rsp
219 ** Description This function is called when there is a response from
224 *******************************************************************************/
225 void sdp_disc_server_rsp (tCONN_CB *p_ccb, BT_HDR *p_msg)
228 BOOLEAN invalid_pdu = TRUE;
230 #if (SDP_DEBUG_RAW == TRUE)
231 SDP_TRACE_WARNING("sdp_disc_server_rsp disc_state:%d", p_ccb->disc_state);
234 /* stop inactivity timer when we receive a response */
235 btu_stop_timer (&p_ccb->timer_entry);
237 /* Got a reply!! Check what we got back */
238 p = (UINT8 *)(p_msg + 1) + p_msg->offset;
240 BE_STREAM_TO_UINT8 (rsp_pdu, p);
246 case SDP_PDU_SERVICE_SEARCH_RSP:
247 if (p_ccb->disc_state == SDP_DISC_WAIT_HANDLES)
249 process_service_search_rsp (p_ccb, p);
254 case SDP_PDU_SERVICE_ATTR_RSP:
255 if (p_ccb->disc_state == SDP_DISC_WAIT_ATTR)
257 process_service_attr_rsp (p_ccb, p);
262 case SDP_PDU_SERVICE_SEARCH_ATTR_RSP:
263 if (p_ccb->disc_state == SDP_DISC_WAIT_SEARCH_ATTR)
265 process_service_search_attr_rsp (p_ccb, p);
273 SDP_TRACE_WARNING ("SDP - Unexp. PDU: %d in state: %d", rsp_pdu, p_ccb->disc_state);
274 sdp_disconnect (p_ccb, SDP_GENERIC_ERROR);
278 /******************************************************************************
280 ** Function process_service_search_rsp
282 ** Description This function is called when there is a search response from
287 *******************************************************************************/
288 static void process_service_search_rsp (tCONN_CB *p_ccb, UINT8 *p_reply)
291 UINT16 total, cur_handles, orig;
294 /* Skip transaction, and param len */
296 BE_STREAM_TO_UINT16 (total, p_reply);
297 BE_STREAM_TO_UINT16 (cur_handles, p_reply);
299 orig = p_ccb->num_handles;
300 p_ccb->num_handles += cur_handles;
301 if (p_ccb->num_handles == 0)
303 SDP_TRACE_WARNING ("SDP - Rcvd ServiceSearchRsp, no matches");
304 sdp_disconnect (p_ccb, SDP_NO_RECS_MATCH);
308 /* Save the handles that match. We will can only process a certain number. */
309 if (total > sdp_cb.max_recs_per_search)
310 total = sdp_cb.max_recs_per_search;
311 if (p_ccb->num_handles > sdp_cb.max_recs_per_search)
312 p_ccb->num_handles = sdp_cb.max_recs_per_search;
314 for (xx = orig; xx < p_ccb->num_handles; xx++)
315 BE_STREAM_TO_UINT32 (p_ccb->handles[xx], p_reply);
317 BE_STREAM_TO_UINT8 (cont_len, p_reply);
320 if(cont_len > SDP_MAX_CONTINUATION_LEN)
322 sdp_disconnect (p_ccb, SDP_INVALID_CONT_STATE);
325 /* stay in the same state */
326 sdp_snd_service_search_req(p_ccb, cont_len, p_reply);
331 p_ccb->disc_state = SDP_DISC_WAIT_ATTR;
333 /* Kick off the first attribute request */
334 process_service_attr_rsp (p_ccb, NULL);
338 /*******************************************************************************
340 ** Function sdp_copy_raw_data
342 ** Description copy the raw data
347 *******************************************************************************/
348 #if (SDP_RAW_DATA_INCLUDED == TRUE)
349 static void sdp_copy_raw_data (tCONN_CB *p_ccb, BOOLEAN offset)
351 unsigned int cpy_len;
356 #if (SDP_DEBUG_RAW == TRUE)
357 UINT8 num_array[SDP_MAX_LIST_BYTE_COUNT];
360 for (i = 0; i < p_ccb->list_len; i++)
362 sprintf((char *)&num_array[i*2],"%02X",(UINT8)(p_ccb->rsp_list[i]));
364 SDP_TRACE_WARNING("result :%s",num_array);
367 if(p_ccb->p_db->raw_data)
369 cpy_len = p_ccb->p_db->raw_size - p_ccb->p_db->raw_used;
370 list_len = p_ccb->list_len;
371 p = &p_ccb->rsp_list[0];
376 p = sdpu_get_len_from_type (p, type, &list_len);
378 if(list_len && list_len < cpy_len )
382 #if (SDP_DEBUG_RAW == TRUE)
383 SDP_TRACE_WARNING("list_len :%d cpy_len:%d raw_size:%d raw_used:%d",
384 list_len, cpy_len, p_ccb->p_db->raw_size, p_ccb->p_db->raw_used);
386 memcpy (&p_ccb->p_db->raw_data[p_ccb->p_db->raw_used], p, cpy_len);
387 p_ccb->p_db->raw_used += cpy_len;
392 /*******************************************************************************
394 ** Function process_service_attr_rsp
396 ** Description This function is called when there is a attribute response from
401 *******************************************************************************/
402 static void process_service_attr_rsp (tCONN_CB *p_ccb, UINT8 *p_reply)
404 UINT8 *p_start, *p_param_len;
405 UINT16 param_len, list_byte_count;
406 BOOLEAN cont_request_needed = FALSE;
408 #if (SDP_DEBUG_RAW == TRUE)
409 SDP_TRACE_WARNING("process_service_attr_rsp raw inc:%d",
410 SDP_RAW_DATA_INCLUDED);
412 /* If p_reply is NULL, we were called after the records handles were read */
415 #if (SDP_DEBUG_RAW == TRUE)
416 SDP_TRACE_WARNING("ID & len: 0x%02x-%02x-%02x-%02x",
417 p_reply[0], p_reply[1], p_reply[2], p_reply[3]);
419 /* Skip transaction ID and length */
422 BE_STREAM_TO_UINT16 (list_byte_count, p_reply);
423 #if (SDP_DEBUG_RAW == TRUE)
424 SDP_TRACE_WARNING("list_byte_count:%d", list_byte_count);
427 /* Copy the response to the scratchpad. First, a safety check on the length */
428 if ((p_ccb->list_len + list_byte_count) > SDP_MAX_LIST_BYTE_COUNT)
430 sdp_disconnect (p_ccb, SDP_INVALID_PDU_SIZE);
434 #if (SDP_DEBUG_RAW == TRUE)
435 SDP_TRACE_WARNING("list_len: %d, list_byte_count: %d",
436 p_ccb->list_len, list_byte_count);
438 if (p_ccb->rsp_list == NULL)
440 p_ccb->rsp_list = (UINT8 *)osi_getbuf (SDP_MAX_LIST_BYTE_COUNT);
441 if (p_ccb->rsp_list == NULL)
443 SDP_TRACE_ERROR ("SDP - no buf to save rsp");
444 sdp_disconnect (p_ccb, SDP_NO_RESOURCES);
448 memcpy (&p_ccb->rsp_list[p_ccb->list_len], p_reply, list_byte_count);
449 p_ccb->list_len += list_byte_count;
450 p_reply += list_byte_count;
451 #if (SDP_DEBUG_RAW == TRUE)
452 SDP_TRACE_WARNING("list_len: %d(attr_rsp)", p_ccb->list_len);
454 /* Check if we need to request a continuation */
455 SDP_TRACE_WARNING("*p_reply:%d(%d)", *p_reply, SDP_MAX_CONTINUATION_LEN);
459 if (*p_reply > SDP_MAX_CONTINUATION_LEN)
461 sdp_disconnect (p_ccb, SDP_INVALID_CONT_STATE);
464 cont_request_needed = TRUE;
469 #if (SDP_RAW_DATA_INCLUDED == TRUE)
470 SDP_TRACE_WARNING("process_service_attr_rsp");
471 sdp_copy_raw_data (p_ccb, FALSE);
474 /* Save the response in the database. Stop on any error */
475 if (!save_attr_seq (p_ccb, &p_ccb->rsp_list[0], &p_ccb->rsp_list[p_ccb->list_len]))
477 sdp_disconnect (p_ccb, SDP_DB_FULL);
485 /* Now, ask for the next handle. Re-use the buffer we just got. */
486 if (p_ccb->cur_handle < p_ccb->num_handles)
488 BT_HDR *p_msg = (BT_HDR *) osi_getbuf(SDP_DATA_BUF_SIZE);
493 sdp_disconnect (p_ccb, SDP_NO_RESOURCES);
497 p_msg->offset = L2CAP_MIN_OFFSET;
498 p = p_start = (UINT8 *)(p_msg + 1) + L2CAP_MIN_OFFSET;
500 /* Get all the attributes from the server */
501 UINT8_TO_BE_STREAM (p, SDP_PDU_SERVICE_ATTR_REQ);
502 UINT16_TO_BE_STREAM (p, p_ccb->transaction_id);
503 p_ccb->transaction_id++;
505 /* Skip the length, we need to add it at the end */
509 UINT32_TO_BE_STREAM (p, p_ccb->handles[p_ccb->cur_handle]);
511 /* Max attribute byte count */
512 UINT16_TO_BE_STREAM (p, sdp_cb.max_attr_list_size);
514 /* If no attribute filters, build a wildcard attribute sequence */
515 if (p_ccb->p_db->num_attr_filters)
516 p = sdpu_build_attrib_seq (p, p_ccb->p_db->attr_filters, p_ccb->p_db->num_attr_filters);
518 p = sdpu_build_attrib_seq (p, NULL, 0);
520 /* Was this a continuation request ? */
521 if (cont_request_needed)
523 memcpy (p, p_reply, *p_reply + 1);
527 UINT8_TO_BE_STREAM (p, 0);
529 /* Go back and put the parameter length into the buffer */
530 param_len = (UINT16)(p - p_param_len - 2);
531 UINT16_TO_BE_STREAM (p_param_len, param_len);
533 /* Set the length of the SDP data in the buffer */
534 p_msg->len = (UINT16)(p - p_start);
537 L2CA_DataWrite (p_ccb->connection_id, p_msg);
539 /* Start inactivity timer */
540 btu_start_timer (&p_ccb->timer_entry, BTU_TTYPE_SDP, SDP_INACT_TIMEOUT);
544 sdp_disconnect (p_ccb, SDP_SUCCESS);
550 /*******************************************************************************
552 ** Function process_service_search_attr_rsp
554 ** Description This function is called when there is a search attribute
555 ** response from the server.
559 *******************************************************************************/
560 static void process_service_search_attr_rsp (tCONN_CB *p_ccb, UINT8 *p_reply)
562 UINT8 *p, *p_start, *p_end, *p_param_len;
565 UINT16 param_len, lists_byte_count = 0;
566 BOOLEAN cont_request_needed = FALSE;
568 #if (SDP_DEBUG_RAW == TRUE)
569 SDP_TRACE_WARNING("process_service_search_attr_rsp");
571 /* If p_reply is NULL, we were called for the initial read */
574 #if (SDP_DEBUG_RAW == TRUE)
575 SDP_TRACE_WARNING("ID & len: 0x%02x-%02x-%02x-%02x",
576 p_reply[0], p_reply[1], p_reply[2], p_reply[3]);
578 /* Skip transaction ID and length */
581 BE_STREAM_TO_UINT16 (lists_byte_count, p_reply);
582 #if (SDP_DEBUG_RAW == TRUE)
583 SDP_TRACE_WARNING("lists_byte_count:%d", lists_byte_count);
586 /* Copy the response to the scratchpad. First, a safety check on the length */
587 if ((p_ccb->list_len + lists_byte_count) > SDP_MAX_LIST_BYTE_COUNT)
589 sdp_disconnect (p_ccb, SDP_INVALID_PDU_SIZE);
593 #if (SDP_DEBUG_RAW == TRUE)
594 SDP_TRACE_WARNING("list_len: %d, list_byte_count: %d",
595 p_ccb->list_len, lists_byte_count);
597 if (p_ccb->rsp_list == NULL)
599 p_ccb->rsp_list = (UINT8 *)osi_getbuf (SDP_MAX_LIST_BYTE_COUNT);
600 if (p_ccb->rsp_list == NULL)
602 SDP_TRACE_ERROR ("SDP - no buf to save rsp");
603 sdp_disconnect (p_ccb, SDP_NO_RESOURCES);
607 memcpy (&p_ccb->rsp_list[p_ccb->list_len], p_reply, lists_byte_count);
608 p_ccb->list_len += lists_byte_count;
609 p_reply += lists_byte_count;
610 #if (SDP_DEBUG_RAW == TRUE)
611 SDP_TRACE_WARNING("list_len: %d(search_attr_rsp)", p_ccb->list_len);
613 /* Check if we need to request a continuation */
614 SDP_TRACE_WARNING("*p_reply:%d(%d)", *p_reply, SDP_MAX_CONTINUATION_LEN);
618 if (*p_reply > SDP_MAX_CONTINUATION_LEN)
620 sdp_disconnect (p_ccb, SDP_INVALID_CONT_STATE);
624 cont_request_needed = TRUE;
628 #if (SDP_DEBUG_RAW == TRUE)
629 SDP_TRACE_WARNING("cont_request_needed:%d", cont_request_needed);
631 /* If continuation request (or first time request) */
632 if ((cont_request_needed) || (!p_reply))
634 BT_HDR *p_msg = (BT_HDR *) osi_getbuf(SDP_DATA_BUF_SIZE);
639 sdp_disconnect (p_ccb, SDP_NO_RESOURCES);
643 p_msg->offset = L2CAP_MIN_OFFSET;
644 p = p_start = (UINT8 *)(p_msg + 1) + L2CAP_MIN_OFFSET;
646 /* Build a service search request packet */
647 UINT8_TO_BE_STREAM (p, SDP_PDU_SERVICE_SEARCH_ATTR_REQ);
648 UINT16_TO_BE_STREAM (p, p_ccb->transaction_id);
649 p_ccb->transaction_id++;
651 /* Skip the length, we need to add it at the end */
655 /* Build the UID sequence. */
656 #if (defined(SDP_BROWSE_PLUS) && SDP_BROWSE_PLUS == TRUE)
657 p = sdpu_build_uuid_seq (p, 1, &p_ccb->p_db->uuid_filters[p_ccb->cur_uuid_idx]);
659 p = sdpu_build_uuid_seq (p, p_ccb->p_db->num_uuid_filters, p_ccb->p_db->uuid_filters);
662 /* Max attribute byte count */
663 UINT16_TO_BE_STREAM (p, sdp_cb.max_attr_list_size);
665 /* If no attribute filters, build a wildcard attribute sequence */
666 if (p_ccb->p_db->num_attr_filters)
667 p = sdpu_build_attrib_seq (p, p_ccb->p_db->attr_filters, p_ccb->p_db->num_attr_filters);
669 p = sdpu_build_attrib_seq (p, NULL, 0);
671 /* No continuation for first request */
674 memcpy (p, p_reply, *p_reply + 1);
678 UINT8_TO_BE_STREAM (p, 0);
680 /* Go back and put the parameter length into the buffer */
681 param_len = p - p_param_len - 2;
682 UINT16_TO_BE_STREAM (p_param_len, param_len);
684 /* Set the length of the SDP data in the buffer */
685 p_msg->len = p - p_start;
688 L2CA_DataWrite (p_ccb->connection_id, p_msg);
690 /* Start inactivity timer */
691 btu_start_timer (&p_ccb->timer_entry, BTU_TTYPE_SDP, SDP_INACT_TIMEOUT);
697 /*******************************************************************/
698 /* We now have the full response, which is a sequence of sequences */
699 /*******************************************************************/
701 #if (SDP_RAW_DATA_INCLUDED == TRUE)
702 SDP_TRACE_WARNING("process_service_search_attr_rsp");
703 sdp_copy_raw_data (p_ccb, TRUE);
706 p = &p_ccb->rsp_list[0];
708 /* The contents is a sequence of attribute sequences */
711 if ((type >> 3) != DATA_ELE_SEQ_DESC_TYPE)
713 SDP_TRACE_WARNING ("SDP - Wrong type: 0x%02x in attr_rsp", type);
716 p = sdpu_get_len_from_type (p, type, &seq_len);
718 p_end = &p_ccb->rsp_list[p_ccb->list_len];
720 if ((p + seq_len) != p_end)
722 sdp_disconnect (p_ccb, SDP_INVALID_CONT_STATE);
728 p = save_attr_seq (p_ccb, p, &p_ccb->rsp_list[p_ccb->list_len]);
731 sdp_disconnect (p_ccb, SDP_DB_FULL);
736 /* Since we got everything we need, disconnect the call */
737 sdp_disconnect (p_ccb, SDP_SUCCESS);
740 /*******************************************************************************
742 ** Function save_attr_seq
744 ** Description This function is called when there is a response from
747 ** Returns pointer to next byte or NULL if error
749 *******************************************************************************/
750 static UINT8 *save_attr_seq (tCONN_CB *p_ccb, UINT8 *p, UINT8 *p_msg_end)
752 UINT32 seq_len, attr_len;
754 UINT8 type, *p_seq_end;
755 tSDP_DISC_REC *p_rec;
759 if ((type >> 3) != DATA_ELE_SEQ_DESC_TYPE)
761 SDP_TRACE_WARNING ("SDP - Wrong type: 0x%02x in attr_rsp", type);
765 p = sdpu_get_len_from_type (p, type, &seq_len);
766 if ((p + seq_len) > p_msg_end)
768 SDP_TRACE_WARNING ("SDP - Bad len in attr_rsp %d", seq_len);
772 /* Create a record */
773 p_rec = add_record (p_ccb->p_db, p_ccb->device_address);
776 SDP_TRACE_WARNING ("SDP - DB full add_record");
780 p_seq_end = p + seq_len;
782 while (p < p_seq_end)
784 /* First get the attribute ID */
786 p = sdpu_get_len_from_type (p, type, &attr_len);
787 if (((type >> 3) != UINT_DESC_TYPE) || (attr_len != 2))
789 SDP_TRACE_WARNING ("SDP - Bad type: 0x%02x or len: %d in attr_rsp", type, attr_len);
792 BE_STREAM_TO_UINT16 (attr_id, p);
794 /* Now, add the attribute value */
795 p = add_attr (p, p_ccb->p_db, p_rec, attr_id, NULL, 0);
799 SDP_TRACE_WARNING ("SDP - DB full add_attr");
808 /*******************************************************************************
810 ** Function add_record
812 ** Description This function allocates space for a record from the DB.
814 ** Returns pointer to next byte in data stream
816 *******************************************************************************/
817 tSDP_DISC_REC *add_record (tSDP_DISCOVERY_DB *p_db, BD_ADDR p_bda)
819 tSDP_DISC_REC *p_rec;
821 /* See if there is enough space in the database */
822 if (p_db->mem_free < sizeof (tSDP_DISC_REC))
825 p_rec = (tSDP_DISC_REC *) p_db->p_free_mem;
826 p_db->p_free_mem += sizeof (tSDP_DISC_REC);
827 p_db->mem_free -= sizeof (tSDP_DISC_REC);
829 p_rec->p_first_attr = NULL;
830 p_rec->p_next_rec = NULL;
832 memcpy (p_rec->remote_bd_addr, p_bda, BD_ADDR_LEN);
834 /* Add the record to the end of chain */
835 if (!p_db->p_first_rec)
836 p_db->p_first_rec = p_rec;
839 tSDP_DISC_REC *p_rec1 = p_db->p_first_rec;
841 while (p_rec1->p_next_rec)
842 p_rec1 = p_rec1->p_next_rec;
844 p_rec1->p_next_rec = p_rec;
850 #define SDP_ADDITIONAL_LIST_MASK 0x80
851 /*******************************************************************************
855 ** Description This function allocates space for an attribute from the DB
856 ** and copies the data into it.
858 ** Returns pointer to next byte in data stream
860 *******************************************************************************/
861 static UINT8 *add_attr (UINT8 *p, tSDP_DISCOVERY_DB *p_db, tSDP_DISC_REC *p_rec,
862 UINT16 attr_id, tSDP_DISC_ATTR *p_parent_attr, UINT8 nest_level)
864 tSDP_DISC_ATTR *p_attr;
871 UINT8 is_additional_list = nest_level & SDP_ADDITIONAL_LIST_MASK;
873 nest_level &= ~(SDP_ADDITIONAL_LIST_MASK);
876 p = sdpu_get_len_from_type (p, type, &attr_len);
878 attr_len &= SDP_DISC_ATTR_LEN_MASK;
879 attr_type = (type >> 3) & 0x0f;
881 /* See if there is enough space in the database */
883 total_len = attr_len - 4 + (UINT16)sizeof (tSDP_DISC_ATTR);
885 total_len = sizeof (tSDP_DISC_ATTR);
887 /* Ensure it is a multiple of 4 */
888 total_len = (total_len + 3) & ~3;
890 /* See if there is enough space in the database */
891 if (p_db->mem_free < total_len)
894 p_attr = (tSDP_DISC_ATTR *) p_db->p_free_mem;
895 p_attr->attr_id = attr_id;
896 p_attr->attr_len_type = (UINT16)attr_len | (attr_type << 12);
897 p_attr->p_next_attr = NULL;
899 /* Store the attribute value */
903 if( (is_additional_list != 0) && (attr_len == 2) )
905 BE_STREAM_TO_UINT16 (id, p);
906 if(id != ATTR_ID_PROTOCOL_DESC_LIST)
910 /* Reserve the memory for the attribute now, as we need to add sub-attributes */
911 p_db->p_free_mem += sizeof (tSDP_DISC_ATTR);
912 p_db->mem_free -= sizeof (tSDP_DISC_ATTR);
913 p_end = p + attr_len;
916 /* SDP_TRACE_DEBUG ("SDP - attr nest level:%d(list)", nest_level); */
917 if (nest_level >= MAX_NEST_LEVELS)
919 SDP_TRACE_ERROR ("SDP - attr nesting too deep");
923 /* Now, add the list entry */
924 p = add_attr (p, p_db, p_rec, ATTR_ID_PROTOCOL_DESC_LIST, p_attr, (UINT8)(nest_level + 1));
929 /* Case falls through */
931 case TWO_COMP_INT_DESC_TYPE:
935 p_attr->attr_value.v.u8 = *p++;
938 BE_STREAM_TO_UINT16 (p_attr->attr_value.v.u16, p);
941 BE_STREAM_TO_UINT32 (p_attr->attr_value.v.u32, p);
944 BE_STREAM_TO_ARRAY (p, p_attr->attr_value.v.array, (INT32)attr_len);
953 BE_STREAM_TO_UINT16 (p_attr->attr_value.v.u16, p);
956 BE_STREAM_TO_UINT32 (p_attr->attr_value.v.u32, p);
957 if (p_attr->attr_value.v.u32 < 0x10000)
960 p_attr->attr_len_type = (UINT16)attr_len | (attr_type << 12);
961 p_attr->attr_value.v.u16 = (UINT16) p_attr->attr_value.v.u32;
966 /* See if we can compress his UUID down to 16 or 32bit UUIDs */
967 if (sdpu_is_base_uuid (p))
969 if ((p[0] == 0) && (p[1] == 0))
971 p_attr->attr_len_type = (p_attr->attr_len_type & ~SDP_DISC_ATTR_LEN_MASK) | 2;
973 BE_STREAM_TO_UINT16 (p_attr->attr_value.v.u16, p);
974 p += MAX_UUID_SIZE - 4;
978 p_attr->attr_len_type = (p_attr->attr_len_type & ~SDP_DISC_ATTR_LEN_MASK) | 4;
979 BE_STREAM_TO_UINT32 (p_attr->attr_value.v.u32, p);
980 p += MAX_UUID_SIZE - 4;
985 /* coverity[overrun-local] */
987 Event overrun-local: Overrun of static array "p_attr->attr_value.v.array" of size 4 at position 15 with index variable "ijk"
988 False-positive: SDP uses scratch buffer to hold the attribute value.
989 The actual size of tSDP_DISC_ATVAL does not matter.
990 If the array size in tSDP_DISC_ATVAL is increase, we would increase the system RAM usage unnecessarily
992 BE_STREAM_TO_ARRAY (p, p_attr->attr_value.v.array, (INT32)attr_len);
996 SDP_TRACE_WARNING ("SDP - bad len in UUID attr: %d", attr_len);
997 return (p + attr_len);
1001 case DATA_ELE_SEQ_DESC_TYPE:
1002 case DATA_ELE_ALT_DESC_TYPE:
1003 /* Reserve the memory for the attribute now, as we need to add sub-attributes */
1004 p_db->p_free_mem += sizeof (tSDP_DISC_ATTR);
1005 p_db->mem_free -= sizeof (tSDP_DISC_ATTR);
1006 p_end = p + attr_len;
1009 /* SDP_TRACE_DEBUG ("SDP - attr nest level:%d", nest_level); */
1010 if (nest_level >= MAX_NEST_LEVELS)
1012 SDP_TRACE_ERROR ("SDP - attr nesting too deep");
1015 if(is_additional_list != 0 || attr_id == ATTR_ID_ADDITION_PROTO_DESC_LISTS)
1016 nest_level |= SDP_ADDITIONAL_LIST_MASK;
1017 /* SDP_TRACE_DEBUG ("SDP - attr nest level:0x%x(finish)", nest_level); */
1021 /* Now, add the list entry */
1022 p = add_attr (p, p_db, p_rec, 0, p_attr, (UINT8)(nest_level + 1));
1029 case TEXT_STR_DESC_TYPE:
1031 BE_STREAM_TO_ARRAY (p, p_attr->attr_value.v.array, (INT32)attr_len);
1034 case BOOLEAN_DESC_TYPE:
1038 p_attr->attr_value.v.u8 = *p++;
1041 SDP_TRACE_WARNING ("SDP - bad len in boolean attr: %d", attr_len);
1042 return (p + attr_len);
1046 default: /* switch (attr_type) */
1050 p_db->p_free_mem += total_len;
1051 p_db->mem_free -= total_len;
1053 /* Add the attribute to the end of the chain */
1056 if (!p_rec->p_first_attr)
1057 p_rec->p_first_attr = p_attr;
1060 tSDP_DISC_ATTR *p_attr1 = p_rec->p_first_attr;
1062 while (p_attr1->p_next_attr)
1063 p_attr1 = p_attr1->p_next_attr;
1065 p_attr1->p_next_attr = p_attr;
1070 if (!p_parent_attr->attr_value.v.p_sub_attr)
1072 p_parent_attr->attr_value.v.p_sub_attr = p_attr;
1073 /* SDP_TRACE_DEBUG ("parent:0x%x(id:%d), ch:0x%x(id:%d)",
1074 p_parent_attr, p_parent_attr->attr_id, p_attr, p_attr->attr_id); */
1078 tSDP_DISC_ATTR *p_attr1 = p_parent_attr->attr_value.v.p_sub_attr;
1079 /* SDP_TRACE_DEBUG ("parent:0x%x(id:%d), ch1:0x%x(id:%d)",
1080 p_parent_attr, p_parent_attr->attr_id, p_attr1, p_attr1->attr_id); */
1082 while (p_attr1->p_next_attr)
1083 p_attr1 = p_attr1->p_next_attr;
1085 p_attr1->p_next_attr = p_attr;
1086 /* SDP_TRACE_DEBUG ("new ch:0x%x(id:%d)", p_attr, p_attr->attr_id); */
1093 #endif /* CLIENT_ENABLED == TRUE */
OSDN Git Service
