1 /******************************************************************************
3 * Copyright (C) 1999-2012 Broadcom Corporation
5 * Licensed under the Apache License, Version 2.0 (the "License");
6 * you may not use this file except in compliance with the License.
7 * You may obtain a copy of the License at:
9 * http://www.apache.org/licenses/LICENSE-2.0
11 * Unless required by applicable law or agreed to in writing, software
12 * distributed under the License is distributed on an "AS IS" BASIS,
13 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14 * See the License for the specific language governing permissions and
15 * limitations under the License.
17 ******************************************************************************/
19 /******************************************************************************
21 * this file contains SDP discovery functions
23 ******************************************************************************/
29 #include "bt_target.h"
30 #include "bt_common.h"
41 #define SDP_DEBUG_RAW FALSE
44 /********************************************************************************/
45 /* L O C A L F U N C T I O N P R O T O T Y P E S */
46 /********************************************************************************/
47 #if SDP_CLIENT_ENABLED == TRUE
48 static void process_service_search_rsp (tCONN_CB *p_ccb, UINT8 *p_reply);
49 static void process_service_attr_rsp (tCONN_CB *p_ccb, UINT8 *p_reply);
50 static void process_service_search_attr_rsp (tCONN_CB *p_ccb, UINT8 *p_reply);
51 static UINT8 *save_attr_seq (tCONN_CB *p_ccb, UINT8 *p, UINT8 *p_msg_end);
52 static tSDP_DISC_REC *add_record (tSDP_DISCOVERY_DB *p_db, BD_ADDR p_bda);
53 static UINT8 *add_attr (UINT8 *p, tSDP_DISCOVERY_DB *p_db, tSDP_DISC_REC *p_rec,
54 UINT16 attr_id, tSDP_DISC_ATTR *p_parent_attr, UINT8 nest_level);
56 /* Safety check in case we go crazy */
57 #define MAX_NEST_LEVELS 5
59 extern fixed_queue_t *btu_general_alarm_queue;
61 /*******************************************************************************
63 ** Function sdpu_build_uuid_seq
65 ** Description This function builds a UUID sequence from the list of
66 ** passed UUIDs. It is also passed the address of the output
69 ** Returns Pointer to next byte in the output buffer.
71 *******************************************************************************/
72 static UINT8 *sdpu_build_uuid_seq (UINT8 *p_out, UINT16 num_uuids, tSDP_UUID *p_uuid_list)
77 /* First thing is the data element header */
78 UINT8_TO_BE_STREAM (p_out, (DATA_ELE_SEQ_DESC_TYPE << 3) | SIZE_IN_NEXT_BYTE);
80 /* Remember where the length goes. Leave space for it. */
84 /* Now, loop through and put in all the UUID(s) */
85 for (xx = 0; xx < num_uuids; xx++, p_uuid_list++)
87 if (p_uuid_list->len == 2)
89 UINT8_TO_BE_STREAM (p_out, (UUID_DESC_TYPE << 3) | SIZE_TWO_BYTES);
90 UINT16_TO_BE_STREAM (p_out, p_uuid_list->uu.uuid16);
92 else if (p_uuid_list->len == 4)
94 UINT8_TO_BE_STREAM (p_out, (UUID_DESC_TYPE << 3) | SIZE_FOUR_BYTES);
95 UINT32_TO_BE_STREAM (p_out, p_uuid_list->uu.uuid32);
99 UINT8_TO_BE_STREAM (p_out, (UUID_DESC_TYPE << 3) | SIZE_SIXTEEN_BYTES);
100 ARRAY_TO_BE_STREAM (p_out, p_uuid_list->uu.uuid128, p_uuid_list->len);
104 /* Now, put in the length */
105 xx = (UINT16)(p_out - p_len - 1);
106 UINT8_TO_BE_STREAM (p_len, xx);
111 /*******************************************************************************
113 ** Function sdp_snd_service_search_req
115 ** Description Send a service search request to the SDP server.
119 *******************************************************************************/
120 static void sdp_snd_service_search_req(tCONN_CB *p_ccb, UINT8 cont_len, UINT8 * p_cont)
122 UINT8 *p, *p_start, *p_param_len;
123 BT_HDR *p_cmd = (BT_HDR *) osi_getbuf(SDP_DATA_BUF_SIZE);
126 /* Check the buffer for sending the packet to L2CAP */
129 sdp_disconnect (p_ccb, SDP_NO_RESOURCES);
133 p_cmd->offset = L2CAP_MIN_OFFSET;
134 p = p_start = (UINT8 *)(p_cmd + 1) + L2CAP_MIN_OFFSET;
136 /* Build a service search request packet */
137 UINT8_TO_BE_STREAM (p, SDP_PDU_SERVICE_SEARCH_REQ);
138 UINT16_TO_BE_STREAM (p, p_ccb->transaction_id);
139 p_ccb->transaction_id++;
141 /* Skip the length, we need to add it at the end */
145 /* Build the UID sequence. */
146 #if (defined(SDP_BROWSE_PLUS) && SDP_BROWSE_PLUS == TRUE)
147 p = sdpu_build_uuid_seq (p, 1, &p_ccb->p_db->uuid_filters[p_ccb->cur_uuid_idx]);
149 p = sdpu_build_uuid_seq (p, p_ccb->p_db->num_uuid_filters, p_ccb->p_db->uuid_filters);
152 /* Set max service record count */
153 UINT16_TO_BE_STREAM (p, sdp_cb.max_recs_per_search);
155 /* Set continuation state */
156 UINT8_TO_BE_STREAM (p, cont_len);
158 /* if this is not the first request */
159 if(cont_len && p_cont)
161 memcpy(p, p_cont, cont_len);
165 /* Go back and put the parameter length into the buffer */
166 param_len = (UINT16)(p - p_param_len - 2);
167 UINT16_TO_BE_STREAM (p_param_len, param_len);
169 p_ccb->disc_state = SDP_DISC_WAIT_HANDLES;
171 /* Set the length of the SDP data in the buffer */
172 p_cmd->len = (UINT16)(p - p_start);
174 #if (SDP_DEBUG_RAW == TRUE)
175 SDP_TRACE_WARNING("sdp_snd_service_search_req cont_len :%d disc_state:%d",cont_len, p_ccb->disc_state);
179 L2CA_DataWrite (p_ccb->connection_id, p_cmd);
181 /* Start inactivity timer */
182 alarm_set_on_queue(p_ccb->sdp_conn_timer, SDP_INACT_TIMEOUT_MS,
183 sdp_conn_timer_timeout, p_ccb, btu_general_alarm_queue);
186 /*******************************************************************************
188 ** Function sdp_disc_connected
190 ** Description This function is called when an SDP discovery attempt is
195 *******************************************************************************/
196 void sdp_disc_connected (tCONN_CB *p_ccb)
198 if (p_ccb->is_attr_search)
200 p_ccb->disc_state = SDP_DISC_WAIT_SEARCH_ATTR;
202 process_service_search_attr_rsp (p_ccb, NULL);
206 /* First step is to get a list of the handles from the server. */
207 /* We are not searching for a specific attribute, so we will */
208 /* first search for the service, then get all attributes of it */
210 p_ccb->num_handles = 0;
211 sdp_snd_service_search_req(p_ccb, 0, NULL);
216 /*******************************************************************************
218 ** Function sdp_disc_server_rsp
220 ** Description This function is called when there is a response from
225 *******************************************************************************/
226 void sdp_disc_server_rsp (tCONN_CB *p_ccb, BT_HDR *p_msg)
229 BOOLEAN invalid_pdu = TRUE;
231 #if (SDP_DEBUG_RAW == TRUE)
232 SDP_TRACE_WARNING("sdp_disc_server_rsp disc_state:%d", p_ccb->disc_state);
235 /* stop inactivity timer when we receive a response */
236 alarm_cancel(p_ccb->sdp_conn_timer);
238 /* Got a reply!! Check what we got back */
239 p = (UINT8 *)(p_msg + 1) + p_msg->offset;
241 BE_STREAM_TO_UINT8 (rsp_pdu, p);
247 case SDP_PDU_SERVICE_SEARCH_RSP:
248 if (p_ccb->disc_state == SDP_DISC_WAIT_HANDLES)
250 process_service_search_rsp (p_ccb, p);
255 case SDP_PDU_SERVICE_ATTR_RSP:
256 if (p_ccb->disc_state == SDP_DISC_WAIT_ATTR)
258 process_service_attr_rsp (p_ccb, p);
263 case SDP_PDU_SERVICE_SEARCH_ATTR_RSP:
264 if (p_ccb->disc_state == SDP_DISC_WAIT_SEARCH_ATTR)
266 process_service_search_attr_rsp (p_ccb, p);
274 SDP_TRACE_WARNING ("SDP - Unexp. PDU: %d in state: %d", rsp_pdu, p_ccb->disc_state);
275 sdp_disconnect (p_ccb, SDP_GENERIC_ERROR);
279 /******************************************************************************
281 ** Function process_service_search_rsp
283 ** Description This function is called when there is a search response from
288 *******************************************************************************/
289 static void process_service_search_rsp (tCONN_CB *p_ccb, UINT8 *p_reply)
292 UINT16 total, cur_handles, orig;
295 /* Skip transaction, and param len */
297 BE_STREAM_TO_UINT16 (total, p_reply);
298 BE_STREAM_TO_UINT16 (cur_handles, p_reply);
300 orig = p_ccb->num_handles;
301 p_ccb->num_handles += cur_handles;
302 if (p_ccb->num_handles == 0)
304 SDP_TRACE_WARNING ("SDP - Rcvd ServiceSearchRsp, no matches");
305 sdp_disconnect (p_ccb, SDP_NO_RECS_MATCH);
309 /* Save the handles that match. We will can only process a certain number. */
310 if (total > sdp_cb.max_recs_per_search)
311 total = sdp_cb.max_recs_per_search;
312 if (p_ccb->num_handles > sdp_cb.max_recs_per_search)
313 p_ccb->num_handles = sdp_cb.max_recs_per_search;
315 for (xx = orig; xx < p_ccb->num_handles; xx++)
316 BE_STREAM_TO_UINT32 (p_ccb->handles[xx], p_reply);
318 BE_STREAM_TO_UINT8 (cont_len, p_reply);
321 if(cont_len > SDP_MAX_CONTINUATION_LEN)
323 sdp_disconnect (p_ccb, SDP_INVALID_CONT_STATE);
326 /* stay in the same state */
327 sdp_snd_service_search_req(p_ccb, cont_len, p_reply);
332 p_ccb->disc_state = SDP_DISC_WAIT_ATTR;
334 /* Kick off the first attribute request */
335 process_service_attr_rsp (p_ccb, NULL);
339 /*******************************************************************************
341 ** Function sdp_copy_raw_data
343 ** Description copy the raw data
348 *******************************************************************************/
349 #if (SDP_RAW_DATA_INCLUDED == TRUE)
350 static void sdp_copy_raw_data (tCONN_CB *p_ccb, BOOLEAN offset)
352 unsigned int cpy_len;
357 #if (SDP_DEBUG_RAW == TRUE)
358 UINT8 num_array[SDP_MAX_LIST_BYTE_COUNT];
361 for (i = 0; i < p_ccb->list_len; i++)
363 sprintf((char *)&num_array[i*2],"%02X",(UINT8)(p_ccb->rsp_list[i]));
365 SDP_TRACE_WARNING("result :%s",num_array);
368 if(p_ccb->p_db->raw_data)
370 cpy_len = p_ccb->p_db->raw_size - p_ccb->p_db->raw_used;
371 list_len = p_ccb->list_len;
372 p = &p_ccb->rsp_list[0];
377 p = sdpu_get_len_from_type (p, type, &list_len);
379 if(list_len && list_len < cpy_len )
383 #if (SDP_DEBUG_RAW == TRUE)
384 SDP_TRACE_WARNING("list_len :%d cpy_len:%d raw_size:%d raw_used:%d",
385 list_len, cpy_len, p_ccb->p_db->raw_size, p_ccb->p_db->raw_used);
387 memcpy (&p_ccb->p_db->raw_data[p_ccb->p_db->raw_used], p, cpy_len);
388 p_ccb->p_db->raw_used += cpy_len;
393 /*******************************************************************************
395 ** Function process_service_attr_rsp
397 ** Description This function is called when there is a attribute response from
402 *******************************************************************************/
403 static void process_service_attr_rsp (tCONN_CB *p_ccb, UINT8 *p_reply)
405 UINT8 *p_start, *p_param_len;
406 UINT16 param_len, list_byte_count;
407 BOOLEAN cont_request_needed = FALSE;
409 #if (SDP_DEBUG_RAW == TRUE)
410 SDP_TRACE_WARNING("process_service_attr_rsp raw inc:%d",
411 SDP_RAW_DATA_INCLUDED);
413 /* If p_reply is NULL, we were called after the records handles were read */
416 #if (SDP_DEBUG_RAW == TRUE)
417 SDP_TRACE_WARNING("ID & len: 0x%02x-%02x-%02x-%02x",
418 p_reply[0], p_reply[1], p_reply[2], p_reply[3]);
420 /* Skip transaction ID and length */
423 BE_STREAM_TO_UINT16 (list_byte_count, p_reply);
424 #if (SDP_DEBUG_RAW == TRUE)
425 SDP_TRACE_WARNING("list_byte_count:%d", list_byte_count);
428 /* Copy the response to the scratchpad. First, a safety check on the length */
429 if ((p_ccb->list_len + list_byte_count) > SDP_MAX_LIST_BYTE_COUNT)
431 sdp_disconnect (p_ccb, SDP_INVALID_PDU_SIZE);
435 #if (SDP_DEBUG_RAW == TRUE)
436 SDP_TRACE_WARNING("list_len: %d, list_byte_count: %d",
437 p_ccb->list_len, list_byte_count);
439 if (p_ccb->rsp_list == NULL)
441 p_ccb->rsp_list = (UINT8 *)osi_getbuf (SDP_MAX_LIST_BYTE_COUNT);
442 if (p_ccb->rsp_list == NULL)
444 SDP_TRACE_ERROR ("SDP - no buf to save rsp");
445 sdp_disconnect (p_ccb, SDP_NO_RESOURCES);
449 memcpy (&p_ccb->rsp_list[p_ccb->list_len], p_reply, list_byte_count);
450 p_ccb->list_len += list_byte_count;
451 p_reply += list_byte_count;
452 #if (SDP_DEBUG_RAW == TRUE)
453 SDP_TRACE_WARNING("list_len: %d(attr_rsp)", p_ccb->list_len);
455 /* Check if we need to request a continuation */
456 SDP_TRACE_WARNING("*p_reply:%d(%d)", *p_reply, SDP_MAX_CONTINUATION_LEN);
460 if (*p_reply > SDP_MAX_CONTINUATION_LEN)
462 sdp_disconnect (p_ccb, SDP_INVALID_CONT_STATE);
465 cont_request_needed = TRUE;
470 #if (SDP_RAW_DATA_INCLUDED == TRUE)
471 SDP_TRACE_WARNING("process_service_attr_rsp");
472 sdp_copy_raw_data (p_ccb, FALSE);
475 /* Save the response in the database. Stop on any error */
476 if (!save_attr_seq (p_ccb, &p_ccb->rsp_list[0], &p_ccb->rsp_list[p_ccb->list_len]))
478 sdp_disconnect (p_ccb, SDP_DB_FULL);
486 /* Now, ask for the next handle. Re-use the buffer we just got. */
487 if (p_ccb->cur_handle < p_ccb->num_handles)
489 BT_HDR *p_msg = (BT_HDR *) osi_getbuf(SDP_DATA_BUF_SIZE);
494 sdp_disconnect (p_ccb, SDP_NO_RESOURCES);
498 p_msg->offset = L2CAP_MIN_OFFSET;
499 p = p_start = (UINT8 *)(p_msg + 1) + L2CAP_MIN_OFFSET;
501 /* Get all the attributes from the server */
502 UINT8_TO_BE_STREAM (p, SDP_PDU_SERVICE_ATTR_REQ);
503 UINT16_TO_BE_STREAM (p, p_ccb->transaction_id);
504 p_ccb->transaction_id++;
506 /* Skip the length, we need to add it at the end */
510 UINT32_TO_BE_STREAM (p, p_ccb->handles[p_ccb->cur_handle]);
512 /* Max attribute byte count */
513 UINT16_TO_BE_STREAM (p, sdp_cb.max_attr_list_size);
515 /* If no attribute filters, build a wildcard attribute sequence */
516 if (p_ccb->p_db->num_attr_filters)
517 p = sdpu_build_attrib_seq (p, p_ccb->p_db->attr_filters, p_ccb->p_db->num_attr_filters);
519 p = sdpu_build_attrib_seq (p, NULL, 0);
521 /* Was this a continuation request ? */
522 if (cont_request_needed)
524 memcpy (p, p_reply, *p_reply + 1);
528 UINT8_TO_BE_STREAM (p, 0);
530 /* Go back and put the parameter length into the buffer */
531 param_len = (UINT16)(p - p_param_len - 2);
532 UINT16_TO_BE_STREAM (p_param_len, param_len);
534 /* Set the length of the SDP data in the buffer */
535 p_msg->len = (UINT16)(p - p_start);
538 L2CA_DataWrite (p_ccb->connection_id, p_msg);
540 /* Start inactivity timer */
541 alarm_set_on_queue(p_ccb->sdp_conn_timer, SDP_INACT_TIMEOUT_MS,
542 sdp_conn_timer_timeout, p_ccb,
543 btu_general_alarm_queue);
547 sdp_disconnect (p_ccb, SDP_SUCCESS);
553 /*******************************************************************************
555 ** Function process_service_search_attr_rsp
557 ** Description This function is called when there is a search attribute
558 ** response from the server.
562 *******************************************************************************/
563 static void process_service_search_attr_rsp (tCONN_CB *p_ccb, UINT8 *p_reply)
565 UINT8 *p, *p_start, *p_end, *p_param_len;
568 UINT16 param_len, lists_byte_count = 0;
569 BOOLEAN cont_request_needed = FALSE;
571 #if (SDP_DEBUG_RAW == TRUE)
572 SDP_TRACE_WARNING("process_service_search_attr_rsp");
574 /* If p_reply is NULL, we were called for the initial read */
577 #if (SDP_DEBUG_RAW == TRUE)
578 SDP_TRACE_WARNING("ID & len: 0x%02x-%02x-%02x-%02x",
579 p_reply[0], p_reply[1], p_reply[2], p_reply[3]);
581 /* Skip transaction ID and length */
584 BE_STREAM_TO_UINT16 (lists_byte_count, p_reply);
585 #if (SDP_DEBUG_RAW == TRUE)
586 SDP_TRACE_WARNING("lists_byte_count:%d", lists_byte_count);
589 /* Copy the response to the scratchpad. First, a safety check on the length */
590 if ((p_ccb->list_len + lists_byte_count) > SDP_MAX_LIST_BYTE_COUNT)
592 sdp_disconnect (p_ccb, SDP_INVALID_PDU_SIZE);
596 #if (SDP_DEBUG_RAW == TRUE)
597 SDP_TRACE_WARNING("list_len: %d, list_byte_count: %d",
598 p_ccb->list_len, lists_byte_count);
600 if (p_ccb->rsp_list == NULL)
602 p_ccb->rsp_list = (UINT8 *)osi_getbuf (SDP_MAX_LIST_BYTE_COUNT);
603 if (p_ccb->rsp_list == NULL)
605 SDP_TRACE_ERROR ("SDP - no buf to save rsp");
606 sdp_disconnect (p_ccb, SDP_NO_RESOURCES);
610 memcpy (&p_ccb->rsp_list[p_ccb->list_len], p_reply, lists_byte_count);
611 p_ccb->list_len += lists_byte_count;
612 p_reply += lists_byte_count;
613 #if (SDP_DEBUG_RAW == TRUE)
614 SDP_TRACE_WARNING("list_len: %d(search_attr_rsp)", p_ccb->list_len);
616 /* Check if we need to request a continuation */
617 SDP_TRACE_WARNING("*p_reply:%d(%d)", *p_reply, SDP_MAX_CONTINUATION_LEN);
621 if (*p_reply > SDP_MAX_CONTINUATION_LEN)
623 sdp_disconnect (p_ccb, SDP_INVALID_CONT_STATE);
627 cont_request_needed = TRUE;
631 #if (SDP_DEBUG_RAW == TRUE)
632 SDP_TRACE_WARNING("cont_request_needed:%d", cont_request_needed);
634 /* If continuation request (or first time request) */
635 if ((cont_request_needed) || (!p_reply))
637 BT_HDR *p_msg = (BT_HDR *) osi_getbuf(SDP_DATA_BUF_SIZE);
642 sdp_disconnect (p_ccb, SDP_NO_RESOURCES);
646 p_msg->offset = L2CAP_MIN_OFFSET;
647 p = p_start = (UINT8 *)(p_msg + 1) + L2CAP_MIN_OFFSET;
649 /* Build a service search request packet */
650 UINT8_TO_BE_STREAM (p, SDP_PDU_SERVICE_SEARCH_ATTR_REQ);
651 UINT16_TO_BE_STREAM (p, p_ccb->transaction_id);
652 p_ccb->transaction_id++;
654 /* Skip the length, we need to add it at the end */
658 /* Build the UID sequence. */
659 #if (defined(SDP_BROWSE_PLUS) && SDP_BROWSE_PLUS == TRUE)
660 p = sdpu_build_uuid_seq (p, 1, &p_ccb->p_db->uuid_filters[p_ccb->cur_uuid_idx]);
662 p = sdpu_build_uuid_seq (p, p_ccb->p_db->num_uuid_filters, p_ccb->p_db->uuid_filters);
665 /* Max attribute byte count */
666 UINT16_TO_BE_STREAM (p, sdp_cb.max_attr_list_size);
668 /* If no attribute filters, build a wildcard attribute sequence */
669 if (p_ccb->p_db->num_attr_filters)
670 p = sdpu_build_attrib_seq (p, p_ccb->p_db->attr_filters, p_ccb->p_db->num_attr_filters);
672 p = sdpu_build_attrib_seq (p, NULL, 0);
674 /* No continuation for first request */
677 memcpy (p, p_reply, *p_reply + 1);
681 UINT8_TO_BE_STREAM (p, 0);
683 /* Go back and put the parameter length into the buffer */
684 param_len = p - p_param_len - 2;
685 UINT16_TO_BE_STREAM (p_param_len, param_len);
687 /* Set the length of the SDP data in the buffer */
688 p_msg->len = p - p_start;
691 L2CA_DataWrite (p_ccb->connection_id, p_msg);
693 /* Start inactivity timer */
694 alarm_set_on_queue(p_ccb->sdp_conn_timer, SDP_INACT_TIMEOUT_MS,
695 sdp_conn_timer_timeout, p_ccb,
696 btu_general_alarm_queue);
702 /*******************************************************************/
703 /* We now have the full response, which is a sequence of sequences */
704 /*******************************************************************/
706 #if (SDP_RAW_DATA_INCLUDED == TRUE)
707 SDP_TRACE_WARNING("process_service_search_attr_rsp");
708 sdp_copy_raw_data (p_ccb, TRUE);
711 p = &p_ccb->rsp_list[0];
713 /* The contents is a sequence of attribute sequences */
716 if ((type >> 3) != DATA_ELE_SEQ_DESC_TYPE)
718 SDP_TRACE_WARNING ("SDP - Wrong type: 0x%02x in attr_rsp", type);
721 p = sdpu_get_len_from_type (p, type, &seq_len);
723 p_end = &p_ccb->rsp_list[p_ccb->list_len];
725 if ((p + seq_len) != p_end)
727 sdp_disconnect (p_ccb, SDP_INVALID_CONT_STATE);
733 p = save_attr_seq (p_ccb, p, &p_ccb->rsp_list[p_ccb->list_len]);
736 sdp_disconnect (p_ccb, SDP_DB_FULL);
741 /* Since we got everything we need, disconnect the call */
742 sdp_disconnect (p_ccb, SDP_SUCCESS);
745 /*******************************************************************************
747 ** Function save_attr_seq
749 ** Description This function is called when there is a response from
752 ** Returns pointer to next byte or NULL if error
754 *******************************************************************************/
755 static UINT8 *save_attr_seq (tCONN_CB *p_ccb, UINT8 *p, UINT8 *p_msg_end)
757 UINT32 seq_len, attr_len;
759 UINT8 type, *p_seq_end;
760 tSDP_DISC_REC *p_rec;
764 if ((type >> 3) != DATA_ELE_SEQ_DESC_TYPE)
766 SDP_TRACE_WARNING ("SDP - Wrong type: 0x%02x in attr_rsp", type);
770 p = sdpu_get_len_from_type (p, type, &seq_len);
771 if ((p + seq_len) > p_msg_end)
773 SDP_TRACE_WARNING ("SDP - Bad len in attr_rsp %d", seq_len);
777 /* Create a record */
778 p_rec = add_record (p_ccb->p_db, p_ccb->device_address);
781 SDP_TRACE_WARNING ("SDP - DB full add_record");
785 p_seq_end = p + seq_len;
787 while (p < p_seq_end)
789 /* First get the attribute ID */
791 p = sdpu_get_len_from_type (p, type, &attr_len);
792 if (((type >> 3) != UINT_DESC_TYPE) || (attr_len != 2))
794 SDP_TRACE_WARNING ("SDP - Bad type: 0x%02x or len: %d in attr_rsp", type, attr_len);
797 BE_STREAM_TO_UINT16 (attr_id, p);
799 /* Now, add the attribute value */
800 p = add_attr (p, p_ccb->p_db, p_rec, attr_id, NULL, 0);
804 SDP_TRACE_WARNING ("SDP - DB full add_attr");
813 /*******************************************************************************
815 ** Function add_record
817 ** Description This function allocates space for a record from the DB.
819 ** Returns pointer to next byte in data stream
821 *******************************************************************************/
822 tSDP_DISC_REC *add_record (tSDP_DISCOVERY_DB *p_db, BD_ADDR p_bda)
824 tSDP_DISC_REC *p_rec;
826 /* See if there is enough space in the database */
827 if (p_db->mem_free < sizeof (tSDP_DISC_REC))
830 p_rec = (tSDP_DISC_REC *) p_db->p_free_mem;
831 p_db->p_free_mem += sizeof (tSDP_DISC_REC);
832 p_db->mem_free -= sizeof (tSDP_DISC_REC);
834 p_rec->p_first_attr = NULL;
835 p_rec->p_next_rec = NULL;
837 memcpy (p_rec->remote_bd_addr, p_bda, BD_ADDR_LEN);
839 /* Add the record to the end of chain */
840 if (!p_db->p_first_rec)
841 p_db->p_first_rec = p_rec;
844 tSDP_DISC_REC *p_rec1 = p_db->p_first_rec;
846 while (p_rec1->p_next_rec)
847 p_rec1 = p_rec1->p_next_rec;
849 p_rec1->p_next_rec = p_rec;
855 #define SDP_ADDITIONAL_LIST_MASK 0x80
856 /*******************************************************************************
860 ** Description This function allocates space for an attribute from the DB
861 ** and copies the data into it.
863 ** Returns pointer to next byte in data stream
865 *******************************************************************************/
866 static UINT8 *add_attr (UINT8 *p, tSDP_DISCOVERY_DB *p_db, tSDP_DISC_REC *p_rec,
867 UINT16 attr_id, tSDP_DISC_ATTR *p_parent_attr, UINT8 nest_level)
869 tSDP_DISC_ATTR *p_attr;
876 UINT8 is_additional_list = nest_level & SDP_ADDITIONAL_LIST_MASK;
878 nest_level &= ~(SDP_ADDITIONAL_LIST_MASK);
881 p = sdpu_get_len_from_type (p, type, &attr_len);
883 attr_len &= SDP_DISC_ATTR_LEN_MASK;
884 attr_type = (type >> 3) & 0x0f;
886 /* See if there is enough space in the database */
888 total_len = attr_len - 4 + (UINT16)sizeof (tSDP_DISC_ATTR);
890 total_len = sizeof (tSDP_DISC_ATTR);
892 /* Ensure it is a multiple of 4 */
893 total_len = (total_len + 3) & ~3;
895 /* See if there is enough space in the database */
896 if (p_db->mem_free < total_len)
899 p_attr = (tSDP_DISC_ATTR *) p_db->p_free_mem;
900 p_attr->attr_id = attr_id;
901 p_attr->attr_len_type = (UINT16)attr_len | (attr_type << 12);
902 p_attr->p_next_attr = NULL;
904 /* Store the attribute value */
908 if( (is_additional_list != 0) && (attr_len == 2) )
910 BE_STREAM_TO_UINT16 (id, p);
911 if(id != ATTR_ID_PROTOCOL_DESC_LIST)
915 /* Reserve the memory for the attribute now, as we need to add sub-attributes */
916 p_db->p_free_mem += sizeof (tSDP_DISC_ATTR);
917 p_db->mem_free -= sizeof (tSDP_DISC_ATTR);
918 p_end = p + attr_len;
921 /* SDP_TRACE_DEBUG ("SDP - attr nest level:%d(list)", nest_level); */
922 if (nest_level >= MAX_NEST_LEVELS)
924 SDP_TRACE_ERROR ("SDP - attr nesting too deep");
928 /* Now, add the list entry */
929 p = add_attr (p, p_db, p_rec, ATTR_ID_PROTOCOL_DESC_LIST, p_attr, (UINT8)(nest_level + 1));
934 /* Case falls through */
936 case TWO_COMP_INT_DESC_TYPE:
940 p_attr->attr_value.v.u8 = *p++;
943 BE_STREAM_TO_UINT16 (p_attr->attr_value.v.u16, p);
946 BE_STREAM_TO_UINT32 (p_attr->attr_value.v.u32, p);
949 BE_STREAM_TO_ARRAY (p, p_attr->attr_value.v.array, (INT32)attr_len);
958 BE_STREAM_TO_UINT16 (p_attr->attr_value.v.u16, p);
961 BE_STREAM_TO_UINT32 (p_attr->attr_value.v.u32, p);
962 if (p_attr->attr_value.v.u32 < 0x10000)
965 p_attr->attr_len_type = (UINT16)attr_len | (attr_type << 12);
966 p_attr->attr_value.v.u16 = (UINT16) p_attr->attr_value.v.u32;
971 /* See if we can compress his UUID down to 16 or 32bit UUIDs */
972 if (sdpu_is_base_uuid (p))
974 if ((p[0] == 0) && (p[1] == 0))
976 p_attr->attr_len_type = (p_attr->attr_len_type & ~SDP_DISC_ATTR_LEN_MASK) | 2;
978 BE_STREAM_TO_UINT16 (p_attr->attr_value.v.u16, p);
979 p += MAX_UUID_SIZE - 4;
983 p_attr->attr_len_type = (p_attr->attr_len_type & ~SDP_DISC_ATTR_LEN_MASK) | 4;
984 BE_STREAM_TO_UINT32 (p_attr->attr_value.v.u32, p);
985 p += MAX_UUID_SIZE - 4;
990 /* coverity[overrun-local] */
992 Event overrun-local: Overrun of static array "p_attr->attr_value.v.array" of size 4 at position 15 with index variable "ijk"
993 False-positive: SDP uses scratch buffer to hold the attribute value.
994 The actual size of tSDP_DISC_ATVAL does not matter.
995 If the array size in tSDP_DISC_ATVAL is increase, we would increase the system RAM usage unnecessarily
997 BE_STREAM_TO_ARRAY (p, p_attr->attr_value.v.array, (INT32)attr_len);
1001 SDP_TRACE_WARNING ("SDP - bad len in UUID attr: %d", attr_len);
1002 return (p + attr_len);
1006 case DATA_ELE_SEQ_DESC_TYPE:
1007 case DATA_ELE_ALT_DESC_TYPE:
1008 /* Reserve the memory for the attribute now, as we need to add sub-attributes */
1009 p_db->p_free_mem += sizeof (tSDP_DISC_ATTR);
1010 p_db->mem_free -= sizeof (tSDP_DISC_ATTR);
1011 p_end = p + attr_len;
1014 /* SDP_TRACE_DEBUG ("SDP - attr nest level:%d", nest_level); */
1015 if (nest_level >= MAX_NEST_LEVELS)
1017 SDP_TRACE_ERROR ("SDP - attr nesting too deep");
1020 if(is_additional_list != 0 || attr_id == ATTR_ID_ADDITION_PROTO_DESC_LISTS)
1021 nest_level |= SDP_ADDITIONAL_LIST_MASK;
1022 /* SDP_TRACE_DEBUG ("SDP - attr nest level:0x%x(finish)", nest_level); */
1026 /* Now, add the list entry */
1027 p = add_attr (p, p_db, p_rec, 0, p_attr, (UINT8)(nest_level + 1));
1034 case TEXT_STR_DESC_TYPE:
1036 BE_STREAM_TO_ARRAY (p, p_attr->attr_value.v.array, (INT32)attr_len);
1039 case BOOLEAN_DESC_TYPE:
1043 p_attr->attr_value.v.u8 = *p++;
1046 SDP_TRACE_WARNING ("SDP - bad len in boolean attr: %d", attr_len);
1047 return (p + attr_len);
1051 default: /* switch (attr_type) */
1055 p_db->p_free_mem += total_len;
1056 p_db->mem_free -= total_len;
1058 /* Add the attribute to the end of the chain */
1061 if (!p_rec->p_first_attr)
1062 p_rec->p_first_attr = p_attr;
1065 tSDP_DISC_ATTR *p_attr1 = p_rec->p_first_attr;
1067 while (p_attr1->p_next_attr)
1068 p_attr1 = p_attr1->p_next_attr;
1070 p_attr1->p_next_attr = p_attr;
1075 if (!p_parent_attr->attr_value.v.p_sub_attr)
1077 p_parent_attr->attr_value.v.p_sub_attr = p_attr;
1078 /* SDP_TRACE_DEBUG ("parent:0x%x(id:%d), ch:0x%x(id:%d)",
1079 p_parent_attr, p_parent_attr->attr_id, p_attr, p_attr->attr_id); */
1083 tSDP_DISC_ATTR *p_attr1 = p_parent_attr->attr_value.v.p_sub_attr;
1084 /* SDP_TRACE_DEBUG ("parent:0x%x(id:%d), ch1:0x%x(id:%d)",
1085 p_parent_attr, p_parent_attr->attr_id, p_attr1, p_attr1->attr_id); */
1087 while (p_attr1->p_next_attr)
1088 p_attr1 = p_attr1->p_next_attr;
1090 p_attr1->p_next_attr = p_attr;
1091 /* SDP_TRACE_DEBUG ("new ch:0x%x(id:%d)", p_attr, p_attr->attr_id); */
1098 #endif /* CLIENT_ENABLED == TRUE */
OSDN Git Service
