ArduinoBLE icon indicating copy to clipboard operation
ArduinoBLE copied to clipboard
verified publisher icon arduino-libraries

Buffer overflow with Giga R1 WiFi

Open controllercustom opened this issue 2 years ago • 0 comments

On Giga R1 WiFi with Murata 1DX Bluetooth 5.1, the ATT error response PDU is 5 bytes (see Bluetooth Core v5.1, section 3.4.1.1) but the response buffer is only 4 bytes long. respLength is 5.

  • BLERemoteDescriptor::writeValue https://github.com/arduino-libraries/ArduinoBLE/blob/8ca541559676bc88dce841a889d80ba557fb0399/src/remote/BLERemoteDescriptor.cpp#L79

  • BLERemoteCharacteristic::writeValue https://github.com/arduino-libraries/ArduinoBLE/blob/8ca541559676bc88dce841a889d80ba557fb0399/src/remote/BLERemoteCharacteristic.cpp#L109

A buffer size of 256 avoids the buffer overflow but might be overkill.

However, fixing this still does not fix any problems with subscribing/reading characteristics on some devices. But at least the failure code in the PDU does point to insufficent authentication (error code 0x05). So perhaps the peripheral is not satisfied with pairing/bonding.

Testing is done using PeripheralExplorer.

controllercustom avatar Jul 24 '23 21:07 controllercustom