From 7381d7635789a87d9a37b105838be5ee797c21d0 Mon Sep 17 00:00:00 2001 From: Junior Martinez <67972863+jmartinez-silabs@users.noreply.github.com> Date: Sat, 6 Jan 2024 18:42:48 -0500 Subject: [PATCH] [Silabs]Add a static assert to ensure there is no out of bound write (#31268) * Add a static assert to ensure there is no out of bound write * address comments --- src/platform/silabs/BLEManagerImpl.h | 5 ++++- src/platform/silabs/efr32/BLEManagerImpl.cpp | 1 + src/platform/silabs/rs911x/BLEManagerImpl.cpp | 1 + 3 files changed, 6 insertions(+), 1 deletion(-) diff --git a/src/platform/silabs/BLEManagerImpl.h b/src/platform/silabs/BLEManagerImpl.h index de149d7d71149b..72cca87af37351 100644 --- a/src/platform/silabs/BLEManagerImpl.h +++ b/src/platform/silabs/BLEManagerImpl.h @@ -143,7 +143,6 @@ class BLEManagerImpl final : public BLEManager, private BleLayer, private BlePla static BLEManagerImpl sInstance; // ===== Private members reserved for use by this class only. - enum class Flags : uint16_t { kAdvertisingEnabled = 0x0001, @@ -161,6 +160,10 @@ class BLEManagerImpl final : public BLEManager, private BleLayer, private BlePla kUnusedIndex = 0xFF, }; + static constexpr uint8_t kFlagTlvSize = 3; // 1 byte for length, 1b for type and 1b for the Flag value + static constexpr uint8_t kUUIDTlvSize = 4; // 1 byte for length, 1b for type and 2b for the UUID value + static constexpr uint8_t kDeviceNameTlvSize = (2 + kMaxDeviceNameLength); // 1 byte for length, 1b for type and + device name + struct CHIPoBLEConState { #if !(SLI_SI91X_ENABLE_BLE || RSI_BLE_ENABLE) diff --git a/src/platform/silabs/efr32/BLEManagerImpl.cpp b/src/platform/silabs/efr32/BLEManagerImpl.cpp index fe8acb3ad02fcb..0cc4ae0d6c54ec 100644 --- a/src/platform/silabs/efr32/BLEManagerImpl.cpp +++ b/src/platform/silabs/efr32/BLEManagerImpl.cpp @@ -444,6 +444,7 @@ CHIP_ERROR BLEManagerImpl::ConfigureAdvertisingData(void) mDeviceNameLength = strlen(mDeviceName); // Device Name length + length field VerifyOrExit(mDeviceNameLength < kMaxDeviceNameLength, err = CHIP_ERROR_INVALID_ARGUMENT); + static_assert((kUUIDTlvSize + kDeviceNameTlvSize) <= MAX_RESPONSE_DATA_LEN, "Scan Response buffer is too small"); mDeviceIdInfoLength = sizeof(mDeviceIdInfo); // Servicedatalen + length+ UUID (Short) static_assert(sizeof(mDeviceIdInfo) + CHIP_ADV_SHORT_UUID_LEN + 1 <= UINT8_MAX, "Our length won't fit in a uint8_t"); diff --git a/src/platform/silabs/rs911x/BLEManagerImpl.cpp b/src/platform/silabs/rs911x/BLEManagerImpl.cpp index 717f0798c2068d..343acf6f50ac84 100644 --- a/src/platform/silabs/rs911x/BLEManagerImpl.cpp +++ b/src/platform/silabs/rs911x/BLEManagerImpl.cpp @@ -563,6 +563,7 @@ CHIP_ERROR BLEManagerImpl::ConfigureAdvertisingData(void) mDeviceNameLength = strlen(mDeviceName); // Device Name length + length field VerifyOrExit(mDeviceNameLength < kMaxDeviceNameLength, err = CHIP_ERROR_INVALID_ARGUMENT); + static_assert((kFlagTlvSize + kUUIDTlvSize + kDeviceNameTlvSize) <= MAX_RESPONSE_DATA_LEN, "Scan Response buffer is too small"); mDeviceIdInfoLength = sizeof(mDeviceIdInfo); // Servicedatalen + length+ UUID (Short) static_assert(sizeof(mDeviceIdInfo) + CHIP_ADV_SHORT_UUID_LEN + 1 <= UINT8_MAX, "Our length won't fit in a uint8_t");