u8 *spos_tmp;
/* Offset */
- if (*spos + 2 > end) {
+ if (end - *spos < 2) {
wpa_printf(MSG_DEBUG, "P2P: No room for full "
"DNS offset field");
return -1;
return 0;
(*spos)++;
- if (*spos + len > end) {
+ if (len > end - *spos) {
wpa_printf(MSG_DEBUG, "P2P: Invalid domain name "
"sequence - no room for label with length "
"%u", len);
return -1;
}
- if (*upos + len + 2 > uend)
+ if (len + 2 > uend - *upos)
return -2;
os_memcpy(*upos, *spos, len);
}
+static void wpas_sd_all_asp(struct wpa_supplicant *wpa_s,
+ struct wpabuf *resp, u8 srv_trans_id)
+{
+ /* Query data to add all P2PS advertisements:
+ * - Service name length: 1
+ * - Service name: '*'
+ * - Service Information Request Length: 0
+ */
+ const u8 q[] = { 1, (const u8) '*', 0 };
+
+ if (p2p_get_p2ps_adv_list(wpa_s->global->p2p))
+ wpas_sd_req_asp(wpa_s, resp, srv_trans_id, q, sizeof(q));
+}
+
+
void wpas_sd_request(void *ctx, int freq, const u8 *sa, u8 dialog_token,
u16 update_indic, const u8 *tlvs, size_t tlvs_len)
{
if (resp == NULL)
return;
- while (pos + 1 < end) {
+ while (end - pos > 1) {
wpa_printf(MSG_DEBUG, "P2P: Service Request TLV");
slen = WPA_GET_LE16(pos);
pos += 2;
- if (pos + slen > end || slen < 2) {
+ if (slen > end - pos || slen < 2) {
wpa_printf(MSG_DEBUG, "P2P: Unexpected Query Data "
"length");
wpabuf_free(resp);
"response");
wpas_sd_all_bonjour(wpa_s, resp, srv_trans_id);
wpas_sd_all_upnp(wpa_s, resp, srv_trans_id);
+ wpas_sd_all_asp(wpa_s, resp, srv_trans_id);
goto done;
}
wpa_printf(MSG_DEBUG, "P2P: Service Discovery Request "
"for all services");
if (dl_list_empty(&wpa_s->global->p2p_srv_upnp) &&
- dl_list_empty(&wpa_s->global->p2p_srv_bonjour)) {
+ dl_list_empty(&wpa_s->global->p2p_srv_bonjour) &&
+ !p2p_get_p2ps_adv_list(wpa_s->global->p2p)) {
wpa_printf(MSG_DEBUG, "P2P: No service "
"discovery protocols available");
wpas_sd_add_proto_not_avail(
}
wpas_sd_all_bonjour(wpa_s, resp, srv_trans_id);
wpas_sd_all_upnp(wpa_s, resp, srv_trans_id);
+ wpas_sd_all_asp(wpa_s, resp, srv_trans_id);
break;
case P2P_SERV_BONJOUR:
wpas_sd_req_bonjour(wpa_s, resp, srv_trans_id,
u8 svc_len;
/* Sanity check fixed length+svc_str */
- if (pos + 6 >= tlv_end)
+ if (6 >= tlv_end - pos)
break;
svc_len = pos[6];
- if (pos + svc_len + 10 > tlv_end)
+ if (svc_len + 10 > tlv_end - pos)
break;
/* Advertisement ID */
}
}
- while (pos < end) {
+ while (end - pos >= 2) {
u8 srv_proto, srv_trans_id, status;
wpa_printf(MSG_DEBUG, "P2P: Service Response TLV");
slen = WPA_GET_LE16(pos);
pos += 2;
- if (pos + slen > end || slen < 3) {
+ if (slen > end - pos || slen < 3) {
wpa_printf(MSG_DEBUG, "P2P: Unexpected Response Data "
"length");
return;
struct p2p_srv_upnp, list)
wpas_p2p_srv_upnp_free(usrv);
+ wpas_p2p_service_flush_asp(wpa_s);
wpas_p2p_sd_service_update(wpa_s);
}
int wpas_p2p_service_del_asp(struct wpa_supplicant *wpa_s, u32 adv_id)
{
- return p2p_service_del_asp(wpa_s->global->p2p, adv_id);
+ int ret;
+
+ ret = p2p_service_del_asp(wpa_s->global->p2p, adv_id);
+ if (ret == 0)
+ wpas_p2p_sd_service_update(wpa_s);
+ return ret;
}
int wpas_p2p_service_add_asp(struct wpa_supplicant *wpa_s,
int auto_accept, u32 adv_id,
const char *adv_str, u8 svc_state,
- u16 config_methods, const char *svc_info)
+ u16 config_methods, const char *svc_info,
+ const u8 *cpt_priority)
+{
+ int ret;
+
+ ret = p2p_service_add_asp(wpa_s->global->p2p, auto_accept, adv_id,
+ adv_str, svc_state, config_methods,
+ svc_info, cpt_priority);
+ if (ret == 0)
+ wpas_p2p_sd_service_update(wpa_s);
+ return ret;
+}
+
+
+void wpas_p2p_service_flush_asp(struct wpa_supplicant *wpa_s)
{
- return p2p_service_add_asp(wpa_s->global->p2p, auto_accept, adv_id,
- adv_str, svc_state, config_methods,
- svc_info);
+ p2p_service_flush_asp(wpa_s->global->p2p);
}