auracaster/bumble_mirror
3
0
Fork 1
mirror of https://github.com/google/bumble.git synced 2026-05-08 03:58:01 +00:00
Code Issues Packages Projects Releases Wiki Activity
1,668 Commits 19 Branches 124 Tags
c55eb156b88aa6d849a60bcd3a680fe3c20b53e1
Commit Graph

308 Commits

Author SHA1 Message Date
Ievgen Bondarenko
c55eb156b8 sdp: fix lint formatting (black: blank line after import pytest) 2026-04-24 00:06:56 -07:00
ibondarenko1
8614881fb3 sdp: bound DataElement parse recursion to prevent RecursionError DoS 
DataElement.from_bytes -> list_from_bytes -> (SEQUENCE/ALTERNATIVE
constructor dispatches back to list_from_bytes) had no depth limit. A
malicious SDP peer could send a PDU of a few kilobytes containing ~1000
nested SEQUENCE tags and exhaust the Python recursion stack, crashing the
host with an unhandled RecursionError propagating out of the SDP handler.

Reachable via: any remote Bluetooth device that Bumble performs SDP
service discovery against (default during Classic connection setup).

Same family as PR #912 (ATT_PDU.from_bytes empty PDU IndexError) - remote
unchecked-input parser crash in the Bluetooth stack.

Fix: thread-local depth counter, cap nesting at 32 (well above anything a
legitimate service record uses). Added two regression tests covering the
deep-nesting reject path and normal 16-level-nested SEQUENCE parsing.

Reproducer (4.5 KB payload, deterministic crash on 0.0.228):

    from bumble.sdp import DataElement
    inner = b"\x35\x00"
    for _ in range(1500):
        size = len(inner)
        if size < 65535:
            inner = bytes([0x36, (size >> 8) & 0xFF, size & 0xFF]) + inner
    DataElement.from_bytes(inner)  # RecursionError before fix

Signed-off-by: ibondarenko1 <ibondarenko1@users.noreply.github.com>
 2026-04-23 00:53:06 -07:00
Josh Wu
27d02ef18d Merge pull request #913 from zxzxwu/sdp 
SDP: Fix wrong parameter size
 2026-04-20 16:32:37 +08:00
Josh Wu
c0725e2a4a SDP: Fix wrong parameter size 2026-04-20 16:23:19 +08:00
Gilles Boccon-Gibod
f7cc6f6657 release command semaphore after timeout 2026-04-15 16:54:54 +02:00
Josh Wu
3ded9014d3 Merge pull request #905 from markusjellitsch/feature/debug-keys 
Feature  - Add SMP Debug Mode  (Core Vol.3, Part H)
 2026-04-09 15:36:42 +08:00
Markus Jellitsch
25a0056ecc remove uncommented line 2026-04-03 23:08:16 +02:00
Markus Jellitsch
e85f041e9d add test for smp debug mode 2026-04-03 23:04:48 +02:00
Josh Wu
3af623be7e Keys: Remove appdirs and improve typing 2026-03-31 16:25:15 +08:00
Josh Wu
0ba9e5c317 Add read classic remote features support 2026-03-20 18:32:52 +08:00
Josh Wu
2915cb8bb6 Add test for UUID hash 2026-03-04 00:22:50 +08:00
Josh Wu
c158f25b1e Emulation: Support LE Read features 2026-03-01 02:24:55 +08:00
Josh Wu
f9ba527508 Merge pull request #821 from zxzxwu/smp 
Migrate most enums
 2026-02-11 13:15:22 +08:00
Josh Wu
a407c4cabf Merge pull request #883 from zxzxwu/avrcp 
AVRCP: More delegation and bugfix
 2026-02-11 13:13:16 +08:00
Josh Wu
797cd216d4 SMP: Migrate all enums 2026-02-10 20:08:01 +08:00
timrid
81d9adb983 delete only the required connection 2026-02-05 20:50:58 +01:00
timrid
79e5974946 Multiple le connections are now working correctly 2026-02-05 13:15:57 +01:00
Josh Wu
9f730dce6f AVRCP: Delegate Track Changed 2026-02-05 15:50:06 +08:00
Josh Wu
1a6be95a7e AVRCP: Delegate UID and Addressed Player 2026-02-05 15:44:11 +08:00
Josh Wu
aea5320d71 AVRCP: Add Play Item delegation 2026-02-05 15:34:03 +08:00
Josh Wu
81bdc86e52 AVRCP: Delegate Player App Settings 2026-02-05 15:22:11 +08:00
Gilles Boccon-Gibod
3894b14467 better handling of complete/status events 2026-02-02 23:28:40 -08:00
Gilles Boccon-Gibod
dcb8a4b607 Merge pull request #877 from google/gbg/hci-fixes 
fix a few HCI types and make the bridge more robust
 2026-02-02 11:19:28 -08:00
Josh Wu
34f5b81c7d AVRCP: Delegate Company ID capabilities 2026-01-29 22:13:14 +08:00
Josh Wu
d34d6a5c98 AVRCP: Delegate Playback Status 2026-01-29 21:33:57 +08:00
Josh Wu
aedc971653 AVRCP: Add SDP record class and finder 2026-01-29 16:00:50 +08:00
Josh Wu
c6815fb820 AVRCP: Delegate passthrough key event 2026-01-29 14:50:14 +08:00
Gilles Boccon-Gibod
e63dc15ede fix handling of return parameters 2026-01-27 09:39:22 -08:00
Gilles Boccon-Gibod
022323b19c Merge pull request #871 from google/gbg/sci 
add basic support for SCI
 2026-01-24 10:39:11 -08:00
Josh Wu
55719bf6de AVRCP: Fix wrong field specs 2026-01-22 22:18:58 +08:00
Gilles Boccon-Gibod
c577f17c99 add basic support for SCI 2026-01-20 15:32:55 -08:00
Gilles Boccon-Gibod
7e89c8a7f8 Merge pull request #868 from google/gbg/return-parameters 
typing support for HCI commands return parameters
 2026-01-19 09:49:15 -08:00
Gilles Boccon-Gibod
7523118581 typing surrport for HCI commands return parameters 2026-01-17 13:19:36 -08:00
zxzxwu
f4271a5646 Merge pull request #862 from zxzxwu/gatt-multiple 
GATT: Support Multiple Requests
 2026-01-16 15:08:02 +08:00
Josh Wu
84a6453dda Fix GATT TemplateSerivce annotations 2026-01-15 12:06:05 +08:00
Josh Wu
0fb2b3bd66 GATT: Support Multiple Requests 2026-01-12 20:51:38 +08:00
Josh Wu
d2df76f6f4 Add test for Heart Rate and Battery Service 2026-01-08 16:42:05 +08:00
Josh Wu
b153d0fcde L2CAP: Fix Enhanced Retransmission Segmentation 2026-01-07 23:49:57 +08:00
Josh Wu
4c3746a5b2 Fix some typos and annotations 2026-01-05 23:53:22 +08:00
Josh Wu
df697c6513 Add EATT Support 2026-01-04 21:51:50 +08:00
Josh Wu
3f643de4c1 Ruff: Add and fix UP rules 2026-01-01 03:25:32 +08:00
Gilles Boccon-Gibod
8e28f4e159 Merge pull request #845 from google/gbg/ruff 
use ruff for linting and import sorting
 2025-12-30 11:38:48 -08:00
zxzxwu
8823cf108f Merge pull request #840 from zxzxwu/credit 
L2CAP: Enhanced Credit-based Flow Control Mode
 2025-12-30 20:26:44 +08:00
Gilles Boccon-Gibod
4fb501a0ef use ruff for linting and import sorting 2025-12-29 19:28:45 -08:00
David Lechner
5bbbe5e40f Remove unused imports 
Mechanically remove unused imports with:

    ruff check --select F401 --fix --extend-exclude grpc_protobuf
 2025-12-29 17:19:11 -06:00
Josh Wu
618e977f20 L2CAP: Enhanced Credit-based Flow Control Mode 2025-12-23 19:51:55 +08:00
zxzxwu
e47cb5512c Merge pull request #779 from zxzxwu/l2cap 
L2CAP Enhanced Retransmission mode
 2025-12-03 21:57:48 +08:00
Josh Wu
456cb59b48 L2CAP: FCS Implementation 2025-12-01 16:10:45 +08:00
Josh Wu
a84f0279b1 Refactor LE emulation with LL and Air Interface 2025-11-28 16:10:38 +08:00
Josh Wu
d2a4c2a8e4 Implement extended advertising emulation 2025-11-27 20:56:10 +08:00