AnsweredAssumed Answered

QN9020 SDK bug

Question asked by yijun ma on Jul 3, 2016
Latest reply on Jun 27, 2017 by Doug Brunner
#if (QN_SECURITY_ON)
int app_smpc_irk_req_ind_handler(ke_msg_id_t const msgid, struct smpc_irk_req_ind const *param,
                               ke_task_id_t const dest_id, ke_task_id_t const src_id)
{
    QPRINTF("IRK request indication idx is %d.\r\n", param->idx);


    uint8_t reject;
    uint8_t bonded_count = app_get_bond_nb();


    if (param->idx == 0xFF)
    {
        // We recognised this device, so update address for looking up correct LTK
        // It is no need to write back to NVDS.
        app_env.bonded_info[app_env.irk_pos - 1].peer_addr = app_env.dev_rec[param->idx].bonded_info.peer_addr;
        app_env.irk_pos = 0;
        return (KE_MSG_CONSUMED);
    }

 

param->idx == 0xFF

app_env.dev_rec[param->idx] will access out of boundary.

Outcomes