The implementation in generic_dtt_server.c doesn't properly validate the set message parameter and generates a response despite the message should be ignored.
The Mesh Model Specification v1.0.1, Section "3.2.3.2 Generic Default Transition Time Set" reads
"Only values of 0x00 through 0x3E shall be used to specify the Transition Number of Steps."
This isn't properly followed in the current implementation and the callback is called and a response is generated.
This patch solves the problem.
diff --git a/models/model_spec/generic_dtt/src/generic_dtt_server.c b/models/model_spec/generic_dtt/src/generic_dtt_server.c
index 2e512a4..a146f78 100644
--- a/models/model_spec/generic_dtt/src/generic_dtt_server.c
+++ b/models/model_spec/generic_dtt/src/generic_dtt_server.c
@@ -96,6 +96,10 @@ static void handle_set(access_model_handle_t model_handle, const access_message_
if (p_rx_msg->length == sizeof(generic_dtt_set_msg_pkt_t))
{
generic_dtt_set_msg_pkt_t * p_msg_params_packed = (generic_dtt_set_msg_pkt_t *) p_rx_msg->p_data;
+ if (!model_transition_time_is_valid(p_msg_params_packed->transition_time))
+ {
+ return;
+ }
in_data.transition_time_ms = model_transition_time_decode(p_msg_params_packed->transition_time);
p_server->settings.p_callbacks->dtt_cbs.set_cb(p_server, &p_rx_msg->meta_data, &in_data,
