Validate buttonless DFU advertising name length

[nrbrook]

Summary

• Validate buttonless DFU advertising name requests against the current write-with-response payload before writing.
• Preserve user-specified names instead of truncating them, and fail with DFUError.invalidAdvertisementName when the name is too long for the current connection.
• Document the conservative 18-byte limit for default ATT MTU and the runtime MTU-dependent behavior.

Problem

The existing implementation truncates a user-specified alternative advertising name to 20 bytes, matching the buttonless DFU service's maximum advertising name length. However, the full set-name write also includes the opcode and length byte, so a 20-byte name requires a 22-byte ATT write payload.

With the default ATT MTU, the write-with-response payload can be only 20 bytes. In that case, CoreBluetooth may send the oversized set-name command using ATT Prepare Write requests instead of a single ATT Write Request. Nordic's buttonless DFU set-name command is handled as a single write, and does not respond to prepare write, resulting in a connection timeout.

This change validates against the actual maximumWriteValueLength(for: .withResponse) at runtime. User-specified names that do not fit fail clearly instead of being truncated.

[CLAassistant]

All committers have signed the CLA.

[philips77]

Hi,
Good catch.

There are, however, few things that perhaps would make it easier...
First of all, maximumWriteValueLength(for: .withResponse) always returns 512, as Long Write is supported by iOS, and I don't think the central knows whether it is supported by the peripheral. It is the .withoutResponse that may return 20, had the MTU not been increased.

So we are only talking about limiting the name from 20 to 18, which perhaps could just be solved by trumcating it to 18...?

The name must fit into the advertising packet, which is 31 bytes long. 3 bytes are used for flags, 2 for the Local Name and length, leaving 26 for the max length of name, assuming there's no other data there. By default, the DFU bootloader advertises with a Secure DFU UUID, which is 16-bit long, which consumes additional 6 bytes, hence the limit was set to 20. However, as you said, if the ATT MTU is 23 (default), and 2 bytes are used for the opcode and command, the max size is in fact 18 bytes.

As far as I remember, the library is using a default name with format DFUxxxxx, where x are random numbers. Do you need anything longer than that?

I admit, that the limit of 20 is incorrect, but limit of 18 would seem to be fine. Or am I not seeing the whole picture? :)

[nrbrook]

Yes, I forgot about it returning 512, and just limited in my code. So a hard limit of 18 might be better. Do you agree with the approach of erroring rather than trimming?

I use a custom name for identification in the event the device gets stuck in the bootloader, for recovery.

[philips77]

On one hand, error seems more "fair", as the lib woundn't do any magic. On the other hand it "a bit" breaks compatibility, but on the 3rd hand - it's not that a lot of people are setting the name to 19 characters :)

If you find it better, let's keep the error. I like your comments and work you've done.

[nrbrook]

Personally I think an error is better, especially as it is a fixed limit. I've updated the changes to 18 bytes. Thanks!