Hi Jakub,
On Tuesday 16 of December 2014 13:02:37 Jakub Tyszkowski wrote:
> For application services, characteristics and descriptors it's user app's
> responsibility to verify value length but for embeded ones we need to do
> this in daemon. This is checked in TC_GAW_SR_BI_34_C and PTS tries to
> write to embeded CCC descritor if no other descriptors are added by the
> apps. It is expected by PTS for us to be more strict about value length
> controll.
> ---
> android/gatt.c | 7 +++++++
> 1 file changed, 7 insertions(+)
>
> diff --git a/android/gatt.c b/android/gatt.c
> index 1e2627b..5f2f1c4 100644
> --- a/android/gatt.c
> +++ b/android/gatt.c
> @@ -6958,6 +6958,13 @@ static void gatt_srvc_change_write_cb(struct gatt_db_attribute *attrib,
> return;
> }
>
> + /* No more than 2 octets are expected */
> + if (len > 2) {
> + gatt_db_attribute_write_result(attrib, id,
> + ATT_ECODE_INVAL_ATTR_VALUE_LEN);
> + return;
> + }
> +
I think we should check if len == 2 here and use get_le16()
and pass u16 to bt_store_gatt_ccc() (instead of u8 as will *value).
> /* Set services changed indication value */
> bt_store_gatt_ccc(bdaddr, *value);
>
>
--
Best regards,
Szymon Janc
--
To unsubscribe from this list: send the line "unsubscribe linux-bluetooth" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
