Protect CCC from remote sending invalid prepare write offset. We are not using offset value in the code right now, but there is a test case in PTS that expects this error to be send. PTS can use this embeded service's ccc descriptor if no such descriptors are added by the user. --- android/gatt.c | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/android/gatt.c b/android/gatt.c index c00eb9e..70b8a00 100644 --- a/android/gatt.c +++ b/android/gatt.c @@ -7029,6 +7029,12 @@ static void gatt_srvc_change_write_cb(struct gatt_db_attribute *attrib, return; } + if (offset > 1) { + gatt_db_attribute_write_result(attrib, id, + ATT_ECODE_INVALID_OFFSET); + return; + } + /* 2 octets are expected as CCC value */ if (len != 2) { gatt_db_attribute_write_result(attrib, id, -- 1.9.1 -- To unsubscribe from this list: send the line "unsubscribe linux-bluetooth" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html