Hi Mariusz,
On Tuesday, 5 May 2020 10:29:01 CEST Mariusz Skamra wrote:
> This patch adds invalid offset handlers to write callbacks of attributes.
> ---
> client/gatt.c | 15 +++++++++++++++
> 1 file changed, 15 insertions(+)
>
> diff --git a/client/gatt.c b/client/gatt.c
> index 416eda953..5713f8343 100644
> --- a/client/gatt.c
> +++ b/client/gatt.c
> @@ -2141,6 +2141,12 @@ static void authorize_write_response(const char
> *input, void *user_data) goto error;
> }
>
> + if (aad->offset > chrc->value_len) {
> + err = "org.bluez.Error.InvalidOffset";
> +
> + goto error;
> + }
> +
> /* Authorization check of prepare writes */
> if (prep_authorize) {
> reply = g_dbus_create_reply(pending_message,
DBUS_TYPE_INVALID);
> @@ -2272,6 +2278,11 @@ static DBusMessage *chrc_write_value(DBusConnection
> *conn, DBusMessage *msg, return NULL;
> }
>
> + if (offset > chrc->value_len)
> + return g_dbus_create_error(msg,
> + "org.bluez.Error.InvalidOffset",
NULL);
> +
> +
> /* Authorization check of prepare writes */
> if (prep_authorize)
> return g_dbus_create_reply(msg, DBUS_TYPE_INVALID);
> @@ -2683,6 +2694,10 @@ static DBusMessage *desc_write_value(DBusConnection
> *conn, DBusMessage *msg, return g_dbus_create_error(msg,
> "org.bluez.Error.InvalidArguments",
NULL);
>
> + if (offset > desc->value_len)
> + return g_dbus_create_error(msg,
> + "org.bluez.Error.InvalidOffset",
NULL);
> +
> if (write_value(&desc->value_len, &desc->value, value,
> value_len, offset, desc-
>max_val_len))
> return g_dbus_create_error(msg,
Applied, thanks.
--
pozdrawiam
Szymon Janc
