| Message ID | 20200505082901.258762-1-mariusz.skamra@codecoup.pl (mailing list archive) |
|---|---|
| State | New, archived |
| Headers | show |
| Series | [BlueZ] client: Update write callbacks with invalid offset error handlers | expand |
Hi Mariusz, On Tuesday, 5 May 2020 10:29:01 CEST Mariusz Skamra wrote: > This patch adds invalid offset handlers to write callbacks of attributes. > --- > client/gatt.c | 15 +++++++++++++++ > 1 file changed, 15 insertions(+) > > diff --git a/client/gatt.c b/client/gatt.c > index 416eda953..5713f8343 100644 > --- a/client/gatt.c > +++ b/client/gatt.c > @@ -2141,6 +2141,12 @@ static void authorize_write_response(const char > *input, void *user_data) goto error; > } > > + if (aad->offset > chrc->value_len) { > + err = "org.bluez.Error.InvalidOffset"; > + > + goto error; > + } > + > /* Authorization check of prepare writes */ > if (prep_authorize) { > reply = g_dbus_create_reply(pending_message, DBUS_TYPE_INVALID); > @@ -2272,6 +2278,11 @@ static DBusMessage *chrc_write_value(DBusConnection > *conn, DBusMessage *msg, return NULL; > } > > + if (offset > chrc->value_len) > + return g_dbus_create_error(msg, > + "org.bluez.Error.InvalidOffset", NULL); > + > + > /* Authorization check of prepare writes */ > if (prep_authorize) > return g_dbus_create_reply(msg, DBUS_TYPE_INVALID); > @@ -2683,6 +2694,10 @@ static DBusMessage *desc_write_value(DBusConnection > *conn, DBusMessage *msg, return g_dbus_create_error(msg, > "org.bluez.Error.InvalidArguments", NULL); > > + if (offset > desc->value_len) > + return g_dbus_create_error(msg, > + "org.bluez.Error.InvalidOffset", NULL); > + > if (write_value(&desc->value_len, &desc->value, value, > value_len, offset, desc- >max_val_len)) > return g_dbus_create_error(msg, Applied, thanks.
diff --git a/client/gatt.c b/client/gatt.c index 416eda953..5713f8343 100644 --- a/client/gatt.c +++ b/client/gatt.c @@ -2141,6 +2141,12 @@ static void authorize_write_response(const char *input, void *user_data) goto error; } + if (aad->offset > chrc->value_len) { + err = "org.bluez.Error.InvalidOffset"; + + goto error; + } + /* Authorization check of prepare writes */ if (prep_authorize) { reply = g_dbus_create_reply(pending_message, DBUS_TYPE_INVALID); @@ -2272,6 +2278,11 @@ static DBusMessage *chrc_write_value(DBusConnection *conn, DBusMessage *msg, return NULL; } + if (offset > chrc->value_len) + return g_dbus_create_error(msg, + "org.bluez.Error.InvalidOffset", NULL); + + /* Authorization check of prepare writes */ if (prep_authorize) return g_dbus_create_reply(msg, DBUS_TYPE_INVALID); @@ -2683,6 +2694,10 @@ static DBusMessage *desc_write_value(DBusConnection *conn, DBusMessage *msg, return g_dbus_create_error(msg, "org.bluez.Error.InvalidArguments", NULL); + if (offset > desc->value_len) + return g_dbus_create_error(msg, + "org.bluez.Error.InvalidOffset", NULL); + if (write_value(&desc->value_len, &desc->value, value, value_len, offset, desc->max_val_len)) return g_dbus_create_error(msg,