korg/bluez
0
0
Fork 0
mirror of https://git.kernel.org/pub/scm/bluetooth/bluez.git synced 2024-11-30 07:34:27 +08:00
Code Issues Packages Projects Releases Wiki Activity

android/gatt: Check for invalid handle errors

Browse Source 
Check if handle or handle range is valid for server. If is invalid,
reply with ATT_ECODE_INVALID_HANDLE.
This commit is contained in:
Marcin Kraglak 2014-05-30 11:37:42 +02:00 committed by Szymon Janc
parent 6f629ca9a9
commit b45ae2a1a0
1 changed files with 25 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

26
android/gatt.c
View File

@ -4715,6 +4715,9 @@ static uint8_t read_by_group_type(const uint8_t *cmd, uint16_t cmd_len,
if (!len)
return ATT_ECODE_INVALID_PDU;
if (start > end || start == 0)
return ATT_ECODE_INVALID_HANDLE;
q = queue_new();
if (!q)
return ATT_ECODE_INSUFF_RESOURCES;
@ -4768,7 +4771,7 @@ static uint8_t read_by_type(const uint8_t *cmd, uint16_t cmd_len,
if (!len)
return ATT_ECODE_INVALID_PDU;
if (start > end)
if (start > end || start == 0)
return ATT_ECODE_INVALID_HANDLE;
q = queue_new();
@ -4831,6 +4834,9 @@ static uint8_t read_request(const uint8_t *cmd, uint16_t cmd_len,
return ATT_ECODE_REQ_NOT_SUPP;
}
if (handle == 0)
return ATT_ECODE_INVALID_HANDLE;
data = new0(struct pending_request, 1);
if (!data)
return ATT_ECODE_INSUFF_RESOURCES;
@ -4910,6 +4916,9 @@ static uint8_t find_info_handle(const uint8_t *cmd, uint16_t cmd_len,
if (!len)
return ATT_ECODE_INVALID_PDU;
if (start > end || start == 0)
return ATT_ECODE_INVALID_HANDLE;
q = queue_new();
if (!q)
return ATT_ECODE_UNLIKELY;
@ -4979,6 +4988,9 @@ static uint8_t find_by_type_request(const uint8_t *cmd, uint16_t cmd_len,
if (!len)
return ATT_ECODE_INVALID_PDU;
if (start > end || start == 0)
return ATT_ECODE_INVALID_HANDLE;
q = queue_new();
if (!q)
return ATT_ECODE_UNLIKELY;
@ -5032,6 +5044,9 @@ static void write_cmd_request(const uint8_t *cmd, uint16_t cmd_len,
if (!len)
return;
if (handle == 0)
return;
if (!gatt_db_get_attribute_permissions(gatt_db, handle, &permissions))
return;
@ -5060,6 +5075,9 @@ static void write_signed_cmd_request(const uint8_t *cmd, uint16_t cmd_len,
len = dec_signed_write_cmd(cmd, cmd_len, &handle, value, &vlen, s);
if (handle == 0)
return;
if (!gatt_db_get_attribute_permissions(gatt_db, handle, &permissions))
return;
@ -5110,6 +5128,9 @@ static uint8_t write_req_request(const uint8_t *cmd, uint16_t cmd_len,
if (!len)
return ATT_ECODE_INVALID_PDU;
if (handle == 0)
return ATT_ECODE_INVALID_HANDLE;
if (!gatt_db_get_attribute_permissions(gatt_db, handle, &permissions))
return ATT_ECODE_ATTR_NOT_FOUND;
@ -5159,6 +5180,9 @@ static uint8_t write_prep_request(const uint8_t *cmd, uint16_t cmd_len,
if (!len)
return ATT_ECODE_INVALID_PDU;
if (handle == 0)
return ATT_ECODE_INVALID_HANDLE;
if (!gatt_db_get_attribute_permissions(gatt_db, handle, &permissions))
return ATT_ECODE_ATTR_NOT_FOUND;