2014-11-17 16:08:11

by Arman Uguray

[permalink] [raw]
Subject: [PATCH BlueZ 1/2] tools/btgatt-server: Free and early return if device name has length 0.

In the write callback for the device name characteristic, we should
check early if the value is being truncated completely and free the
value and return. Otherwise, the realloc call might correctly return
NULL if called with a length of 0, which would be incorrectly treated as
an error.
---
tools/btgatt-server.c | 8 ++++++++
1 file changed, 8 insertions(+)

diff --git a/tools/btgatt-server.c b/tools/btgatt-server.c
index 2b89be1..c603b30 100644
--- a/tools/btgatt-server.c
+++ b/tools/btgatt-server.c
@@ -160,6 +160,14 @@ static void gap_device_name_write_cb(struct gatt_db_attribute *attrib,

PRLOG("GAP Device Name Write called\n");

+ /* If the value is being completely truncated, clean up and return */
+ if (!(offset + len)) {
+ free(server->device_name);
+ server->device_name = NULL;
+ server->name_len = 0;
+ goto done;
+ }
+
/* Implement this as a variable length attribute value. */
if (offset > server->name_len) {
error = BT_ATT_ERROR_INVALID_OFFSET;
--
2.1.0.rc2.206.gedb03e5



2014-11-18 15:16:33

by Luiz Augusto von Dentz

[permalink] [raw]
Subject: Re: [PATCH BlueZ 1/2] tools/btgatt-server: Free and early return if device name has length 0.

Hi Arman,

On Mon, Nov 17, 2014 at 6:08 PM, Arman Uguray <[email protected]> wrote:
> In the write callback for the device name characteristic, we should
> check early if the value is being truncated completely and free the
> value and return. Otherwise, the realloc call might correctly return
> NULL if called with a length of 0, which would be incorrectly treated as
> an error.
> ---
> tools/btgatt-server.c | 8 ++++++++
> 1 file changed, 8 insertions(+)
>
> diff --git a/tools/btgatt-server.c b/tools/btgatt-server.c
> index 2b89be1..c603b30 100644
> --- a/tools/btgatt-server.c
> +++ b/tools/btgatt-server.c
> @@ -160,6 +160,14 @@ static void gap_device_name_write_cb(struct gatt_db_attribute *attrib,
>
> PRLOG("GAP Device Name Write called\n");
>
> + /* If the value is being completely truncated, clean up and return */
> + if (!(offset + len)) {
> + free(server->device_name);
> + server->device_name = NULL;
> + server->name_len = 0;
> + goto done;
> + }
> +
> /* Implement this as a variable length attribute value. */
> if (offset > server->name_len) {
> error = BT_ATT_ERROR_INVALID_OFFSET;
> --
> 2.1.0.rc2.206.gedb03e5

Applied, thanks.


--
Luiz Augusto von Dentz

2014-11-17 16:08:12

by Arman Uguray

[permalink] [raw]
Subject: [PATCH BlueZ 2/2] TODO: tools/btgatt-server has been introduced.

---
TODO | 9 ---------
1 file changed, 9 deletions(-)

diff --git a/TODO b/TODO
index fec0fa2..ca3779b 100644
--- a/TODO
+++ b/TODO
@@ -167,15 +167,6 @@ ATT/GATT (new shared stack)
Priority: Medium
Complexity: C2

-- Provide a tool for shared/gatt-server. This tool should demonstrate how a
- shared/gatt-db can be used together with a shared/gatt-server to implement the
- GATT server role. This should be written in a way so that it can be easily
- used in conjunction with a remote instance of tools/btgatt-client (i.e. it
- should listen for incoming connections, have similar verbose output, etc.)
-
- Priority: Medium
- Complexity: C2
-
- Implement other low-priority ATT protocol operations for shared/gatt-server:

Read Multiple Request
--
2.1.0.rc2.206.gedb03e5