writing attributes of length 512 fails, although the Bluetooth spec (Vol 4, Part F, 3.2.9) states that attributes sizes up to 512 are allowed. The check_length calls in write_cb and prep_write_cb in gatt-server.c currently pass the length parameter that include the handle/offset length and therefore fail for attributes of length 512. This patch subtracts the handle/offset length before passing it to the check_length function, allowing writes to attributes up to 512 in size.
Bart Philips (1):
fix writing attributes of length 512
src/shared/gatt-server.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
--
2.34.1
---
src/shared/gatt-server.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/src/shared/gatt-server.c b/src/shared/gatt-server.c
index 0512d06f6..c7ce3ec1f 100644
--- a/src/shared/gatt-server.c
+++ b/src/shared/gatt-server.c
@@ -846,7 +846,7 @@ static void write_cb(struct bt_att_chan *chan, uint8_t opcode, const void *pdu,
DBG(server, "Write %s - handle: 0x%04x",
(opcode == BT_ATT_OP_WRITE_REQ) ? "Req" : "Cmd", handle);
- ecode = check_length(length, 0);
+ ecode = check_length(length - 2, 0);
if (ecode)
goto error;
@@ -1333,7 +1333,7 @@ static void prep_write_cb(struct bt_att_chan *chan, uint8_t opcode,
DBG(server, "Prep Write Req - handle: 0x%04x", handle);
- ecode = check_length(length, offset);
+ ecode = check_length(length - 4, offset);
if (ecode)
goto error;
--
2.34.1
This is automated email and please do not reply to this email!
Dear submitter,
Thank you for submitting the patches to the linux bluetooth mailing list.
This is a CI test results with your patch series:
PW Link:https://patchwork.kernel.org/project/bluetooth/list/?series=774683
---Test result---
Test Summary:
CheckPatch PASS 0.38 seconds
GitLint PASS 0.26 seconds
BuildEll PASS 35.08 seconds
BluezMake PASS 1243.06 seconds
MakeCheck PASS 13.84 seconds
MakeDistcheck PASS 204.06 seconds
CheckValgrind PASS 330.63 seconds
CheckSmatch WARNING 454.78 seconds
bluezmakeextell PASS 135.61 seconds
IncrementalBuild PASS 1067.75 seconds
ScanBuild PASS 1450.74 seconds
Details
##############################
Test: CheckSmatch - WARNING
Desc: Run smatch tool with source
Output:
src/shared/gatt-server.c:276:25: warning: Variable length array is used.src/shared/gatt-server.c:619:25: warning: Variable length array is used.src/shared/gatt-server.c:718:25: warning: Variable length array is used.src/shared/gatt-server.c:276:25: warning: Variable length array is used.src/shared/gatt-server.c:619:25: warning: Variable length array is used.src/shared/gatt-server.c:718:25: warning: Variable length array is used.src/shared/gatt-server.c:276:25: warning: Variable length array is used.src/shared/gatt-server.c:619:25: warning: Variable length array is used.src/shared/gatt-server.c:718:25: warning: Variable length array is used.
---
Regards,
Linux Bluetooth
Hello:
This patch was applied to bluetooth/bluez.git (master)
by Luiz Augusto von Dentz <[email protected]>:
On Wed, 9 Aug 2023 22:27:22 +0200 you wrote:
> writing attributes of length 512 fails, although the Bluetooth spec (Vol 4, Part F, 3.2.9) states that attributes sizes up to 512 are allowed. The check_length calls in write_cb and prep_write_cb in gatt-server.c currently pass the length parameter that include the handle/offset length and therefore fail for attributes of length 512. This patch subtracts the handle/offset length before passing it to the check_length function, allowing writes to attributes up to 512 in size.
>
> Bart Philips (1):
> fix writing attributes of length 512
>
> src/shared/gatt-server.c | 4 ++--
> 1 file changed, 2 insertions(+), 2 deletions(-)
Here is the summary with links:
- [BlueZ,1/1] fix writing attributes of length 512
https://git.kernel.org/pub/scm/bluetooth/bluez.git/?id=8bf3a4a265bb
You are awesome, thank you!
--
Deet-doot-dot, I am a bot.
https://korg.docs.kernel.org/patchwork/pwbot.html