Received: by 2002:a05:6a10:9afc:0:0:0:0 with SMTP id t28csp1238552pxm;
        Sat, 26 Feb 2022 09:18:34 -0800 (PST)
X-Google-Smtp-Source: ABdhPJxrYFMd6LHdSg+AiTEUVyanORWO8fPDPZWgcm1Dzs03TYW3YO4o7kRhDijyCOaXIJDUhA1V
X-Received: by 2002:aa7:cdd3:0:b0:410:8042:4549 with SMTP id h19-20020aa7cdd3000000b0041080424549mr12214131edw.335.1645895914441;
        Sat, 26 Feb 2022 09:18:34 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1645895914; cv=none;
        d=google.com; s=arc-20160816;
        b=vXUoiHgoQ6dnjzzEcvdOp+oMAcOl8Felzz5X5KGuX/NySv896EL4tJm9/uniQsa1g7
         3M5mYA/9HC+Rr6P7BqjMZ05TK9+WUtTjg6Jdv1yvLLEhvOkNrS28ULMBvuIl/SBDYaa6
         iU9nu3+FbFVjneuqBP/bmsIv+SfN/gtnMLpZbyEmjuLqW6biD2n1IbcT8PJuUmIMZAzo
         l+d1xozlbuDbnpn1Z4ZZQNQ3u0ehr6slSpJuMNB+4+wTX0V/SCEfbol1ESuW/gQXUaRY
         rCddThMVOX5AZYWIZliCyRHRoz4B2caURhKmGIIPueJ/RPGnHaSIvssiFfHqnuwDCnZh
         5+Gg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:content-transfer-encoding:mime-version
         :message-id:date:subject:cc:to:from:dkim-signature;
        bh=3EqbRWxbzPf36Pvq3MgmlhdSEMELrRjn+dZL2V3FbT8=;
        b=cJq4QDA5XzQhVtNXETI/PBWhyMtE8dRKG4zzclQl8jTRFjIVdVYbYvGI55mqcm+fwa
         kTsrhz97PQ/tgtlXtUab/VXHXIopq/cEFkVvN69+kPQU2uYu6JgQ8Y9KbVI5Q+x1JaJ8
         bFnaqKhLOdEDn6AKpLuvUKSOnVf3KSPo4dka4qo+EIKHCYUprYrmttJ2YHOq4Y8JIJ98
         CLq/TOOREvqPBxF0jJmDDkbrmRCbxyhBOWp9RNAErTRzpiLleLLt9IwtVZtlfP70brN7
         4rIixTGKxz1QAeNJzlTP1lXZufF3NlJDlPfKowpBkZPVGBkdYskpaEkwZgFY9ZmcvPDK
         bjFQ==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=fail header.i=@kemnade.info header.s=20180802 header.b=GDXWKkZq;
       spf=pass (google.com: domain of linux-bluetooth-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-bluetooth-owner@vger.kernel.org
Return-Path: <linux-bluetooth-owner@vger.kernel.org>
Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20])
        by mx.google.com with ESMTP id d9-20020a170906640900b006d343d69d42si3318054ejm.329.2022.02.26.09.17.51;
        Sat, 26 Feb 2022 09:18:34 -0800 (PST)
Received-SPF: pass (google.com: domain of linux-bluetooth-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20;
Authentication-Results: mx.google.com;
       dkim=fail header.i=@kemnade.info header.s=20180802 header.b=GDXWKkZq;
       spf=pass (google.com: domain of linux-bluetooth-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-bluetooth-owner@vger.kernel.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S231139AbiBZKmV (ORCPT <rfc822;bopamo@gmail.com> + 99 others);
        Sat, 26 Feb 2022 05:42:21 -0500
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:45890 "EHLO
        lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S229751AbiBZKmV (ORCPT
        <rfc822;linux-bluetooth@vger.kernel.org>);
        Sat, 26 Feb 2022 05:42:21 -0500
X-Greylist: delayed 1977 seconds by postgrey-1.37 at lindbergh.monkeyblade.net; Sat, 26 Feb 2022 02:41:46 PST
Received: from mail.andi.de1.cc (mail.andi.de1.cc [IPv6:2a01:238:4321:8900:456f:ecd6:43e:202c])
        by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 26F4C290E53
        for <linux-bluetooth@vger.kernel.org>; Sat, 26 Feb 2022 02:41:46 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed;
        d=kemnade.info; s=20180802; h=Content-Transfer-Encoding:MIME-Version:
        Message-Id:Date:Subject:Cc:To:From:Sender:Reply-To:Content-Type:Content-ID:
        Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc
        :Resent-Message-ID:In-Reply-To:References:List-Id:List-Help:List-Unsubscribe:
        List-Subscribe:List-Post:List-Owner:List-Archive;
        bh=3EqbRWxbzPf36Pvq3MgmlhdSEMELrRjn+dZL2V3FbT8=; b=GDXWKkZqVT9uQphiZpoxS0RYor
        nRjjreNYhn1EddvU8HRQMrtD/E7lDWEZYNfp5PVJuXG4azeK49m+JReVt2GhnrgrmQimtnmDi26Y+
        iZMypl5mhEKAaBS87Up39ArBwkEa2kkwJZAEcCJZYSXbNEbXyQf4SwMNuWCAy09TgHf8=;
Received: from p200300ccff34d3001a3da2fffebfd33a.dip0.t-ipconnect.de ([2003:cc:ff34:d300:1a3d:a2ff:febf:d33a] helo=aktux)
        by mail.andi.de1.cc with esmtpsa (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
        (Exim 4.89)
        (envelope-from <andreas@kemnade.info>)
        id 1nNu0M-0000Yj-T7; Sat, 26 Feb 2022 11:08:47 +0100
Received: from andi by aktux with local (Exim 4.94.2)
        (envelope-from <andreas@kemnade.info>)
        id 1nNu0M-006SjS-AE; Sat, 26 Feb 2022 11:08:46 +0100
From:   Andreas Kemnade <andreas@kemnade.info>
To:     linux-bluetooth@vger.kernel.org
Cc:     Andreas Kemnade <andreas@kemnade.info>
Subject: [PATCH BlueZ] gatt: sanitize input at profile registration
Date:   Sat, 26 Feb 2022 11:08:36 +0100
Message-Id: <20220226100836.1540367-1-andreas@kemnade.info>
X-Mailer: git-send-email 2.30.2
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
X-Spam-Score: -1.0 (-)
X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIM_SIGNED,
        DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,SPF_HELO_NONE,SPF_NONE,
        T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.6
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on
        lindbergh.monkeyblade.net
Precedence: bulk
List-ID: <linux-bluetooth.vger.kernel.org>
X-Mailing-List: linux-bluetooth@vger.kernel.org

Check whether type of UUIDs property of GattProfile1 object
is correct.
---
 src/gatt-database.c | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/src/gatt-database.c b/src/gatt-database.c
index 481222d44..485af04ea 100644
--- a/src/gatt-database.c
+++ b/src/gatt-database.c
@@ -3423,6 +3423,11 @@ static struct external_profile *create_profile(struct gatt_app *app,
 		goto fail;
 	}
 
+	if (dbus_message_iter_get_arg_type(&iter) != DBUS_TYPE_ARRAY) {
+		DBG("UUIDs wrongly formatted");
+		goto fail;
+	}
+
 	dbus_message_iter_recurse(&iter, &array);
 
 	while (dbus_message_iter_get_arg_type(&array) == DBUS_TYPE_STRING) {
-- 
2.30.2