shared/gatt-server: Fix att length check logic

Change-Id: Ia5d5e43d20ad952c5a993398ab8dea42529a6162
Signed-off-by: Wootak Jung <wootak.jung@samsung.com>

diff --git a/src/shared/gatt-server.c b/src/shared/gatt-server.c
index 714f217..9aed2ec 100644 (file)
--- a/src/shared/gatt-server.c
+++ b/src/shared/gatt-server.c
@@ -867,9 +867,18 @@ static void write_cb(struct bt_att_chan *chan, uint8_t opcode, const void *pdu,
                                (opcode == BT_ATT_OP_WRITE_REQ) ? "Req" : "Cmd",
                                handle);
 
+#if defined TIZEN_FEATURE_BLUEZ_MODIFY
+       /* Because the length includes handle 2bytes,
+        * 'length - 2' should be delivered when checking att length
+        */
+       ecode = check_length(length - 2, 0);
+       if (ecode)
+               goto error;
+#else
        ecode = check_length(length, 0);
        if (ecode)
                goto error;
+#endif
 
        ecode = check_permissions(server, attr, BT_ATT_PERM_WRITE_MASK);
        if (ecode)
@@ -1449,9 +1458,18 @@ static void prep_write_cb(struct bt_att_chan *chan, uint8_t opcode,
        util_debug(server->debug_callback, server->debug_data,
                                "Prep Write Req - handle: 0x%04x", handle);
 
+#if defined TIZEN_FEATURE_BLUEZ_MODIFY
+       /* Because the length includes handle 2bytes and offset 2bytes,
+        * 'length - 4' should be delivered when checking att length
+        */
+       ecode = check_length(length - 4, offset);
+       if (ecode)
+               goto error;
+#else
        ecode = check_length(length, offset);
        if (ecode)
                goto error;
+#endif
 
        ecode = check_permissions(server, attr, BT_ATT_PERM_WRITE_MASK);
        if (ecode)