shared/gatt-server: Fix att length check logic

Change-Id: I04d44a2ae04fbdb69af449035335346a97931933
Signed-off-by: Wootak Jung <wootak.jung@samsung.com>

diff --git a/src/shared/gatt-server.c b/src/shared/gatt-server.c
index 714f217..68eadae 100644 (file)
--- a/src/shared/gatt-server.c
+++ b/src/shared/gatt-server.c
@@ -867,9 +867,15 @@ static void write_cb(struct bt_att_chan *chan, uint8_t opcode, const void *pdu,
                                (opcode == BT_ATT_OP_WRITE_REQ) ? "Req" : "Cmd",
                                handle);
 
+#if defined TIZEN_FEATURE_BLUEZ_MODIFY
+       ecode = check_length(length - 2, 0);
+       if (ecode)
+               goto error;
+#else
        ecode = check_length(length, 0);
        if (ecode)
                goto error;
+#endif
 
        ecode = check_permissions(server, attr, BT_ATT_PERM_WRITE_MASK);
        if (ecode)
@@ -1449,9 +1455,15 @@ static void prep_write_cb(struct bt_att_chan *chan, uint8_t opcode,
        util_debug(server->debug_callback, server->debug_data,
                                "Prep Write Req - handle: 0x%04x", handle);
 
+#if defined TIZEN_FEATURE_BLUEZ_MODIFY
+       ecode = check_length(length - 4, offset);
+       if (ecode)
+               goto error;
+#else
        ecode = check_length(length, offset);
        if (ecode)
                goto error;
+#endif
 
        ecode = check_permissions(server, attr, BT_ATT_PERM_WRITE_MASK);
        if (ecode)