From: Anupam Roy <anupam.r@samsung.com>
Date: Mon, 12 Oct 2020 07:44:49 +0000 (+0530)
Subject: Validate address for sending GATT notification
X-Git-Tag: submit/tizen/20201027.003129~1
X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=refs%2Fchanges%2F70%2F245570%2F2;p=platform%2Fcore%2Fapi%2Fbluetooth.git

Validate address for sending GATT notification

This patch handles validating remote address provided
by application for sending GATT server notification.

Change-Id: Iaae70970bd9f03b2da2beb8e9f0e63f8fad2ea43
Signed-off-by: Anupam Roy <anupam.r@samsung.com>
---

diff --git a/include/bluetooth_private.h b/include/bluetooth_private.h
index 1b19e05..c0bf50b 100644
--- a/include/bluetooth_private.h
+++ b/include/bluetooth_private.h
@@ -66,6 +66,7 @@ extern "C" {
 #define PXP_LINK_LOSS_SVC_UUID		"1803"
 #define PXP_TX_POWER_SVC_UUID		"1804"
 
+#define BT_ADDRESS_REGEX_STRING "^([0-9a-fA-F][0-9a-fA-F]:){5}([0-9a-fA-F][0-9a-fA-F])$"
 /**
  * @internal
  * @brief Bluetooth callback.
@@ -753,6 +754,8 @@ int _bt_convert_address_to_string(char **addr_str, bluetooth_device_address_t *a
  */
 void _bt_convert_address_to_hex(bluetooth_device_address_t *addr_hex, const char *addr_str);
 
+gboolean _bt_validate_device_address(const char *addr_str);
+
 void _handle_gatt_client_read_completed_event(int result, bt_gatt_resp_data_t *resp);
 
 void _handle_gatt_client_write_completed_event(int result, bt_gatt_resp_data_t *resp);
diff --git a/src/bluetooth-common.c b/src/bluetooth-common.c
index c6514ef..78cde86 100644
--- a/src/bluetooth-common.c
+++ b/src/bluetooth-common.c
@@ -653,6 +653,42 @@ int _bt_convert_address_to_string(char **addr_str, bluetooth_device_address_t *a
 		return BT_ERROR_OUT_OF_MEMORY; /* LCOV_EXCL_LINE */
 }
 
+gboolean _bt_utf8_validate(const char *name)
+{
+	gunichar2 *u16;
+	glong items_written = 0;
+
+	if (FALSE == g_utf8_validate(name, -1, NULL))
+		return FALSE;
+
+	u16 = g_utf8_to_utf16(name, -1, NULL, &items_written, NULL);
+	if (u16 == NULL)
+		return FALSE;
+
+	g_free(u16);
+	if (items_written != g_utf8_strlen(name, -1))
+		return FALSE;
+
+	return TRUE;
+}
+
+gboolean _bt_validate_device_address(const char *addr_str)
+{
+
+	if (!addr_str) {
+		BT_INFO("NULL address");
+		return TRUE;
+	}
+
+	if (_bt_utf8_validate(addr_str) == FALSE) {
+		BT_ERR("Srting UTF-8 validation failed!");
+		return FALSE;
+	}
+
+	return g_regex_match_simple(BT_ADDRESS_REGEX_STRING,
+			addr_str, G_REGEX_OPTIMIZE, 0);
+}
+
 void _bt_convert_address_to_hex(bluetooth_device_address_t *addr_hex, const char *addr_str)
 {
 	char *ptr1, *ptr2, *ptr3, *ptr4, *ptr5;
@@ -2828,6 +2864,7 @@ static void __bt_event_proxy(int event, bluetooth_event_param_t *param, void *us
 			return;
 		}
 
+		BT_INFO("CCCD Noticfication ENABLED [%d]", notif_info->notification);
 		cb(notif_info->notification, server_handle, char_handle, user_data_cfm);
 #else
 		bt_gatt_char_notify_change_t *value_change = param->param_data;
diff --git a/src/bluetooth-gatt.c b/src/bluetooth-gatt.c
index 8c43fcd..1915e47 100644
--- a/src/bluetooth-gatt.c
+++ b/src/bluetooth-gatt.c
@@ -3248,6 +3248,10 @@ int bt_gatt_server_notify_characteristic_changed_value(bt_gatt_h characteristic,
 
 	BT_VALIDATE_GATT_HANDLE(characteristic);
 
+	BT_INFO("Device Address [%s]", device_address);
+	if (!_bt_validate_device_address(device_address))
+		return BT_ERROR_INVALID_PARAMETER;
+
 	_bt_convert_address_to_hex(&addr_hex, device_address); /* LCOV_EXCL_START */
 
 #ifdef TIZEN_FEATURE_GATT_RELAY