From cb678e9924def456b891f785a7a4cb3e696f06b1 Mon Sep 17 00:00:00 2001
From: Wootak Jung <wootak.jung@samsung.com>
Date: Fri, 7 Apr 2023 14:50:34 +0900
Subject: [PATCH] shared/gatt-server: Fix att length check logic

Change-Id: I04d44a2ae04fbdb69af449035335346a97931933
Signed-off-by: Wootak Jung <wootak.jung@samsung.com>
---
 src/shared/gatt-server.c | 12 ++++++++++++
 1 file changed, 12 insertions(+)

diff --git a/src/shared/gatt-server.c b/src/shared/gatt-server.c
index 714f217d..68eadae6 100644
--- a/src/shared/gatt-server.c
+++ b/src/shared/gatt-server.c
@@ -867,9 +867,15 @@ static void write_cb(struct bt_att_chan *chan, uint8_t opcode, const void *pdu,
 				(opcode == BT_ATT_OP_WRITE_REQ) ? "Req" : "Cmd",
 				handle);
 
+#if defined TIZEN_FEATURE_BLUEZ_MODIFY
+	ecode = check_length(length - 2, 0);
+	if (ecode)
+		goto error;
+#else
 	ecode = check_length(length, 0);
 	if (ecode)
 		goto error;
+#endif
 
 	ecode = check_permissions(server, attr, BT_ATT_PERM_WRITE_MASK);
 	if (ecode)
@@ -1449,9 +1455,15 @@ static void prep_write_cb(struct bt_att_chan *chan, uint8_t opcode,
 	util_debug(server->debug_callback, server->debug_data,
 				"Prep Write Req - handle: 0x%04x", handle);
 
+#if defined TIZEN_FEATURE_BLUEZ_MODIFY
+	ecode = check_length(length - 4, offset);
+	if (ecode)
+		goto error;
+#else
 	ecode = check_length(length, offset);
 	if (ecode)
 		goto error;
+#endif
 
 	ecode = check_permissions(server, attr, BT_ATT_PERM_WRITE_MASK);
 	if (ecode)
-- 
2.34.1