From f43e5cf391dc0a50a559a5c9038fee68d958ea4b Mon Sep 17 00:00:00 2001
From: Bart Philips <bartphilips1@gmail.com>
Date: Wed, 9 Aug 2023 22:27:23 +0200
Subject: [PATCH] shared/gatt-server: Fix not allowing valid attribute writes

The length check shall not consider the command header, just its
payload.
---
 src/shared/gatt-server.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/shared/gatt-server.c b/src/shared/gatt-server.c
index 6a8380c..48cfbbf 100644
--- a/src/shared/gatt-server.c
+++ b/src/shared/gatt-server.c
@@ -898,7 +898,7 @@ static void write_cb(struct bt_att_chan *chan, uint8_t opcode, const void *pdu,
 	if (ecode)
 		goto error;
 #else
-	ecode = check_length(length, 0);
+	ecode = check_length(length - 2, 0);
 	if (ecode)
 		goto error;
 #endif
@@ -1484,7 +1484,7 @@ static void prep_write_cb(struct bt_att_chan *chan, uint8_t opcode,
 	if (ecode)
 		goto error;
 #else
-	ecode = check_length(length, offset);
+	ecode = check_length(length - 4, offset);
 	if (ecode)
 		goto error;
 #endif
-- 
2.7.4