[PATCH BlueZ 0/1] fix writes to attributes of size 512

public inbox for linux-bluetooth@vger.kernel.org
 help / color / mirror / Atom feed

* [PATCH BlueZ 0/1] fix writes to attributes of size 512
@ 2023-08-09 20:27 Bart Philips
  2023-08-09 20:27 ` [PATCH BlueZ 1/1] fix writing attributes of length 512 Bart Philips
  2023-08-10  0:10 ` [PATCH BlueZ 0/1] " patchwork-bot+bluetooth
  0 siblings, 2 replies; 4+ messages in thread
From: Bart Philips @ 2023-08-09 20:27 UTC (permalink / raw)
  To: linux-bluetooth; +Cc: Bart Philips

writing attributes of length 512 fails, although the Bluetooth spec (Vol 4, Part F, 3.2.9) states that attributes sizes up to 512 are allowed. The check_length calls in write_cb and prep_write_cb in gatt-server.c currently pass the length parameter that include the handle/offset length and therefore fail for attributes of length 512. This patch subtracts the handle/offset length before passing it to the check_length function, allowing writes to attributes up to 512 in size. 

Bart Philips (1):
  fix writing attributes of length 512

 src/shared/gatt-server.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

-- 
2.34.1

^ permalink raw reply	[flat|nested] 4+ messages in thread

* [PATCH BlueZ 1/1] fix writing attributes of length 512
  2023-08-09 20:27 [PATCH BlueZ 0/1] fix writes to attributes of size 512 Bart Philips
@ 2023-08-09 20:27 ` Bart Philips
  2023-08-09 23:00   ` fix writes to attributes of size 512 bluez.test.bot
  2023-08-10  0:10 ` [PATCH BlueZ 0/1] " patchwork-bot+bluetooth
  1 sibling, 1 reply; 4+ messages in thread
From: Bart Philips @ 2023-08-09 20:27 UTC (permalink / raw)
  To: linux-bluetooth; +Cc: Bart Philips

---
 src/shared/gatt-server.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/shared/gatt-server.c b/src/shared/gatt-server.c
index 0512d06f6..c7ce3ec1f 100644
--- a/src/shared/gatt-server.c
+++ b/src/shared/gatt-server.c
@@ -846,7 +846,7 @@ static void write_cb(struct bt_att_chan *chan, uint8_t opcode, const void *pdu,
 	DBG(server, "Write %s - handle: 0x%04x",
 		(opcode == BT_ATT_OP_WRITE_REQ) ? "Req" : "Cmd", handle);
 
-	ecode = check_length(length, 0);
+	ecode = check_length(length - 2, 0);
 	if (ecode)
 		goto error;
 
@@ -1333,7 +1333,7 @@ static void prep_write_cb(struct bt_att_chan *chan, uint8_t opcode,
 
 	DBG(server, "Prep Write Req - handle: 0x%04x", handle);
 
-	ecode = check_length(length, offset);
+	ecode = check_length(length - 4, offset);
 	if (ecode)
 		goto error;
 
-- 
2.34.1


^ permalink raw reply related	[flat|nested] 4+ messages in thread

* RE: fix writes to attributes of size 512
  2023-08-09 20:27 ` [PATCH BlueZ 1/1] fix writing attributes of length 512 Bart Philips
@ 2023-08-09 23:00   ` bluez.test.bot
  0 siblings, 0 replies; 4+ messages in thread
From: bluez.test.bot @ 2023-08-09 23:00 UTC (permalink / raw)
  To: linux-bluetooth, bartphilips1

[-- Attachment #1: Type: text/plain, Size: 1707 bytes --]

This is automated email and please do not reply to this email!

Dear submitter,

Thank you for submitting the patches to the linux bluetooth mailing list.
This is a CI test results with your patch series:
PW Link:https://patchwork.kernel.org/project/bluetooth/list/?series=774683

---Test result---

Test Summary:
CheckPatch                    PASS      0.38 seconds
GitLint                       PASS      0.26 seconds
BuildEll                      PASS      35.08 seconds
BluezMake                     PASS      1243.06 seconds
MakeCheck                     PASS      13.84 seconds
MakeDistcheck                 PASS      204.06 seconds
CheckValgrind                 PASS      330.63 seconds
CheckSmatch                   WARNING   454.78 seconds
bluezmakeextell               PASS      135.61 seconds
IncrementalBuild              PASS      1067.75 seconds
ScanBuild                     PASS      1450.74 seconds

Details
##############################
Test: CheckSmatch - WARNING
Desc: Run smatch tool with source
Output:
src/shared/gatt-server.c:276:25: warning: Variable length array is used.src/shared/gatt-server.c:619:25: warning: Variable length array is used.src/shared/gatt-server.c:718:25: warning: Variable length array is used.src/shared/gatt-server.c:276:25: warning: Variable length array is used.src/shared/gatt-server.c:619:25: warning: Variable length array is used.src/shared/gatt-server.c:718:25: warning: Variable length array is used.src/shared/gatt-server.c:276:25: warning: Variable length array is used.src/shared/gatt-server.c:619:25: warning: Variable length array is used.src/shared/gatt-server.c:718:25: warning: Variable length array is used.

---
Regards,
Linux Bluetooth

^ permalink raw reply	[flat|nested] 4+ messages in thread

* Re: [PATCH BlueZ 0/1] fix writes to attributes of size 512
  2023-08-09 20:27 [PATCH BlueZ 0/1] fix writes to attributes of size 512 Bart Philips
  2023-08-09 20:27 ` [PATCH BlueZ 1/1] fix writing attributes of length 512 Bart Philips
@ 2023-08-10  0:10 ` patchwork-bot+bluetooth
  1 sibling, 0 replies; 4+ messages in thread
From: patchwork-bot+bluetooth @ 2023-08-10  0:10 UTC (permalink / raw)
  To: Bart Philips; +Cc: linux-bluetooth, bart.philips

Hello:

This patch was applied to bluetooth/bluez.git (master)
by Luiz Augusto von Dentz <luiz.von.dentz@intel.com>:

On Wed,  9 Aug 2023 22:27:22 +0200 you wrote:
> writing attributes of length 512 fails, although the Bluetooth spec (Vol 4, Part F, 3.2.9) states that attributes sizes up to 512 are allowed. The check_length calls in write_cb and prep_write_cb in gatt-server.c currently pass the length parameter that include the handle/offset length and therefore fail for attributes of length 512. This patch subtracts the handle/offset length before passing it to the check_length function, allowing writes to attributes up to 512 in size.
> 
> Bart Philips (1):
>   fix writing attributes of length 512
> 
>  src/shared/gatt-server.c | 4 ++--
>  1 file changed, 2 insertions(+), 2 deletions(-)

Here is the summary with links:
  - [BlueZ,1/1] fix writing attributes of length 512
    https://git.kernel.org/pub/scm/bluetooth/bluez.git/?id=8bf3a4a265bb

You are awesome, thank you!
-- 
Deet-doot-dot, I am a bot.
https://korg.docs.kernel.org/patchwork/pwbot.html



^ permalink raw reply	[flat|nested] 4+ messages in thread

end of thread, other threads:[~2023-08-10  0:10 UTC | newest]

Thread overview: 4+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2023-08-09 20:27 [PATCH BlueZ 0/1] fix writes to attributes of size 512 Bart Philips
2023-08-09 20:27 ` [PATCH BlueZ 1/1] fix writing attributes of length 512 Bart Philips
2023-08-09 23:00   ` fix writes to attributes of size 512 bluez.test.bot
2023-08-10  0:10 ` [PATCH BlueZ 0/1] " patchwork-bot+bluetooth

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox