Validates the PDU length of GATT Prepare Write attribute requests Validates whether the PDU length of GATT Prepare Write requests satisfy the minimum length requirements of GATT write attribute request format. Change-Id: Id18d32b050389ff8c71341bb738dd77225029acd

commit: 0acfd13d6937ab68d2334550e027c93c083276cc [log] [tgz]
author: Subramanian Srinivasan <subrsrin@codeaurora.org> Mon Feb 01 16:21:10 2016 -0800
committer: Andre Eisenbach <eisenbach@google.com> Fri Feb 12 02:20:24 2016 +0000
tree: bcf66b228a28320a28e26791e2eb7aff74f3b61d
parent: 79b294d7cb4b48a371dd6698d85e08771ed79eb1 [diff] [blame]
diff --git a/stack/gatt/gatt_sr.c b/stack/gatt/gatt_sr.c
index af9a7c8..4683e4f 100644
--- a/stack/gatt/gatt_sr.c
+++ b/stack/gatt/gatt_sr.c

@@ -1049,6 +1049,11 @@
     switch (op_code)
     {
         case GATT_REQ_PREPARE_WRITE:
+            if (len < 2) {
+                GATT_TRACE_ERROR("%s: Prepare write request was invalid - missing offset, sending error response", __func__);
+                gatt_send_error_rsp(p_tcb, GATT_INVALID_PDU, op_code, handle, FALSE);
+                return;
+            }
             sr_data.write_req.is_prep = TRUE;
             STREAM_TO_UINT16(sr_data.write_req.offset, p);
             len -= 2;
commit	0acfd13d6937ab68d2334550e027c93c083276cc	[log] [tgz]
author	Subramanian Srinivasan <subrsrin@codeaurora.org>	Mon Feb 01 16:21:10 2016 -0800
committer	Andre Eisenbach <eisenbach@google.com>	Fri Feb 12 02:20:24 2016 +0000
tree	bcf66b228a28320a28e26791e2eb7aff74f3b61d
parent	79b294d7cb4b48a371dd6698d85e08771ed79eb1 [diff] [blame]