nimble: fix not handling invalid offset read With this patch it is possible to pass TC_GAR_SR_BI_13_C and TC_GAR_SR_BI_29_C.
Project: http://git-wip-us.apache.org/repos/asf/incubator-mynewt-core/repo Commit: http://git-wip-us.apache.org/repos/asf/incubator-mynewt-core/commit/2c34fe2a Tree: http://git-wip-us.apache.org/repos/asf/incubator-mynewt-core/tree/2c34fe2a Diff: http://git-wip-us.apache.org/repos/asf/incubator-mynewt-core/diff/2c34fe2a Branch: refs/heads/develop Commit: 2c34fe2a7095882001d1fe48acc0370241088df7 Parents: 5ffe8db Author: MichaÅ Narajowski <[email protected]> Authored: Mon Dec 19 16:51:03 2016 +0100 Committer: MichaÅ Narajowski <[email protected]> Committed: Tue Dec 20 09:40:10 2016 +0100 ---------------------------------------------------------------------- net/nimble/host/src/ble_gatts.c | 2 ++ 1 file changed, 2 insertions(+) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/incubator-mynewt-core/blob/2c34fe2a/net/nimble/host/src/ble_gatts.c ---------------------------------------------------------------------- diff --git a/net/nimble/host/src/ble_gatts.c b/net/nimble/host/src/ble_gatts.c index 235040b..9801f1b 100644 --- a/net/nimble/host/src/ble_gatts.c +++ b/net/nimble/host/src/ble_gatts.c @@ -336,6 +336,8 @@ ble_gatts_val_access(uint16_t conn_handle, uint16_t attr_handle, attr_len = OS_MBUF_PKTLEN(gatt_ctxt->om) - offset; if (attr_len > 0) { os_mbuf_appendfrom(*om, gatt_ctxt->om, offset, attr_len); + } else { + return BLE_ATT_ERR_INVALID_OFFSET; } }
