michaelh/zephyr
1
0
Fork 0
Code Releases Activity

Bluetooth: GATT: Fix segfault discover descriptors all UUIDs

Browse source 
Handle optional argument UUID in bt_gatt_discover with type
DISCOVER_DESCRIPTOR, bt_uuid_cmp doesn't check for NULL pointer.
On system with MMU (nrf52_bsim) this can result in segfault.

Signed-off-by: Joakim Andersson <joakim.andersson@nordicsemi.no>
This commit is contained in:
Joakim Andersson 2019-07-10 16:57:47 +02:00 committed by Johan Hedberg
commit 3bddc20f87
1 changed files with 5 additions and 4 deletions
Download patch file Download diff file Expand all files Collapse all files

9
subsys/bluetooth/host/gatt.c
View file

@ -2587,10 +2587,11 @@ int bt_gatt_discover(struct bt_conn *conn,
return gatt_read_type(conn, params);
case BT_GATT_DISCOVER_DESCRIPTOR:
/* Only descriptors can be filtered */
if (!bt_uuid_cmp(params->uuid, BT_UUID_GATT_PRIMARY) ||
!bt_uuid_cmp(params->uuid, BT_UUID_GATT_SECONDARY) ||
!bt_uuid_cmp(params->uuid, BT_UUID_GATT_INCLUDE) ||
!bt_uuid_cmp(params->uuid, BT_UUID_GATT_CHRC)) {
if (params->uuid &&
(!bt_uuid_cmp(params->uuid, BT_UUID_GATT_PRIMARY) ||
!bt_uuid_cmp(params->uuid, BT_UUID_GATT_SECONDARY) ||
!bt_uuid_cmp(params->uuid, BT_UUID_GATT_INCLUDE) ||
!bt_uuid_cmp(params->uuid, BT_UUID_GATT_CHRC))) {
return -EINVAL;
}
/* Fallthrough. */