From c52cae536684d42ff21b4d78ac0bcc3acbcdf2a8 Mon Sep 17 00:00:00 2001
From: Arkadiusz Lichwa <arkadiusz.lichwa@tieto.com>
Date: Wed, 23 Sep 2015 15:54:45 +0200
Subject: [PATCH] Bluetooth: GATT: Fix differentiate errors on write ccc

Refines errors check when attempting to write over the boundary
of attribute room.

Change-Id: Ia27b86ce380a178b8e7834adf6da4009a6d60233
Signed-off-by: Arkadiusz Lichwa <arkadiusz.lichwa@tieto.com>
---
 net/bluetooth/gatt.c | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/net/bluetooth/gatt.c b/net/bluetooth/gatt.c
index 1402380777b..44addd22fc2 100644
--- a/net/bluetooth/gatt.c
+++ b/net/bluetooth/gatt.c
@@ -246,10 +246,14 @@ int bt_gatt_attr_write_ccc(struct bt_conn *conn,
 	bool bonded;
 	size_t i;
 
-	if (len != sizeof(*data) || offset) {
+	if (offset > sizeof(*data)) {
 		return -EINVAL;
 	}
 
+	if (offset + len > sizeof(*data)) {
+		return -EFBIG;
+	}
+
 	if (bt_keys_find_addr(&conn->dst))
 		bonded = true;
 	else