Bluetooth: GATT: Fix ccc cfg leak

ccc cfg is allocated when a peer updates a ccc value. This fix will retain a cfg only if the new value is not default. Change-id: I586082818145e43c771a6fccdb0bf2b3cecdd30c Signed-off-by: Vinayak Chettimada <vinayak.kariappa.chettimada@nordicsemi.no>
2016-09-07 06:37:37 +02:00 · 2016-09-07 06:37:37 +02:00 · d72b06da56
commit d72b06da56
parent 42f7ab9443
1 changed files with 12 additions and 2 deletions
--- a/net/bluetooth/gatt.c
+++ b/net/bluetooth/gatt.c
@ -333,6 +333,7 @@ ssize_t bt_gatt_attr_write_ccc(struct bt_conn *conn,
 			       uint16_t len, uint16_t offset, uint8_t flags)
 {
 	struct _bt_gatt_ccc *ccc = attr->user_data;
+	uint16_t value;
 	size_t i;

 	if (offset > sizeof(uint16_t)) {
@ -343,6 +344,8 @@ ssize_t bt_gatt_attr_write_ccc(struct bt_conn *conn,
 		return BT_GATT_ERR(BT_ATT_ERR_INVALID_ATTRIBUTE_LEN);
 	}

+	value = sys_get_le16(buf);
+
 	for (i = 0; i < ccc->cfg_len; i++) {
 		/* Check for existing configuration */
 		if (!bt_addr_le_cmp(&ccc->cfg[i].peer, &conn->le.dst)) {
@ -358,7 +361,11 @@ ssize_t bt_gatt_attr_write_ccc(struct bt_conn *conn,
 			}

 			bt_addr_le_copy(&ccc->cfg[i].peer, &conn->le.dst);
-			ccc->cfg[i].valid = true;
+
+			if (value) {
+				ccc->cfg[i].valid = true;
+			}
+
 			break;
 		}

@ -366,9 +373,12 @@ ssize_t bt_gatt_attr_write_ccc(struct bt_conn *conn,
 			BT_WARN("No space to store CCC cfg");
 			return BT_GATT_ERR(BT_ATT_ERR_INSUFFICIENT_RESOURCES);
 		}
+	} else if (!value) {
+		/* free existing configuration for default value */
+		ccc->cfg[i].valid = false;
 	}

-	ccc->cfg[i].value = sys_get_le16(buf);
+	ccc->cfg[i].value = value;

 	BT_DBG("handle 0x%04x value %u", attr->handle, ccc->cfg[i].value);