File shared-gatt-server-Fix-not-properly-checking-for-sec.patch of Package bluez.25504
From 00da0fb4972cf59e1c075f313da81ea549cb8738 Mon Sep 17 00:00:00 2001
From: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
Date: Tue, 2 Mar 2021 11:38:33 -0800
Subject: [PATCH] shared/gatt-server: Fix not properly checking for secure
flags
When passing the mask to check_permissions all valid permissions for
the operation must be set including BT_ATT_PERM_SECURE flags.
---
src/shared/att-types.h | 8 ++++++++
src/shared/gatt-server.c | 25 +++++++------------------
2 files changed, 15 insertions(+), 18 deletions(-)
Index: bluez-5.55/src/shared/att-types.h
===================================================================
--- bluez-5.55.orig/src/shared/att-types.h
+++ bluez-5.55/src/shared/att-types.h
@@ -142,6 +142,14 @@ struct bt_att_pdu_error_rsp {
#define BT_ATT_PERM_WRITE_SECURE 0x0200
#define BT_ATT_PERM_SECURE (BT_ATT_PERM_READ_SECURE | \
BT_ATT_PERM_WRITE_SECURE)
+#define BT_ATT_PERM_READ_MASK (BT_ATT_PERM_READ | \
+ BT_ATT_PERM_READ_AUTHEN | \
+ BT_ATT_PERM_READ_ENCRYPT | \
+ BT_ATT_PERM_READ_SECURE)
+#define BT_ATT_PERM_WRITE_MASK (BT_ATT_PERM_WRITE | \
+ BT_ATT_PERM_WRITE_AUTHEN | \
+ BT_ATT_PERM_WRITE_ENCRYPT | \
+ BT_ATT_PERM_WRITE_SECURE)
/* GATT Characteristic Properties Bitfield values */
#define BT_GATT_CHRC_PROP_BROADCAST 0x01
Index: bluez-5.55/src/shared/gatt-server.c
===================================================================
--- bluez-5.55.orig/src/shared/gatt-server.c
+++ bluez-5.55/src/shared/gatt-server.c
@@ -473,9 +473,7 @@ static void process_read_by_type(struct
return;
}
- ecode = check_permissions(server, attr, BT_ATT_PERM_READ |
- BT_ATT_PERM_READ_AUTHEN |
- BT_ATT_PERM_READ_ENCRYPT);
+ ecode = check_permissions(server, attr, BT_ATT_PERM_READ_MASK);
if (ecode)
goto error;
@@ -848,9 +846,7 @@ static void write_cb(struct bt_att_chan
(opcode == BT_ATT_OP_WRITE_REQ) ? "Req" : "Cmd",
handle);
- ecode = check_permissions(server, attr, BT_ATT_PERM_WRITE |
- BT_ATT_PERM_WRITE_AUTHEN |
- BT_ATT_PERM_WRITE_ENCRYPT);
+ ecode = check_permissions(server, attr, BT_ATT_PERM_WRITE_MASK);
if (ecode)
goto error;
@@ -961,9 +957,7 @@ static void handle_read_req(struct bt_at
opcode == BT_ATT_OP_READ_BLOB_REQ ? "Blob " : "",
handle);
- ecode = check_permissions(server, attr, BT_ATT_PERM_READ |
- BT_ATT_PERM_READ_AUTHEN |
- BT_ATT_PERM_READ_ENCRYPT);
+ ecode = check_permissions(server, attr, BT_ATT_PERM_READ_MASK);
if (ecode)
goto error;
@@ -1105,9 +1099,8 @@ static void read_multiple_complete_cb(st
goto error;
}
- ecode = check_permissions(data->server, next_attr, BT_ATT_PERM_READ |
- BT_ATT_PERM_READ_AUTHEN |
- BT_ATT_PERM_READ_ENCRYPT);
+ ecode = check_permissions(data->server, next_attr,
+ BT_ATT_PERM_READ_MASK);
if (ecode)
goto error;
@@ -1183,9 +1176,7 @@ static void read_multiple_cb(struct bt_a
goto error;
}
- ecode = check_permissions(data->server, attr, BT_ATT_PERM_READ |
- BT_ATT_PERM_READ_AUTHEN |
- BT_ATT_PERM_READ_ENCRYPT);
+ ecode = check_permissions(data->server, attr, BT_ATT_PERM_READ_MASK);
if (ecode)
goto error;
@@ -1362,9 +1353,7 @@ static void prep_write_cb(struct bt_att_
util_debug(server->debug_callback, server->debug_data,
"Prep Write Req - handle: 0x%04x", handle);
- ecode = check_permissions(server, attr, BT_ATT_PERM_WRITE |
- BT_ATT_PERM_WRITE_AUTHEN |
- BT_ATT_PERM_WRITE_ENCRYPT);
+ ecode = check_permissions(server, attr, BT_ATT_PERM_WRITE_MASK);
if (ecode)
goto error;