From e15a27eee8d48871089d621ab43a21f2c855df1e Mon Sep 17 00:00:00 2001 From: xingxing Date: Tue, 1 Mar 2022 16:08:57 +0800 Subject: [PATCH] CVE-2021-0129.patch --- src/shared/att-types.h | 8 ++++++++ src/shared/gatt-server.c | 16 ++++------------ 2 files changed, 12 insertions(+), 12 deletions(-) diff --git a/src/shared/att-types.h b/src/shared/att-types.h index 99b1089..f468a98 100644 --- a/src/shared/att-types.h +++ b/src/shared/att-types.h @@ -142,6 +142,14 @@ struct bt_att_pdu_error_rsp { #define BT_ATT_PERM_WRITE_SECURE 0x0200 #define BT_ATT_PERM_SECURE (BT_ATT_PERM_READ_SECURE | \ BT_ATT_PERM_WRITE_SECURE) +#define BT_ATT_PERM_READ_MASK (BT_ATT_PERM_READ | \ + BT_ATT_PERM_READ_AUTHEN | \ + BT_ATT_PERM_READ_ENCRYPT | \ + BT_ATT_PERM_READ_SECURE) +#define BT_ATT_PERM_WRITE_MASK (BT_ATT_PERM_WRITE | \ + BT_ATT_PERM_WRITE_AUTHEN | \ + BT_ATT_PERM_WRITE_ENCRYPT | \ + BT_ATT_PERM_WRITE_SECURE) /* GATT Characteristic Properties Bitfield values */ #define BT_GATT_CHRC_PROP_BROADCAST 0x01 diff --git a/src/shared/gatt-server.c b/src/shared/gatt-server.c index 7e5d652..a79a786 100644 --- a/src/shared/gatt-server.c +++ b/src/shared/gatt-server.c @@ -473,9 +473,7 @@ static void process_read_by_type(struct async_read_op *op) return; } - ecode = check_permissions(server, attr, BT_ATT_PERM_READ | - BT_ATT_PERM_READ_AUTHEN | - BT_ATT_PERM_READ_ENCRYPT); + ecode = check_permissions(server, attr, BT_ATT_PERM_READ_MASK); if (ecode) goto error; @@ -848,9 +846,7 @@ static void write_cb(struct bt_att_chan *chan, uint8_t opcode, const void *pdu, (opcode == BT_ATT_OP_WRITE_REQ) ? "Req" : "Cmd", handle); - ecode = check_permissions(server, attr, BT_ATT_PERM_WRITE | - BT_ATT_PERM_WRITE_AUTHEN | - BT_ATT_PERM_WRITE_ENCRYPT); + ecode = check_permissions(server, attr, BT_ATT_PERM_WRITE_MASK); if (ecode) goto error; @@ -961,9 +957,7 @@ static void handle_read_req(struct bt_att_chan *chan, opcode == BT_ATT_OP_READ_BLOB_REQ ? "Blob " : "", handle); - ecode = check_permissions(server, attr, BT_ATT_PERM_READ | - BT_ATT_PERM_READ_AUTHEN | - BT_ATT_PERM_READ_ENCRYPT); + ecode = check_permissions(server, attr, BT_ATT_PERM_READ_MASK); if (ecode) goto error; @@ -1360,9 +1354,7 @@ static void prep_write_cb(struct bt_att_chan *chan, uint8_t opcode, util_debug(server->debug_callback, server->debug_data, "Prep Write Req - handle: 0x%04x", handle); - ecode = check_permissions(server, attr, BT_ATT_PERM_WRITE | - BT_ATT_PERM_WRITE_AUTHEN | - BT_ATT_PERM_WRITE_ENCRYPT); + ecode = check_permissions(server, attr, BT_ATT_PERM_WRITE_MASK); if (ecode) goto error; -- 2.27.0