diff mbox series

[BlueZ] shared/gatt-server: Fix not properly checking for secure flags

Message ID 20210303002944.3444644-1-luiz.dentz@gmail.com
State New
Headers show
Series [BlueZ] shared/gatt-server: Fix not properly checking for secure flags | expand

Commit Message

Luiz Augusto von Dentz March 3, 2021, 12:29 a.m. UTC 
From: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>

When passing the mask to check_permissions all valid permissions for
the operation must be set including BT_ATT_PERM_SECURE flags.
---
 src/shared/att-types.h   |  8 ++++++++
 src/shared/gatt-server.c | 25 +++++++------------------
 2 files changed, 15 insertions(+), 18 deletions(-)

Comments

bluez.test.bot@gmail.com March 3, 2021, 1:43 p.m. UTC | #1 
This is automated email and please do not reply to this email!

Dear submitter,

Thank you for submitting the patches to the linux bluetooth mailing list.
This is a CI test results with your patch series:
PW Link:https://patchwork.kernel.org/project/bluetooth/list/?series=441167

---Test result---

##############################
Test: CheckPatch - PASS

##############################
Test: CheckGitLint - PASS

##############################
Test: CheckBuild - PASS

##############################
Test: MakeCheck - PASS



---
Regards,
Linux Bluetooth
Luiz Augusto von Dentz March 4, 2021, 7:41 p.m. UTC | #2 
Hi,

On Wed, Mar 3, 2021 at 5:43 AM <bluez.test.bot@gmail.com> wrote:
>
> This is automated email and please do not reply to this email!
>
> Dear submitter,
>
> Thank you for submitting the patches to the linux bluetooth mailing list.
> This is a CI test results with your patch series:
> PW Link:https://patchwork.kernel.org/project/bluetooth/list/?series=441167
>
> ---Test result---
>
> ##############################
> Test: CheckPatch - PASS
>
> ##############################
> Test: CheckGitLint - PASS
>
> ##############################
> Test: CheckBuild - PASS
>
> ##############################
> Test: MakeCheck - PASS
>
>
>
> ---
> Regards,
> Linux Bluetooth

Pushed.
diff mbox series

Patch

diff --git a/src/shared/att-types.h b/src/shared/att-types.h
index 7108b4e94..3adc05d9e 100644
--- a/src/shared/att-types.h
+++ b/src/shared/att-types.h
@@ -129,6 +129,14 @@  struct bt_att_pdu_error_rsp {
 #define BT_ATT_PERM_WRITE_SECURE	0x0200
 #define BT_ATT_PERM_SECURE		(BT_ATT_PERM_READ_SECURE | \
 					BT_ATT_PERM_WRITE_SECURE)
+#define BT_ATT_PERM_READ_MASK		(BT_ATT_PERM_READ | \
+					BT_ATT_PERM_READ_AUTHEN | \
+					BT_ATT_PERM_READ_ENCRYPT | \
+					BT_ATT_PERM_READ_SECURE)
+#define BT_ATT_PERM_WRITE_MASK		(BT_ATT_PERM_WRITE | \
+					BT_ATT_PERM_WRITE_AUTHEN | \
+					BT_ATT_PERM_WRITE_ENCRYPT | \
+					BT_ATT_PERM_WRITE_SECURE)
 
 /* GATT Characteristic Properties Bitfield values */
 #define BT_GATT_CHRC_PROP_BROADCAST			0x01
diff --git a/src/shared/gatt-server.c b/src/shared/gatt-server.c
index b5f7de7dc..970c35f94 100644
--- a/src/shared/gatt-server.c
+++ b/src/shared/gatt-server.c
@@ -444,9 +444,7 @@  static void process_read_by_type(struct async_read_op *op)
 		return;
 	}
 
-	ecode = check_permissions(server, attr, BT_ATT_PERM_READ |
-						BT_ATT_PERM_READ_AUTHEN |
-						BT_ATT_PERM_READ_ENCRYPT);
+	ecode = check_permissions(server, attr, BT_ATT_PERM_READ_MASK);
 	if (ecode)
 		goto error;
 
@@ -811,9 +809,7 @@  static void write_cb(struct bt_att_chan *chan, uint8_t opcode, const void *pdu,
 				(opcode == BT_ATT_OP_WRITE_REQ) ? "Req" : "Cmd",
 				handle);
 
-	ecode = check_permissions(server, attr, BT_ATT_PERM_WRITE |
-						BT_ATT_PERM_WRITE_AUTHEN |
-						BT_ATT_PERM_WRITE_ENCRYPT);
+	ecode = check_permissions(server, attr, BT_ATT_PERM_WRITE_MASK);
 	if (ecode)
 		goto error;
 
@@ -913,9 +909,7 @@  static void handle_read_req(struct bt_att_chan *chan,
 			opcode == BT_ATT_OP_READ_BLOB_REQ ? "Blob " : "",
 			handle);
 
-	ecode = check_permissions(server, attr, BT_ATT_PERM_READ |
-						BT_ATT_PERM_READ_AUTHEN |
-						BT_ATT_PERM_READ_ENCRYPT);
+	ecode = check_permissions(server, attr, BT_ATT_PERM_READ_MASK);
 	if (ecode)
 		goto error;
 
@@ -1051,9 +1045,8 @@  static void read_multiple_complete_cb(struct gatt_db_attribute *attr, int err,
 		goto error;
 	}
 
-	ecode = check_permissions(data->server, next_attr, BT_ATT_PERM_READ |
-						BT_ATT_PERM_READ_AUTHEN |
-						BT_ATT_PERM_READ_ENCRYPT);
+	ecode = check_permissions(data->server, next_attr,
+						BT_ATT_PERM_READ_MASK);
 	if (ecode)
 		goto error;
 
@@ -1129,9 +1122,7 @@  static void read_multiple_cb(struct bt_att_chan *chan, uint8_t opcode,
 		goto error;
 	}
 
-	ecode = check_permissions(data->server, attr, BT_ATT_PERM_READ |
-						BT_ATT_PERM_READ_AUTHEN |
-						BT_ATT_PERM_READ_ENCRYPT);
+	ecode = check_permissions(data->server, attr, BT_ATT_PERM_READ_MASK);
 	if (ecode)
 		goto error;
 
@@ -1308,9 +1299,7 @@  static void prep_write_cb(struct bt_att_chan *chan, uint8_t opcode,
 	util_debug(server->debug_callback, server->debug_data,
 				"Prep Write Req - handle: 0x%04x", handle);
 
-	ecode = check_permissions(server, attr, BT_ATT_PERM_WRITE |
-						BT_ATT_PERM_WRITE_AUTHEN |
-						BT_ATT_PERM_WRITE_ENCRYPT);
+	ecode = check_permissions(server, attr, BT_ATT_PERM_WRITE_MASK);
 	if (ecode)
 		goto error;