diff options
| author | Bharat Panda <bharat.panda@samsung.com> | 2014-09-23 17:49:17 +0530 |
|---|---|---|
| committer | Luiz Augusto von Dentz <luiz.von.dentz@intel.com> | 2015-02-13 15:02:14 +0200 |
| commit | 52362c5f209131f0ae45291ac3b8efd3581e01e2 (patch) | |
| tree | 9c5dd700d0f1e0472ed46d0fa00f355378aa0128 /attrib | |
| parent | 191f4b663978493004239a03ec8d543c15341cd6 (diff) | |
| download | bluez-52362c5f209131f0ae45291ac3b8efd3581e01e2.tar.gz | |
attrib: Fix condition check for attr delete
Checks handle value for non-zero as well as >= 0xffff, to avoid
infinite loop and deletion of unspecified attrib handles.
Diffstat (limited to 'attrib')
| -rw-r--r-- | attrib/gatt-service.c | 8 |
1 files changed, 7 insertions, 1 deletions
diff --git a/attrib/gatt-service.c b/attrib/gatt-service.c index f592a70a2..4e1a654e9 100644 --- a/attrib/gatt-service.c +++ b/attrib/gatt-service.c @@ -299,9 +299,15 @@ static void service_attr_del(struct btd_adapter *adapter, uint16_t start_handle, { uint16_t handle; - for (handle = start_handle; handle <= end_handle; handle++) + /* For a 128-bit category primary service below handle should be checked + * for both non-zero as well as >= 0xffff. As on last iteration the + * handle will turn to 0 from 0xffff and loop will be infinite. + */ + for (handle = start_handle; (handle != 0 && handle <= end_handle); + handle++) { if (attrib_db_del(adapter, handle) < 0) error("Can't delete handle 0x%04x", handle); + } } gboolean gatt_service_add(struct btd_adapter *adapter, uint16_t uuid, |