From 1c2271575d955193ca2d77acdad0546c1106c9da Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=C5=81ukasz=20Rymanowski?= <lukasz.rymanowski@codecoup.pl>
Date: Thu, 7 May 2020 23:45:37 +0200
Subject: [PATCH] client: Fix possible stack corruption

DBUS_TYPE_BOOLEAN is 'int', which does not have to be the same size as
'bool'.
On architecture where bool is smaller than in, getting prepare-authorize
will corrupt the stack
---
 client/gatt.c | 9 ++++++---
 1 file changed, 6 insertions(+), 3 deletions(-)

diff --git a/client/gatt.c b/client/gatt.c
index 416eda953..9d35b54fa 100644
--- a/client/gatt.c
+++ b/client/gatt.c
@@ -1860,9 +1860,12 @@ static int parse_options(DBusMessageIter *iter, uint16_t *offset, uint16_t *mtu,
 		} else if (strcasecmp(key, "prepare-authorize") == 0) {
 			if (var != DBUS_TYPE_BOOLEAN)
 				return -EINVAL;
-			if (prep_authorize)
-				dbus_message_iter_get_basic(&value,
-								prep_authorize);
+			if (prep_authorize) {
+				int tmp;
+
+				dbus_message_iter_get_basic(&value, &tmp);
+				*prep_authorize = !!tmp;
+			}
 		}
 
 		dbus_message_iter_next(&dict);
-- 
2.47.3