From 5e9342ee34ba162d16c25416ee23159070e48f2e Mon Sep 17 00:00:00 2001 From: Andreas Kemnade Date: Sat, 26 Feb 2022 11:08:36 +0100 Subject: [PATCH] gatt: sanitize input at profile registration Check whether type of UUIDs property of GattProfile1 object is correct. --- src/gatt-database.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/src/gatt-database.c b/src/gatt-database.c index 481222d44..485af04ea 100644 --- a/src/gatt-database.c +++ b/src/gatt-database.c @@ -3423,6 +3423,11 @@ static struct external_profile *create_profile(struct gatt_app *app, goto fail; } + if (dbus_message_iter_get_arg_type(&iter) != DBUS_TYPE_ARRAY) { + DBG("UUIDs wrongly formatted"); + goto fail; + } + dbus_message_iter_recurse(&iter, &array); while (dbus_message_iter_get_arg_type(&array) == DBUS_TYPE_STRING) { -- 2.47.3