From 24cf2cbfa892da5d2316d02eaa2e27def3857d55 Mon Sep 17 00:00:00 2001
From: Sven Gothel <sgothel@jausoft.com>
Date: Mon, 18 Oct 2021 20:41:34 +0200
Subject: BTGattHandler/AttPDU: Use safe MAX_ATT_MTU = 512 + 1 for opcode, not
 for other ATTPDU parameter; Better serverMTU max(min(..)) safety, API-doc
 clarity

---
 src/direct_bt/BTGattHandler.cpp | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

(limited to 'src/direct_bt/BTGattHandler.cpp')

diff --git a/src/direct_bt/BTGattHandler.cpp b/src/direct_bt/BTGattHandler.cpp
index aca2ac29..ed0b560f 100644
--- a/src/direct_bt/BTGattHandler.cpp
+++ b/src/direct_bt/BTGattHandler.cpp
@@ -576,7 +576,7 @@ void BTGattHandler::replyAttPDUReq(std::unique_ptr<const AttPDUMsg> && pdu) {
         case AttPDUMsg::Opcode::EXCHANGE_MTU_REQ: {
             const AttExchangeMTU * p = static_cast<const AttExchangeMTU*>(pdu.get());
             const uint16_t clientMTU = p->getMTUSize();
-            usedMTU = std::min((int)serverMTU, (int)clientMTU);
+            usedMTU = std::min(serverMTU, clientMTU);
             const AttExchangeMTU rsp(AttPDUMsg::ReqRespType::RESPONSE, usedMTU);
             COND_PRINT(env.DEBUG_DATA, "GATT-Req: MTU recv: %u, %s  -> %u %s from %s",
                     clientMTU, pdu->toString().c_str(),
@@ -805,7 +805,11 @@ BTGattHandler::BTGattHandler(const std::shared_ptr<BTDevice> &device, L2CAPComm&
             usedMTU = std::min(number(Defaults::MAX_ATT_MTU), serverMTU);
         }
     } else {
-        serverMTU = nullptr != gattServerData ? gattServerData->att_mtu : number(Defaults::MAX_ATT_MTU);
+        if( nullptr != gattServerData ) {
+            serverMTU = std::max( std::min( gattServerData->att_mtu, number(Defaults::MAX_ATT_MTU) ), number(Defaults::MIN_ATT_MTU) );
+        } else {
+            serverMTU = number(Defaults::MAX_ATT_MTU);
+        }
         usedMTU = number(Defaults::MIN_ATT_MTU); // until negotiated!
     }
 }
-- 
cgit v1.2.3