From 17bf70989df3932766fff1137d6b5ce95d6a0ca1 Mon Sep 17 00:00:00 2001
From: Paul Szczepanek <paul.szczepanek@arm.com>
Date: Wed, 5 May 2021 18:40:59 +0100
Subject: [PATCH] ignore offset, replace whole value of attr in auth callback

---
 .../FEATURE_BLE/include/ble/gatt/GattCharacteristic.h      | 4 ++++
 .../FEATURE_BLE/source/cordio/source/GattServerImpl.cpp    | 7 ++++---
 2 files changed, 8 insertions(+), 3 deletions(-)

diff --git a/connectivity/FEATURE_BLE/include/ble/gatt/GattCharacteristic.h b/connectivity/FEATURE_BLE/include/ble/gatt/GattCharacteristic.h
index 32a21ea405..3d63d2730c 100644
--- a/connectivity/FEATURE_BLE/include/ble/gatt/GattCharacteristic.h
+++ b/connectivity/FEATURE_BLE/include/ble/gatt/GattCharacteristic.h
@@ -1692,6 +1692,10 @@ public:
      * @note The params->len parameter initially contains the maximum length of
      * data that can be returned. Set it to the length of your data but it must
      * not be larger than the original value.
+     *
+     * @note You must also take into account the offset provided in params->offset.
+     * The params->len you provide must be larger then the offset as the read operation
+     * will attempt to read at that offset.
      */
     GattAuthCallbackReply_t authorizeRead(GattReadAuthCallbackParams *params)
     {
diff --git a/connectivity/FEATURE_BLE/source/cordio/source/GattServerImpl.cpp b/connectivity/FEATURE_BLE/source/cordio/source/GattServerImpl.cpp
index 7be4e17e8a..ef88f93294 100644
--- a/connectivity/FEATURE_BLE/source/cordio/source/GattServerImpl.cpp
+++ b/connectivity/FEATURE_BLE/source/cordio/source/GattServerImpl.cpp
@@ -1148,8 +1148,9 @@ uint8_t GattServer::atts_read_cb(
 
         /* if new data provided copy into the attribute value buffer */
         if (read_auth_params.data) {
-            if (read_auth_params.offset + read_auth_params.len > pAttr->maxLen) {
-                tr_error("Read authorisation callback set length larger than maximum attribute length. Cannot copy data");
+            if (read_auth_params.len > pAttr->maxLen || offset >= read_auth_params.len) {
+                tr_error("Read authorisation callback set length larger than maximum attribute length "
+                         "or current offset is beyond new length. Cannot copy data");
 
                 GattReadCallbackParams read_params = {
                     connId,
@@ -1164,7 +1165,7 @@ uint8_t GattServer::atts_read_cb(
                 return ATT_ERR_UNLIKELY;
             }
 
-            memcpy(pAttr->pValue + read_auth_params.offset, read_auth_params.data, read_auth_params.len);
+            memcpy(pAttr->pValue, read_auth_params.data, read_auth_params.len);
             *pAttr->pLen = read_auth_params.len;
         }
     }