From bfa0fff2e58150f812c9c52e701864f0726c6ab8 Mon Sep 17 00:00:00 2001
From: Nebojsa Cvetkovic <nebkat@gmail.com>
Date: Sat, 28 Sep 2024 11:12:18 -0700
Subject: [PATCH] fix(ble/bluedroid): Added value len check in
 esp_ble_gatts_send_indicate()

---
 components/bt/host/bluedroid/api/esp_gatts_api.c | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/components/bt/host/bluedroid/api/esp_gatts_api.c b/components/bt/host/bluedroid/api/esp_gatts_api.c
index 66fa5c6617..03c8186099 100644
--- a/components/bt/host/bluedroid/api/esp_gatts_api.c
+++ b/components/bt/host/bluedroid/api/esp_gatts_api.c
@@ -260,6 +260,11 @@ esp_err_t esp_ble_gatts_stop_service(uint16_t service_handle)
 esp_err_t esp_ble_gatts_send_indicate(esp_gatt_if_t gatts_if, uint16_t conn_id, uint16_t attr_handle,
                                       uint16_t value_len, uint8_t *value, bool need_confirm)
 {
+    if (value_len > ESP_GATT_MAX_ATTR_LEN) {
+        LOG_ERROR("%s, value_len > ESP_GATT_MAX_ATTR_LEN.", __func__);
+        return ESP_ERR_INVALID_SIZE;
+    }
+
     btc_msg_t msg = {0};
     btc_ble_gatts_args_t arg;
 
@@ -272,7 +277,7 @@ esp_err_t esp_ble_gatts_send_indicate(esp_gatt_if_t gatts_if, uint16_t conn_id,
     }
 
     if (L2CA_CheckIsCongest(L2CAP_ATT_CID, p_tcb->peer_bda)) {
-        LOG_DEBUG("%s, the l2cap chanel is congest.", __func__);
+        LOG_DEBUG("%s, the l2cap channel is congest.", __func__);
         return ESP_FAIL;
     }