193fdb564SMilanka Ringwald #include <stdint.h>
293fdb564SMilanka Ringwald #include <stddef.h>
393fdb564SMilanka Ringwald
493fdb564SMilanka Ringwald #include "ble/gatt_client.h"
593fdb564SMilanka Ringwald #include "btstack_run_loop_posix.h"
693fdb564SMilanka Ringwald #include "btstack_memory.h"
793fdb564SMilanka Ringwald
893fdb564SMilanka Ringwald static void (*packet_handler)(uint8_t packet_type, uint8_t *packet, uint16_t size);
993fdb564SMilanka Ringwald
hci_transport_fuzz_set_baudrate(uint32_t baudrate)1093fdb564SMilanka Ringwald static int hci_transport_fuzz_set_baudrate(uint32_t baudrate){
1193fdb564SMilanka Ringwald return 0;
1293fdb564SMilanka Ringwald }
1393fdb564SMilanka Ringwald
hci_transport_fuzz_can_send_now(uint8_t packet_type)1493fdb564SMilanka Ringwald static int hci_transport_fuzz_can_send_now(uint8_t packet_type){
1593fdb564SMilanka Ringwald return 1;
1693fdb564SMilanka Ringwald }
1793fdb564SMilanka Ringwald
hci_transport_fuzz_send_packet(uint8_t packet_type,uint8_t * packet,int size)1893fdb564SMilanka Ringwald static int hci_transport_fuzz_send_packet(uint8_t packet_type, uint8_t * packet, int size){
1993fdb564SMilanka Ringwald return 0;
2093fdb564SMilanka Ringwald }
2193fdb564SMilanka Ringwald
hci_transport_fuzz_init(const void * transport_config)2293fdb564SMilanka Ringwald static void hci_transport_fuzz_init(const void * transport_config){
2393fdb564SMilanka Ringwald }
2493fdb564SMilanka Ringwald
hci_transport_fuzz_open(void)2593fdb564SMilanka Ringwald static int hci_transport_fuzz_open(void){
2693fdb564SMilanka Ringwald return 0;
2793fdb564SMilanka Ringwald }
2893fdb564SMilanka Ringwald
hci_transport_fuzz_close(void)2993fdb564SMilanka Ringwald static int hci_transport_fuzz_close(void){
3093fdb564SMilanka Ringwald return 0;
3193fdb564SMilanka Ringwald }
3293fdb564SMilanka Ringwald
hci_transport_fuzz_register_packet_handler(void (* handler)(uint8_t packet_type,uint8_t * packet,uint16_t size))3393fdb564SMilanka Ringwald static void hci_transport_fuzz_register_packet_handler(void (*handler)(uint8_t packet_type, uint8_t *packet, uint16_t size)){
3493fdb564SMilanka Ringwald packet_handler = handler;
3593fdb564SMilanka Ringwald }
3693fdb564SMilanka Ringwald
3793fdb564SMilanka Ringwald static const hci_transport_t hci_transport_fuzz = {
3893fdb564SMilanka Ringwald /* const char * name; */ "FUZZ",
3993fdb564SMilanka Ringwald /* void (*init) (const void *transport_config); */ &hci_transport_fuzz_init,
4093fdb564SMilanka Ringwald /* int (*open)(void); */ &hci_transport_fuzz_open,
4193fdb564SMilanka Ringwald /* int (*close)(void); */ &hci_transport_fuzz_close,
4293fdb564SMilanka Ringwald /* void (*register_packet_handler)(void (*handler)(...); */ &hci_transport_fuzz_register_packet_handler,
4393fdb564SMilanka Ringwald /* int (*can_send_packet_now)(uint8_t packet_type); */ &hci_transport_fuzz_can_send_now,
4493fdb564SMilanka Ringwald /* int (*send_packet)(...); */ &hci_transport_fuzz_send_packet,
4593fdb564SMilanka Ringwald /* int (*set_baudrate)(uint32_t baudrate); */ &hci_transport_fuzz_set_baudrate,
4693fdb564SMilanka Ringwald /* void (*reset_link)(void); */ NULL,
4793fdb564SMilanka Ringwald /* void (*set_sco_config)(uint16_t voice_setting, int num_connections); */ NULL,
4893fdb564SMilanka Ringwald };
4993fdb564SMilanka Ringwald
gatt_client_packet_handler(uint8_t packet_type,uint16_t handle,uint8_t * packet,uint16_t size)5093fdb564SMilanka Ringwald static void gatt_client_packet_handler(uint8_t packet_type, uint16_t handle, uint8_t *packet, uint16_t size){
5193fdb564SMilanka Ringwald }
5293fdb564SMilanka Ringwald
set_gatt_service_uuid16(gatt_client_service_t * service,const uint8_t * data,size_t size)537d33cb26SMilanka Ringwald void set_gatt_service_uuid16(gatt_client_service_t * service, const uint8_t *data, size_t size){
547d33cb26SMilanka Ringwald service->start_group_handle = 0x0001;
557d33cb26SMilanka Ringwald service->end_group_handle = 0xffff;
567d33cb26SMilanka Ringwald memset(service->uuid128, 0, 16);
577d33cb26SMilanka Ringwald service->uuid16 = big_endian_read_16(data, 0);
587d33cb26SMilanka Ringwald }
5993fdb564SMilanka Ringwald
set_gatt_service_uuid128(gatt_client_service_t * service,const uint8_t * data,size_t size)607d33cb26SMilanka Ringwald void set_gatt_service_uuid128(gatt_client_service_t * service, const uint8_t *data, size_t size){
617d33cb26SMilanka Ringwald service->start_group_handle = 0x0001;
627d33cb26SMilanka Ringwald service->end_group_handle = 0xffff;
637d33cb26SMilanka Ringwald service->uuid16 = 0;
647d33cb26SMilanka Ringwald memcpy(service->uuid128, data, 16);
657d33cb26SMilanka Ringwald }
667d33cb26SMilanka Ringwald
set_gatt_characteristic_uuid16(gatt_client_characteristic_t * characteristic,const uint8_t * data,size_t size)677d33cb26SMilanka Ringwald void set_gatt_characteristic_uuid16(gatt_client_characteristic_t * characteristic, const uint8_t *data, size_t size){
687d33cb26SMilanka Ringwald characteristic->start_handle = 0x0001;
697d33cb26SMilanka Ringwald characteristic->value_handle = 0x0002;
707d33cb26SMilanka Ringwald characteristic->end_handle = 0xffff;
717d33cb26SMilanka Ringwald characteristic->uuid16 = big_endian_read_16(data, 0);
727d33cb26SMilanka Ringwald memset(characteristic->uuid128, 0, 16);
737d33cb26SMilanka Ringwald }
747d33cb26SMilanka Ringwald
set_gatt_characteristic_uuid128(gatt_client_characteristic_t * characteristic,const uint8_t * data,size_t size)757d33cb26SMilanka Ringwald void set_gatt_characteristic_uuid128(gatt_client_characteristic_t * characteristic, const uint8_t *data, size_t size){
767d33cb26SMilanka Ringwald characteristic->start_handle = 0x0001;
777d33cb26SMilanka Ringwald characteristic->value_handle = 0x0002;
787d33cb26SMilanka Ringwald characteristic->end_handle = 0xffff;
797d33cb26SMilanka Ringwald characteristic->uuid16 = 0;
807d33cb26SMilanka Ringwald memcpy(characteristic->uuid128, data, 16);
817d33cb26SMilanka Ringwald }
827d33cb26SMilanka Ringwald
LLVMFuzzerTestOneInput(const uint8_t * data,size_t size)837d33cb26SMilanka Ringwald int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
8493fdb564SMilanka Ringwald const hci_con_handle_t ble_handle = 0x0005;
8593fdb564SMilanka Ringwald
8693fdb564SMilanka Ringwald static bool gatt_client_initiated = false;
8793fdb564SMilanka Ringwald if (!gatt_client_initiated){
8893fdb564SMilanka Ringwald btstack_memory_init();
8993fdb564SMilanka Ringwald btstack_run_loop_init(btstack_run_loop_posix_get_instance());
9093fdb564SMilanka Ringwald // init hci, simulate connection
9193fdb564SMilanka Ringwald hci_init(&hci_transport_fuzz, NULL);
9293fdb564SMilanka Ringwald hci_setup_test_connections_fuzz();
9393fdb564SMilanka Ringwald
9493fdb564SMilanka Ringwald gatt_client_init();
957d33cb26SMilanka Ringwald gatt_client_mtu_enable_auto_negotiation(0);
9693fdb564SMilanka Ringwald gatt_client_initiated = true;
9793fdb564SMilanka Ringwald }
9893fdb564SMilanka Ringwald
997d33cb26SMilanka Ringwald // use first byte of random data to pick gatt_client request / set gatt client state
1007d33cb26SMilanka Ringwald // then, only use data from second byte as response
1017d33cb26SMilanka Ringwald // prepare test data
1027d33cb26SMilanka Ringwald if (size < 1) return 0;
1037d33cb26SMilanka Ringwald uint8_t cmd_type = (data[0] & 0x1F);
1047d33cb26SMilanka Ringwald size--;
1057d33cb26SMilanka Ringwald data++;
1067d33cb26SMilanka Ringwald
1077d33cb26SMilanka Ringwald uint8_t uuid128[16];
1087d33cb26SMilanka Ringwald uint16_t uuid16;
1097d33cb26SMilanka Ringwald int offset = 0;
1107d33cb26SMilanka Ringwald gatt_client_service_t service;
1117d33cb26SMilanka Ringwald gatt_client_characteristic_t characteristic;
1127d33cb26SMilanka Ringwald gatt_client_characteristic_descriptor_t descriptor;
1137d33cb26SMilanka Ringwald
114*8046a24aSMatthias Ringwald uint8_t response_type = 0;
1157d33cb26SMilanka Ringwald switch (cmd_type){
1167d33cb26SMilanka Ringwald case 1:
11793fdb564SMilanka Ringwald gatt_client_discover_primary_services(gatt_client_packet_handler, ble_handle);
118*8046a24aSMatthias Ringwald response_type = ATT_READ_BY_GROUP_TYPE_RESPONSE;
1197d33cb26SMilanka Ringwald break;
1207d33cb26SMilanka Ringwald case 2:
1217d33cb26SMilanka Ringwald offset = 2;
1227d33cb26SMilanka Ringwald if (size < offset) return 0;
1237d33cb26SMilanka Ringwald uuid16 = big_endian_read_16(data, 0);
1247d33cb26SMilanka Ringwald gatt_client_discover_primary_services_by_uuid16(gatt_client_packet_handler, ble_handle, uuid16);
125*8046a24aSMatthias Ringwald response_type = ATT_FIND_BY_TYPE_VALUE_RESPONSE;
1267d33cb26SMilanka Ringwald break;
1277d33cb26SMilanka Ringwald case 3:
1287d33cb26SMilanka Ringwald offset = 16;
1297d33cb26SMilanka Ringwald if (size < offset) return 0;
1307d33cb26SMilanka Ringwald memcpy(uuid128, data, 16);
1317d33cb26SMilanka Ringwald gatt_client_discover_primary_services_by_uuid128(gatt_client_packet_handler, ble_handle, uuid128);
132*8046a24aSMatthias Ringwald response_type = ATT_FIND_BY_TYPE_VALUE_RESPONSE;
1337d33cb26SMilanka Ringwald break;
1347d33cb26SMilanka Ringwald case 4:
1357d33cb26SMilanka Ringwald offset = 2;
1367d33cb26SMilanka Ringwald if (size < offset) return 0;
1377d33cb26SMilanka Ringwald set_gatt_service_uuid16(&service, data, size);
1387d33cb26SMilanka Ringwald gatt_client_find_included_services_for_service(gatt_client_packet_handler, ble_handle, &service);
139*8046a24aSMatthias Ringwald response_type = ATT_READ_BY_TYPE_RESPONSE;
1407d33cb26SMilanka Ringwald break;
1417d33cb26SMilanka Ringwald case 5:
1427d33cb26SMilanka Ringwald offset = 2;
1437d33cb26SMilanka Ringwald if (size < offset) return 0;
1447d33cb26SMilanka Ringwald set_gatt_service_uuid16(&service, data, size);
1457d33cb26SMilanka Ringwald gatt_client_discover_characteristics_for_service(gatt_client_packet_handler, ble_handle, &service);
146*8046a24aSMatthias Ringwald response_type = ATT_READ_BY_TYPE_RESPONSE;
1477d33cb26SMilanka Ringwald break;
1487d33cb26SMilanka Ringwald case 6:
1497d33cb26SMilanka Ringwald offset = 2;
1507d33cb26SMilanka Ringwald if (size < offset) return 0;
1517d33cb26SMilanka Ringwald uuid16 = big_endian_read_16(data, 0);
1527d33cb26SMilanka Ringwald gatt_client_discover_characteristics_for_handle_range_by_uuid16(gatt_client_packet_handler, ble_handle, 0x0001, 0xffff, uuid16);
153*8046a24aSMatthias Ringwald response_type = ATT_READ_BY_TYPE_RESPONSE;
1547d33cb26SMilanka Ringwald break;
1557d33cb26SMilanka Ringwald case 7:
1567d33cb26SMilanka Ringwald offset = 16;
1577d33cb26SMilanka Ringwald if (size < offset) return 0;
1587d33cb26SMilanka Ringwald memcpy(uuid128, data, 16);
1597d33cb26SMilanka Ringwald gatt_client_discover_characteristics_for_handle_range_by_uuid128(gatt_client_packet_handler, ble_handle, 0x0001, 0xffff, uuid128);
160*8046a24aSMatthias Ringwald response_type = ATT_READ_BY_TYPE_RESPONSE;
1617d33cb26SMilanka Ringwald break;
1627d33cb26SMilanka Ringwald case 8:
1637d33cb26SMilanka Ringwald offset = 4;
1647d33cb26SMilanka Ringwald if (size < offset) return 0;
1657d33cb26SMilanka Ringwald set_gatt_service_uuid16(&service, data, size);
1667d33cb26SMilanka Ringwald uuid16 = big_endian_read_16(data, 2);
1677d33cb26SMilanka Ringwald gatt_client_discover_characteristics_for_service_by_uuid16(gatt_client_packet_handler, ble_handle, &service, uuid16);
168*8046a24aSMatthias Ringwald response_type = ATT_READ_BY_TYPE_RESPONSE;
1697d33cb26SMilanka Ringwald break;
1707d33cb26SMilanka Ringwald case 9:
1717d33cb26SMilanka Ringwald offset = 18;
1727d33cb26SMilanka Ringwald if (size < offset) return 0;
1737d33cb26SMilanka Ringwald set_gatt_service_uuid16(&service, data, size);
1747d33cb26SMilanka Ringwald memcpy(uuid128, data + 2, 16);
1757d33cb26SMilanka Ringwald gatt_client_discover_characteristics_for_service_by_uuid128(gatt_client_packet_handler, ble_handle, &service, uuid128);
176*8046a24aSMatthias Ringwald response_type = ATT_READ_BY_TYPE_RESPONSE;
1777d33cb26SMilanka Ringwald break;
1787d33cb26SMilanka Ringwald case 10:
1797d33cb26SMilanka Ringwald offset = 2;
1807d33cb26SMilanka Ringwald if (size < offset) return 0;
1817d33cb26SMilanka Ringwald set_gatt_characteristic_uuid16(&characteristic, data, size);
1827d33cb26SMilanka Ringwald gatt_client_discover_characteristic_descriptors(gatt_client_packet_handler, ble_handle, &characteristic);
183*8046a24aSMatthias Ringwald response_type = ATT_FIND_INFORMATION_REPLY;
1847d33cb26SMilanka Ringwald break;
1857d33cb26SMilanka Ringwald case 11:
1867d33cb26SMilanka Ringwald offset = 2;
1877d33cb26SMilanka Ringwald if (size < offset) return 0;
1887d33cb26SMilanka Ringwald set_gatt_characteristic_uuid16(&characteristic, data, size);
1897d33cb26SMilanka Ringwald gatt_client_read_value_of_characteristic(gatt_client_packet_handler, ble_handle, &characteristic);
190*8046a24aSMatthias Ringwald response_type = ATT_READ_RESPONSE;
1917d33cb26SMilanka Ringwald break;
1927d33cb26SMilanka Ringwald case 12:
1937d33cb26SMilanka Ringwald offset = 2;
1947d33cb26SMilanka Ringwald if (size < offset) return 0;
1957d33cb26SMilanka Ringwald set_gatt_characteristic_uuid16(&characteristic, data, size);
1967d33cb26SMilanka Ringwald gatt_client_read_value_of_characteristics_by_uuid16(gatt_client_packet_handler, ble_handle, characteristic.start_handle, characteristic.end_handle, characteristic.uuid16);
197*8046a24aSMatthias Ringwald response_type = ATT_READ_BY_TYPE_RESPONSE;
1987d33cb26SMilanka Ringwald break;
1997d33cb26SMilanka Ringwald case 13:
2007d33cb26SMilanka Ringwald offset = 16;
2017d33cb26SMilanka Ringwald if (size < offset) return 0;
2027d33cb26SMilanka Ringwald set_gatt_characteristic_uuid128(&characteristic, data, size);
2037d33cb26SMilanka Ringwald gatt_client_read_value_of_characteristics_by_uuid128(gatt_client_packet_handler, ble_handle, characteristic.start_handle, characteristic.end_handle, characteristic.uuid128);
204*8046a24aSMatthias Ringwald response_type = ATT_READ_BY_TYPE_RESPONSE;
2057d33cb26SMilanka Ringwald break;
2067d33cb26SMilanka Ringwald case 14:
2077d33cb26SMilanka Ringwald offset = 2;
2087d33cb26SMilanka Ringwald if (size < offset) return 0;
2097d33cb26SMilanka Ringwald set_gatt_characteristic_uuid16(&characteristic, data, size);
2107d33cb26SMilanka Ringwald gatt_client_read_long_value_of_characteristic(gatt_client_packet_handler, ble_handle, &characteristic);
211*8046a24aSMatthias Ringwald response_type = ATT_READ_BLOB_RESPONSE;
2127d33cb26SMilanka Ringwald break;
2137d33cb26SMilanka Ringwald case 15:
2147d33cb26SMilanka Ringwald offset = 4;
2157d33cb26SMilanka Ringwald if (size < offset) return 0;
2167d33cb26SMilanka Ringwald set_gatt_characteristic_uuid16(&characteristic, data, size);
2177d33cb26SMilanka Ringwald gatt_client_read_long_value_of_characteristic_using_value_handle_with_offset(gatt_client_packet_handler, ble_handle, characteristic.value_handle, big_endian_read_16(data, 2));
218*8046a24aSMatthias Ringwald response_type = ATT_READ_BLOB_RESPONSE;
2197d33cb26SMilanka Ringwald break;
2207d33cb26SMilanka Ringwald case 16:
2217d33cb26SMilanka Ringwald gatt_client_read_multiple_characteristic_values(gatt_client_packet_handler, ble_handle, 0, NULL);
222*8046a24aSMatthias Ringwald response_type = ATT_READ_MULTIPLE_RESPONSE;
2237d33cb26SMilanka Ringwald break;
2247d33cb26SMilanka Ringwald case 17:
2257d33cb26SMilanka Ringwald gatt_client_write_value_of_characteristic(gatt_client_packet_handler, ble_handle, 5, 0, NULL);
226*8046a24aSMatthias Ringwald response_type = ATT_WRITE_RESPONSE;
2277d33cb26SMilanka Ringwald break;
2287d33cb26SMilanka Ringwald case 18:
2297d33cb26SMilanka Ringwald gatt_client_write_long_value_of_characteristic(gatt_client_packet_handler, ble_handle, 5, 0, NULL);
230*8046a24aSMatthias Ringwald response_type = ATT_PREPARE_WRITE_RESPONSE;
2317d33cb26SMilanka Ringwald break;
2327d33cb26SMilanka Ringwald case 19:
2337d33cb26SMilanka Ringwald gatt_client_reliable_write_long_value_of_characteristic(gatt_client_packet_handler, ble_handle, 5, 0, NULL);
234*8046a24aSMatthias Ringwald response_type = ATT_PREPARE_WRITE_RESPONSE;
2357d33cb26SMilanka Ringwald break;
2367d33cb26SMilanka Ringwald case 20:
2377d33cb26SMilanka Ringwald gatt_client_read_characteristic_descriptor_using_descriptor_handle(gatt_client_packet_handler, ble_handle, 5);
238*8046a24aSMatthias Ringwald response_type = ATT_READ_RESPONSE;
2397d33cb26SMilanka Ringwald break;
2407d33cb26SMilanka Ringwald case 21:
2417d33cb26SMilanka Ringwald gatt_client_read_long_characteristic_descriptor_using_descriptor_handle(gatt_client_packet_handler, ble_handle, 5);
242*8046a24aSMatthias Ringwald response_type = ATT_READ_BLOB_RESPONSE;
2437d33cb26SMilanka Ringwald break;
2447d33cb26SMilanka Ringwald case 22:
2457d33cb26SMilanka Ringwald gatt_client_write_characteristic_descriptor_using_descriptor_handle(gatt_client_packet_handler, ble_handle, 5, 0, NULL);
246*8046a24aSMatthias Ringwald response_type = ATT_PREPARE_WRITE_RESPONSE;
2477d33cb26SMilanka Ringwald break;
2487d33cb26SMilanka Ringwald case 23:
2497d33cb26SMilanka Ringwald gatt_client_write_long_characteristic_descriptor_using_descriptor_handle(gatt_client_packet_handler, ble_handle, 5, 0, NULL);
250*8046a24aSMatthias Ringwald response_type = ATT_PREPARE_WRITE_RESPONSE;
2517d33cb26SMilanka Ringwald break;
2527d33cb26SMilanka Ringwald case 24:
2537d33cb26SMilanka Ringwald offset = 2;
2547d33cb26SMilanka Ringwald if (size < offset) return 0;
2557d33cb26SMilanka Ringwald set_gatt_characteristic_uuid16(&characteristic, data, size);
2567d33cb26SMilanka Ringwald gatt_client_write_client_characteristic_configuration(gatt_client_packet_handler, ble_handle, &characteristic, 1);
257*8046a24aSMatthias Ringwald #ifdef ENABLE_GATT_FIND_INFORMATION_FOR_CCC_DISCOVERY
258*8046a24aSMatthias Ringwald response_type = ATT_FIND_INFORMATION_REPLY;
259*8046a24aSMatthias Ringwald #else
260*8046a24aSMatthias Ringwald response_type = ATT_READ_BY_TYPE_RESPONSE;
261*8046a24aSMatthias Ringwald #endif
2627d33cb26SMilanka Ringwald break;
2637d33cb26SMilanka Ringwald case 25:
2647d33cb26SMilanka Ringwald gatt_client_prepare_write(gatt_client_packet_handler, ble_handle, 5, 0, 0, NULL);
265*8046a24aSMatthias Ringwald response_type = ATT_PREPARE_WRITE_RESPONSE;
2667d33cb26SMilanka Ringwald break;
267*8046a24aSMatthias Ringwald
268*8046a24aSMatthias Ringwald #if 0
269*8046a24aSMatthias Ringwald // TODO: won't work as only single packet is simulate
2707d33cb26SMilanka Ringwald case 26:
2717d33cb26SMilanka Ringwald gatt_client_prepare_write(gatt_client_packet_handler, ble_handle, 5, 0, 0, NULL);
272*8046a24aSMatthias Ringwald response_type = ATT_PREPARE_WRITE_RESPONSE;
2737d33cb26SMilanka Ringwald gatt_client_execute_write(gatt_client_packet_handler, ble_handle);
2747d33cb26SMilanka Ringwald break;
2757d33cb26SMilanka Ringwald case 27:
2767d33cb26SMilanka Ringwald gatt_client_prepare_write(gatt_client_packet_handler, ble_handle, 5, 0, 0, NULL);
277*8046a24aSMatthias Ringwald response_type = ATT_PREPARE_WRITE_RESPONSE;
2787d33cb26SMilanka Ringwald gatt_client_cancel_write(gatt_client_packet_handler, ble_handle);
2797d33cb26SMilanka Ringwald break;
280*8046a24aSMatthias Ringwald #endif
2817d33cb26SMilanka Ringwald default:
2827d33cb26SMilanka Ringwald return 0;
2837d33cb26SMilanka Ringwald }
2847d33cb26SMilanka Ringwald
2857d33cb26SMilanka Ringwald data += offset;
2867d33cb26SMilanka Ringwald size -= offset;
28793fdb564SMilanka Ringwald
288*8046a24aSMatthias Ringwald uint8_t response_buffer[256];
289*8046a24aSMatthias Ringwald response_buffer[0] = response_type;
290*8046a24aSMatthias Ringwald uint32_t bytes_to_copy = btstack_min(size, sizeof(response_buffer)-1);
291*8046a24aSMatthias Ringwald memcpy(&response_buffer[1], data, bytes_to_copy);
29293fdb564SMilanka Ringwald // send test response
293*8046a24aSMatthias Ringwald gatt_client_att_packet_handler_fuzz(ATT_DATA_PACKET, ble_handle, response_buffer, bytes_to_copy+1);
29493fdb564SMilanka Ringwald return 0;
29593fdb564SMilanka Ringwald }
296