[nrf fromtree] Bluetooth: Host: GAP Device Name write now add null char at the end

The function used to write the value of the GAP Device Name
characteristic now ensure that the string passed to `bt_set_name` is
null terminated.

Also fix a wrong offset calculation.

The function used to write the value of the GAP Device Name
characteristic was returning an error when the offset + the length of
data to write was superior **or equal** to the maximum size of the
device name.

This caused the actual maximum device name size to be reduced by 1 byte.

Signed-off-by: Théo Battrel <[email protected]>
(cherry picked from commit 972d4c7)

Author: theob-pro

subsys/bluetooth/host/gatt.c

@@ -104,22 +104,24 @@ static ssize_t read_name(struct bt_conn *conn, const struct bt_gatt_attr *attr,
 
 #if defined(CONFIG_BT_DEVICE_NAME_GATT_WRITABLE)
 
-static ssize_t write_name(struct bt_conn *conn, const struct bt_gatt_attr *attr,
-			 const void *buf, uint16_t len, uint16_t offset,
-			 uint8_t flags)
+static ssize_t write_name(struct bt_conn *conn, const struct bt_gatt_attr *attr, const void *buf,
+			  uint16_t len, uint16_t offset, uint8_t flags)
 {
-	char value[CONFIG_BT_DEVICE_NAME_MAX] = {};
+	/* adding one to fit the terminating null character */
+	char value[CONFIG_BT_DEVICE_NAME_MAX + 1] = {};
 
-	if (offset >= sizeof(value)) {
+	if (offset >= CONFIG_BT_DEVICE_NAME_MAX) {
 		return BT_GATT_ERR(BT_ATT_ERR_INVALID_OFFSET);
 	}
 
-	if (offset + len >= sizeof(value)) {
+	if (offset + len > CONFIG_BT_DEVICE_NAME_MAX) {
 		return BT_GATT_ERR(BT_ATT_ERR_INVALID_ATTRIBUTE_LEN);
 	}
 
 	memcpy(value, buf, len);
 
+	value[len] = '\0';
+
 	bt_set_name(value);
 
 	return len;