Commit f98d5903 authored by js126.lee's avatar js126.lee Committed by Randeep

[IOT-1129]Crash when received invalild type in security resouces

Issue: Crash when received invalild cbob type in security resouces.
Jira : https://jira.iotivity.org/browse/IOT-1129
Resolved : Add checking type.

Patch 1: Add checking type.

Change-Id: Iee0ffa883586a680696c4173e8c33f08810e763b
Signed-off-by: default avatarjs126.lee <js126.lee@samsung.com>
Reviewed-on: https://gerrit.iotivity.org/gerrit/8695Tested-by: default avatarjenkins-iotivity <jenkins-iotivity@opendaylight.org>
Reviewed-by: default avatarChul Lee <chuls.lee@samsung.com>
Reviewed-by: Randeep's avatarRandeep Singh <randeep.s@samsung.com>
parent 1fc38daf
......@@ -422,7 +422,7 @@ OicSecAcl_t* CBORPayloadToAcl(const uint8_t *cborPayload, const size_t size)
char* tagName = NULL;
size_t len = 0;
CborType type = cbor_value_get_type(&aclMap);
if (type == CborTextStringType)
if (type == CborTextStringType && cbor_value_is_text_string(&aclMap))
{
cborFindResult = cbor_value_dup_text_string(&aclMap, &tagName, &len, NULL);
VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Finding Name in ACL Map.");
......@@ -444,7 +444,7 @@ OicSecAcl_t* CBORPayloadToAcl(const uint8_t *cborPayload, const size_t size)
char* acName = NULL;
size_t acLen = 0;
CborType acType = cbor_value_get_type(&aclistMap);
if (acType == CborTextStringType)
if (acType == CborTextStringType && cbor_value_is_text_string(&aclistMap))
{
cborFindResult = cbor_value_dup_text_string(&aclistMap, &acName, &acLen, NULL);
VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Finding Name in ACLIST Map.");
......@@ -492,7 +492,7 @@ OicSecAcl_t* CBORPayloadToAcl(const uint8_t *cborPayload, const size_t size)
char* name = NULL;
size_t len = 0;
CborType type = cbor_value_get_type(&aclMap);
if (type == CborTextStringType)
if (type == CborTextStringType && cbor_value_is_text_string(&aclMap))
{
cborFindResult = cbor_value_dup_text_string(&aclMap, &name, &len, NULL);
VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Finding Name in ACL Map.");
......@@ -502,7 +502,7 @@ OicSecAcl_t* CBORPayloadToAcl(const uint8_t *cborPayload, const size_t size)
if (name)
{
// Subject -- Mandatory
if (strcmp(name, OIC_JSON_SUBJECTID_NAME) == 0)
if (strcmp(name, OIC_JSON_SUBJECTID_NAME) == 0 && cbor_value_is_text_string(&aclMap))
{
char *subject = NULL;
cborFindResult = cbor_value_dup_text_string(&aclMap, &subject, &len, NULL);
......@@ -539,7 +539,7 @@ OicSecAcl_t* CBORPayloadToAcl(const uint8_t *cborPayload, const size_t size)
VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Entering Resource Map");
while(cbor_value_is_valid(&rMap))
while(cbor_value_is_valid(&rMap) && cbor_value_is_text_string(&rMap))
{
char *rMapName = NULL;
size_t rMapNameLen = 0;
......@@ -608,7 +608,7 @@ OicSecAcl_t* CBORPayloadToAcl(const uint8_t *cborPayload, const size_t size)
}
// Period -- Not mandatory
if (strcmp(name, OIC_JSON_PERIOD_NAME) == 0)
if (strcmp(name, OIC_JSON_PERIOD_NAME) == 0 && cbor_value_is_array(&aclMap))
{
CborValue period = { .parser = NULL };
cborFindResult = cbor_value_get_array_length(&aclMap, &acl->prdRecrLen);
......@@ -618,7 +618,7 @@ OicSecAcl_t* CBORPayloadToAcl(const uint8_t *cborPayload, const size_t size)
acl->periods = (char**)OICCalloc(acl->prdRecrLen, sizeof(char*));
VERIFY_NON_NULL(TAG, acl->periods, ERROR);
int i = 0;
while (cbor_value_is_text_string(&period))
while (cbor_value_is_text_string(&period) && cbor_value_is_text_string(&period))
{
cborFindResult = cbor_value_dup_text_string(&period, &acl->periods[i++],
&len, NULL);
......@@ -637,7 +637,7 @@ OicSecAcl_t* CBORPayloadToAcl(const uint8_t *cborPayload, const size_t size)
acl->recurrences = (char**)OICCalloc(acl->prdRecrLen, sizeof(char*));
VERIFY_NON_NULL(TAG, acl->recurrences, ERROR);
int i = 0;
while (cbor_value_is_text_string(&recurrences))
while (cbor_value_is_text_string(&recurrences) && cbor_value_is_text_string(&recurrences))
{
cborFindResult = cbor_value_dup_text_string(&recurrences,
&acl->recurrences[i++], &len, NULL);
......@@ -678,7 +678,7 @@ OicSecAcl_t* CBORPayloadToAcl(const uint8_t *cborPayload, const size_t size)
}
// TODO : Need to modify headAcl->owners[0].id to headAcl->rowner based on RAML spec.
if (strcmp(tagName, OIC_JSON_ROWNERID_NAME) == 0)
if (strcmp(tagName, OIC_JSON_ROWNERID_NAME) == 0 && cbor_value_is_text_string(&aclMap))
{
char *stRowner = NULL;
cborFindResult = cbor_value_dup_text_string(&aclMap, &stRowner, &len, NULL);
......
......@@ -269,7 +269,7 @@ OCStackResult CBORPayloadToAmacl(const uint8_t *cborPayload, size_t size,
cborFindResult = cbor_value_enter_container(&amaclCbor, &amaclMap);
VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Entering Amacl Map.");
while(cbor_value_is_valid(&amaclMap))
while(cbor_value_is_valid(&amaclMap) && cbor_value_is_text_string(&amaclMap))
{
char *name = NULL;
size_t len = 0;
......@@ -288,7 +288,7 @@ OCStackResult CBORPayloadToAmacl(const uint8_t *cborPayload, size_t size,
cborFindResult = cbor_value_enter_container(&amaclMap, &rsrcMap);
VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Entering Resource Map");
while(cbor_value_is_valid(&rsrcMap))
while(cbor_value_is_valid(&rsrcMap) && cbor_value_is_text_string(&rsrcMap))
{
// resource name
char *rsrcName = NULL;
......@@ -323,7 +323,7 @@ OCStackResult CBORPayloadToAmacl(const uint8_t *cborPayload, size_t size,
cborFindResult = cbor_value_enter_container(&rsrcArray, &rMap);
VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Entering Rlist Map");
while(cbor_value_is_valid(&rMap))
while(cbor_value_is_valid(&rMap) && cbor_value_is_text_string(&rMap))
{
char *rMapName = NULL;
size_t rMapNameLen = 0;
......@@ -398,7 +398,7 @@ OCStackResult CBORPayloadToAmacl(const uint8_t *cborPayload, size_t size,
VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Entering AMS Array Container.");
headAmacl->amss = (OicUuid_t *)OICCalloc(headAmacl->amssLen, sizeof(*headAmacl->amss));
VERIFY_NON_NULL(TAG, headAmacl->amss, ERROR);
while (cbor_value_is_valid(&amsArray))
while (cbor_value_is_valid(&amsArray) && cbor_value_is_text_string(&amsArray))
{
char *amssId = NULL;
cborFindResult = cbor_value_dup_text_string(&amsArray, &amssId, &len, NULL);
......@@ -411,7 +411,7 @@ OCStackResult CBORPayloadToAmacl(const uint8_t *cborPayload, size_t size,
}
// Rowner -- Mandatory
if (0 == strcmp(OIC_JSON_ROWNERID_NAME, name))
if (0 == strcmp(OIC_JSON_ROWNERID_NAME, name) && cbor_value_is_text_string(&amaclMap))
{
char *stRowner = NULL;
cborFindResult = cbor_value_dup_text_string(&amaclMap, &stRowner, &len, NULL);
......
......@@ -375,7 +375,7 @@ OCStackResult CBORPayloadToCred(const uint8_t *cborPayload, size_t size,
char* tagName = NULL;
size_t len = 0;
CborType type = cbor_value_get_type(&CredRootMap);
if (type == CborTextStringType)
if (type == CborTextStringType && cbor_value_is_text_string(&CredRootMap))
{
cborFindResult = cbor_value_dup_text_string(&CredRootMap, &tagName, &len, NULL);
VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Finding Name in CRED Root Map.");
......@@ -419,7 +419,7 @@ OCStackResult CBORPayloadToCred(const uint8_t *cborPayload, size_t size,
VERIFY_NON_NULL(TAG, cred, ERROR);
while(cbor_value_is_valid(&credMap))
while(cbor_value_is_valid(&credMap) && cbor_value_is_text_string(&credMap))
{
char* name = NULL;
CborType type = cbor_value_get_type(&credMap);
......@@ -464,7 +464,7 @@ OCStackResult CBORPayloadToCred(const uint8_t *cborPayload, size_t size,
{
char* privname = NULL;
CborType type = cbor_value_get_type(&privateMap);
if (type == CborTextStringType)
if (type == CborTextStringType && cbor_value_is_text_string(&privateMap))
{
cborFindResult = cbor_value_dup_text_string(&privateMap, &privname,
&len, NULL);
......@@ -475,7 +475,7 @@ OCStackResult CBORPayloadToCred(const uint8_t *cborPayload, size_t size,
if (privname)
{
// PrivateData::privdata -- Mandatory
if (strcmp(privname, OIC_JSON_DATA_NAME) == 0)
if (strcmp(privname, OIC_JSON_DATA_NAME) == 0 && cbor_value_is_byte_string(&privateMap))
{
cborFindResult = cbor_value_dup_byte_string(&privateMap, &cred->privateData.data,
&cred->privateData.len, NULL);
......@@ -506,7 +506,7 @@ OCStackResult CBORPayloadToCred(const uint8_t *cborPayload, size_t size,
{
char* pubname = NULL;
CborType type = cbor_value_get_type(&pubMap);
if (type == CborTextStringType)
if (type == CborTextStringType && cbor_value_is_text_string(&pubMap))
{
cborFindResult = cbor_value_dup_text_string(&pubMap, &pubname,
&len, NULL);
......@@ -517,7 +517,7 @@ OCStackResult CBORPayloadToCred(const uint8_t *cborPayload, size_t size,
if (pubname)
{
// PrivateData::privdata -- Mandatory
if (strcmp(pubname, OIC_JSON_DATA_NAME) == 0)
if (strcmp(pubname, OIC_JSON_DATA_NAME) == 0 && cbor_value_is_byte_string(&pubMap))
{
cborFindResult = cbor_value_dup_byte_string(&pubMap, &cred->publicData.data,
&cred->publicData.len, NULL);
......@@ -563,7 +563,7 @@ OCStackResult CBORPayloadToCred(const uint8_t *cborPayload, size_t size,
}
//ROwner -- Mandatory
if (strcmp(tagName, OIC_JSON_ROWNERID_NAME) == 0)
if (strcmp(tagName, OIC_JSON_ROWNERID_NAME) == 0 && cbor_value_is_text_string(&CredRootMap))
{
char *stRowner = NULL;
cborFindResult = cbor_value_dup_text_string(&CredRootMap, &stRowner, &len, NULL);
......
......@@ -313,7 +313,7 @@ OCStackResult CBORPayloadToDoxm(const uint8_t *cborPayload, size_t size,
int i = 0;
size_t len = 0;
while (cbor_value_is_valid(&oxmType))
while (cbor_value_is_valid(&oxmType) && cbor_value_is_text_string(&oxmType))
{
cborFindResult = cbor_value_dup_text_string(&oxmType, &doxm->oxmType[i++],
&len, NULL);
......@@ -339,7 +339,7 @@ OCStackResult CBORPayloadToDoxm(const uint8_t *cborPayload, size_t size,
VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Entering oxmName Array.")
int i = 0;
while (cbor_value_is_valid(&oxm))
while (cbor_value_is_valid(&oxm) && cbor_value_is_integer(&oxm))
{
cborFindResult = cbor_value_get_int(&oxm, (int *) &doxm->oxm[i++]);
VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Finding oxmName Value")
......
......@@ -297,7 +297,7 @@ OCStackResult CBORPayloadToDpair(const uint8_t *cborPayload, size_t size,
dpair = (OicSecDpairing_t *)OICCalloc(1, sizeof(*dpair));
VERIFY_NON_NULL(TAG, dpair, ERROR);
while (cbor_value_is_valid(&dpairMap))
while (cbor_value_is_valid(&dpairMap) && cbor_value_is_text_string(&dpairMap))
{
char *name = NULL;
size_t len = 0;
......@@ -308,7 +308,7 @@ OCStackResult CBORPayloadToDpair(const uint8_t *cborPayload, size_t size,
VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Advancing a value in DPair map");
type = cbor_value_get_type(&dpairMap);
if (0 == strcmp(OIC_JSON_SPM_NAME, name))
if (0 == strcmp(OIC_JSON_SPM_NAME, name) && cbor_value_is_integer(&dpairMap))
{
cborFindResult = cbor_value_get_int(&dpairMap, (int *) &dpair->spm);
VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Finding SPM Value");
......
......@@ -476,7 +476,7 @@ OCStackResult CBORPayloadToPconf(const uint8_t *cborPayload, size_t size, OicSec
char *name = NULL;
size_t len = 0;
CborType type = cbor_value_get_type(&pconfMap);
if (type == CborTextStringType)
if (type == CborTextStringType && cbor_value_is_text_string(&pconfMap))
{
cborFindResult = cbor_value_dup_text_string(&pconfMap, &name, &len, NULL);
VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed to get value");
......@@ -487,7 +487,7 @@ OCStackResult CBORPayloadToPconf(const uint8_t *cborPayload, size_t size, OicSec
if (name)
{
//EDP -- Mandatory
if(0 == strcmp(OIC_JSON_EDP_NAME, name))
if(0 == strcmp(OIC_JSON_EDP_NAME, name) && cbor_value_is_boolean(&pconfMap))
{
cborFindResult = cbor_value_get_boolean(&pconfMap, &pconf->edp);
VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed to get value");
......@@ -505,7 +505,7 @@ OCStackResult CBORPayloadToPconf(const uint8_t *cborPayload, size_t size, OicSec
cborFindResult = cbor_value_enter_container(&pconfMap, &prm);
VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed to eneter array");
while (cbor_value_is_valid(&prm))
while (cbor_value_is_valid(&prm) && cbor_value_is_integer(&prm))
{
cborFindResult = cbor_value_get_int(&prm, (int *)&pconf->prm[i++]);
VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed to get value");
......@@ -514,7 +514,7 @@ OCStackResult CBORPayloadToPconf(const uint8_t *cborPayload, size_t size, OicSec
}
}
//PIN -- Mandatory
if (0 == strcmp(OIC_JSON_PIN_NAME, name))
if (0 == strcmp(OIC_JSON_PIN_NAME, name) && cbor_value_is_byte_string(&pconfMap))
{
uint8_t *pin = NULL;
cborFindResult = cbor_value_dup_byte_string(&pconfMap, &pin, &len, NULL);
......@@ -546,7 +546,7 @@ OCStackResult CBORPayloadToPconf(const uint8_t *cborPayload, size_t size, OicSec
char* name = NULL;
size_t len = 0;
CborType type = cbor_value_get_type(&pdAclMap);
if (type == CborTextStringType)
if (type == CborTextStringType && cbor_value_is_text_string(&pdAclMap))
{
cborFindResult = cbor_value_dup_text_string(&pdAclMap, &name,
&len, NULL);
......@@ -557,7 +557,7 @@ OCStackResult CBORPayloadToPconf(const uint8_t *cborPayload, size_t size, OicSec
if (name)
{
// Resources -- Mandatory
if (strcmp(name, OIC_JSON_RESOURCES_NAME) == 0)
if (strcmp(name, OIC_JSON_RESOURCES_NAME) == 0 && cbor_value_is_array(&pdAclMap))
{
int i = 0;
CborValue resources = { .parser = NULL };
......@@ -576,7 +576,7 @@ OCStackResult CBORPayloadToPconf(const uint8_t *cborPayload, size_t size, OicSec
cborFindResult = cbor_value_enter_container(&resources, &rMap);
VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Entering Resource Map");
while(cbor_value_is_valid(&rMap))
while(cbor_value_is_valid(&rMap) && cbor_value_is_text_string(&rMap))
{
char *rMapName = NULL;
size_t rMapNameLen = 0;
......@@ -640,7 +640,7 @@ OCStackResult CBORPayloadToPconf(const uint8_t *cborPayload, size_t size, OicSec
}
// Permissions -- Mandatory
if (strcmp(name, OIC_JSON_PERMISSION_NAME) == 0)
if (strcmp(name, OIC_JSON_PERMISSION_NAME) == 0 && cbor_value_is_unsigned_integer(&pdAclMap))
{
cborFindResult = cbor_value_get_uint64(&pdAclMap,
(uint64_t *) &pdacl->permission);
......@@ -648,7 +648,7 @@ OCStackResult CBORPayloadToPconf(const uint8_t *cborPayload, size_t size, OicSec
}
// Period -- Not mandatory
if (strcmp(name, OIC_JSON_PERIODS_NAME) == 0)
if (strcmp(name, OIC_JSON_PERIODS_NAME) == 0 && cbor_value_is_array(&pdAclMap))
{
int i = 0;
CborValue period = { .parser = NULL };
......@@ -660,7 +660,7 @@ OCStackResult CBORPayloadToPconf(const uint8_t *cborPayload, size_t size, OicSec
pdacl->periods = (char **) OICCalloc(pdacl->prdRecrLen, sizeof(char*));
VERIFY_NON_NULL(TAG, pdacl->periods, ERROR);
while (cbor_value_is_text_string(&period))
while (cbor_value_is_text_string(&period) && cbor_value_is_text_string(&period))
{
cborFindResult = cbor_value_dup_text_string(&period,
&pdacl->periods[i++], &len, NULL);
......@@ -672,7 +672,7 @@ OCStackResult CBORPayloadToPconf(const uint8_t *cborPayload, size_t size, OicSec
}
// Recurrence -- Not mandatory
if (strcmp(name, OIC_JSON_RECURRENCES_NAME) == 0)
if (strcmp(name, OIC_JSON_RECURRENCES_NAME) == 0 && cbor_value_is_array(&pdAclMap))
{
int i = 0;
CborValue recurrences = { .parser = NULL };
......@@ -683,7 +683,7 @@ OCStackResult CBORPayloadToPconf(const uint8_t *cborPayload, size_t size, OicSec
pdacl->recurrences = (char **) OICCalloc(pdacl->prdRecrLen, sizeof(char*));
VERIFY_NON_NULL(TAG, pdacl->recurrences, ERROR);
while (cbor_value_is_text_string(&recurrences))
while (cbor_value_is_text_string(&recurrences) && cbor_value_is_text_string(&recurrences))
{
cborFindResult = cbor_value_dup_text_string(&recurrences,
&pdacl->recurrences[i++], &len, NULL);
......@@ -725,7 +725,7 @@ OCStackResult CBORPayloadToPconf(const uint8_t *cborPayload, size_t size, OicSec
}
//PDDev -- Mandatory
if (strcmp(name, OIC_JSON_PDDEV_LIST_NAME) == 0)
if (strcmp(name, OIC_JSON_PDDEV_LIST_NAME) == 0 && cbor_value_is_array(&pconfMap))
{
int i = 0;
CborValue pddevs = { .parser = NULL };
......@@ -736,7 +736,7 @@ OCStackResult CBORPayloadToPconf(const uint8_t *cborPayload, size_t size, OicSec
pconf->pddevs = (OicUuid_t *)OICMalloc(pconf->pddevLen * sizeof(OicUuid_t));
VERIFY_NON_NULL(TAG, pconf->pddevs, ERROR);
while (cbor_value_is_valid(&pddevs))
while (cbor_value_is_valid(&pddevs) && cbor_value_is_text_string(&pddevs))
{
char *pddev = NULL;
cborFindResult = cbor_value_dup_text_string(&pddevs, &pddev, &len, NULL);
......@@ -750,7 +750,7 @@ OCStackResult CBORPayloadToPconf(const uint8_t *cborPayload, size_t size, OicSec
}
//Mandatory - Device Id
if (0 == strcmp(OIC_JSON_DEVICE_ID_NAME, name))
if (0 == strcmp(OIC_JSON_DEVICE_ID_NAME, name) && cbor_value_is_text_string(&pconfMap))
{
char *deviceId = NULL;
cborFindResult = cbor_value_dup_text_string(&pconfMap, &deviceId, &len, NULL);
......@@ -761,7 +761,7 @@ OCStackResult CBORPayloadToPconf(const uint8_t *cborPayload, size_t size, OicSec
}
// ROwner -- Mandatory
if (0 == strcmp(OIC_JSON_ROWNERID_NAME, name))
if (0 == strcmp(OIC_JSON_ROWNERID_NAME, name) && cbor_value_is_text_string(&pconfMap))
{
char *rowner = NULL;
cborFindResult = cbor_value_dup_text_string(&pconfMap, &rowner, &len, NULL);
......
......@@ -230,7 +230,7 @@ OCStackResult CBORPayloadToSVC(const uint8_t *cborPayload, size_t size,
type = cbor_value_get_type(&svcMap);
// Service Device Identity
if (0 == strcmp(OIC_JSON_SERVICE_DEVICE_ID, name))
if (0 == strcmp(OIC_JSON_SERVICE_DEVICE_ID, name) && cbor_value_is_byte_string(&svcMap))
{
uint8_t *subjectId = NULL;
cborFindResult = cbor_value_dup_byte_string(&svcMap, &subjectId, &len, NULL);
......@@ -239,14 +239,14 @@ OCStackResult CBORPayloadToSVC(const uint8_t *cborPayload, size_t size,
OICFree(subjectId);
}
// Service Type
if (0 == strcmp(OIC_JSON_SERVICE_TYPE, name))
if (0 == strcmp(OIC_JSON_SERVICE_TYPE, name) && cbor_value_is_integer(&svcMap))
{
cborFindResult = cbor_value_get_int(&svcMap, (int *) &svc->svct);
VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed to Find SVCT.");
}
// Owners -- Mandatory
if (0 == strcmp(OIC_JSON_OWNERS_NAME, name))
if (0 == strcmp(OIC_JSON_OWNERS_NAME, name) && cbor_value_is_array(&svcMap))
{
int i = 0;
CborValue owners = { .parser = NULL };
......@@ -258,7 +258,7 @@ OCStackResult CBORPayloadToSVC(const uint8_t *cborPayload, size_t size,
svc->owners = (OicUuid_t *)OICCalloc(svc->ownersLen, sizeof(*svc->owners));
VERIFY_NON_NULL(TAG, svc->owners, ERROR);
while (cbor_value_is_valid(&owners))
while (cbor_value_is_valid(&owners) && cbor_value_is_byte_string(&owners))
{
uint8_t *owner = NULL;
cborFindResult = cbor_value_dup_byte_string(&owners, &owner, &len, NULL);
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment