1. 14 Jun, 2018 1 commit
    • Oleksandr Andrieiev's avatar
      [CR2390] Identity spoofing/privelege escalation · bc8c9fdc
      Oleksandr Andrieiev authored
      For secure connections that use certificates the SubjectUUID
      is retrieved from leaf certificate's CN. However, there is
      no binding mechanism between Root CA and Device Id that it
      can generate certificates for. Root CAs can issue certificates
      with arbitrary UUIDs, which can be used to impersonate another
      The fix adds callback to the certificate chain validation
      function. This callback collects single-linked list of all
      UUIDs associated with the certificate in cred entries.
      When leaf certificate is reached, UUID of Device is retrieved
      and matched against static list. If no matching UUID is
      found, connection should be rejected.
      Bug: https://jira.iotivity.org/browse/IOT-3087
      Change-Id: I20333c980226dc6a0c257dc36aab1502202993d9
      Signed-off-by: Oleksandr Andrieiev's avatarOleksandr Andrieiev <o.andrieiev@samsung.com>
  2. 08 Jun, 2018 1 commit
  3. 07 Jun, 2018 1 commit
  4. 04 Jun, 2018 1 commit
  5. 30 May, 2018 2 commits
  6. 28 May, 2018 1 commit
  7. 24 May, 2018 1 commit
    • Veeraj Khokale's avatar
      [IOT-3044] No response for Ping message · 6b637551
      Veeraj Khokale authored
      TCP adapter disconnects the session whenever
      the data to be sent has an empty payload.
      Since ping messages and signaling messages
      need to have an empty payload they are dropped.
      Fix this by checking if the message is a signaling
      message before dropping it.
      Change-Id: I1cfad27fcfd5cf3a42510412e6555b84ea905259
      Signed-off-by: default avatarVeeraj Khokale <veeraj.sk@samsung.com>
      (cherry picked from commit c7dce6b5)
  8. 23 May, 2018 1 commit
  9. 22 May, 2018 1 commit
  10. 18 May, 2018 1 commit
  11. 17 May, 2018 1 commit
  12. 16 May, 2018 2 commits
  13. 07 May, 2018 1 commit
  14. 04 May, 2018 1 commit
  15. 20 Apr, 2018 2 commits
  16. 19 Apr, 2018 1 commit
  17. 18 Apr, 2018 5 commits
    • Mats Wichmann's avatar
      static analysis: buffer size violations · def7f5fe
      Mats Wichmann authored
      fix reported "might leave destination string unterminated" when
      using strncpy and the size argument is the size of the desitnation
      buffer. There are several ways to fix, but the IoTivity API OCStrncpy
      adjusts the size before calling the underlying fuction and so fixes
      the problem. This is the coding standard recommendation anyway.
      for instances in examples, oic_string.h is not in the public API,
      so just fix up the counts.
      bridging/common/messageHandler.cpp had a third strncpy which was not
      flagged - but it was using a constant that did not match the size
      in the destination - MPMResourceList.href is size MPM_MAX_URI_LEN,
      so this was adjusted.
      service/notification/src/consumer/NSConsumerCommon.c had this construct:
         sizeof(char) * NS_DEVICE_ID_LENGTH
      in several places (one of which was one of these strncpy calls that
      was changed). the instances were shortened NS_DEVICE_ID_LENGTH for
      readability. This is not fixing any reported problem and can be
      dropped if it bothers reviewers.
      Change-Id: I8f22f7dd704849477dad0dd1f16cd9276ebf1d04
      Signed-off-by: default avatarMats Wichmann <mats@linux.com>
    • Oleksandr Dmytrenko's avatar
      [IOT-3022] · 5dbe9adc
      Oleksandr Dmytrenko authored
      outdated cloud sample removed 
      Change-Id: I8d8991d1e6f5f0879c3a168b7807680710b2e0a2
      Signed-off-by: default avatarOleksandr Dmytrenko <o.dmytrenko@samsung.com>
    • Oleksandr Dmytrenko's avatar
      [IOT-3022] · 37cb9379
      Oleksandr Dmytrenko authored
      a) cloud resource unittests
      b) amacl resource make cbor fix
      Change-Id: Ib4d56f3105e060656d52f5b0b498ae188fe42c03
      Signed-off-by: default avatarOleksandr Dmytrenko <o.dmytrenko@samsung.com>
    • Kush's avatar
      Enhanced comment ratio for le_adapter · 417a8cb0
      Kush authored
      Change-Id: I893246e60d959efa65741635e8e8b286e05a0b4d
      Signed-off-by: Kush's avatarKush <kush.agrawal@samsung.com>
    • Aleksey's avatar
      [IOT-3022] Plugfest hotfix 3 · af3a37e3
      Aleksey authored
      - add coapcloudconf uri to DCR list
      - start cloud signin on RFNOP, not on RFPRO
      Change-Id: Id52b650a23c82830a2641d5e0e5b94af79aa0c27
      Signed-off-by: Aleksey's avatarAleksey Volkov <a.volkov@samsung.com>
  18. 17 Apr, 2018 1 commit
  19. 16 Apr, 2018 2 commits
  20. 13 Apr, 2018 1 commit
  21. 12 Apr, 2018 1 commit
  22. 11 Apr, 2018 1 commit
  23. 10 Apr, 2018 5 commits
    • Philippe Coval's avatar
      build: Update version to 1.4.0 · c29d6e78
      Philippe Coval authored
      Change-Id: I3e6ab42060cd082094dd906e36897dc58f152773
      Origin: https://gerrit.iotivity.org/gerrit/#/c/24421/Signed-off-by: default avatarPhilippe Coval <philippe.coval@osg.samsung.com>
    • v.riznyk's avatar
      [IOT-3041] return OC_STACK_OK when pDev2=NULL · a1b6b817
      v.riznyk authored
      The checking pDev2 was added to OCProvisionCredentials.
      Change-Id: Ic289559c68250a1436fab64bcbd5dfb26d7eb4c8
      Signed-off-by: default avatarv.riznyk <v.riznyk@samsung.com>
    • v.riznyk's avatar
      [IOT-2052] Update to support OCF 1.0 · 6c75163f
      v.riznyk authored
      Update Cred recource with adding partial generating CBOR.
      Change-Id: I25dcf3d020da09c67d0769eee8659d85253b4f5d
      Signed-off-by: default avatarv.riznyk <v.riznyk@samsung.com>
    • Mats Wichmann's avatar
      Fix two more problems building with Python3 · 03f2b25c
      Mats Wichmann authored
      The boost script used string.replace() which is no longer
      supported; problem did not turn up until trying a build on Windows
      The security - provisioning - unittest script had a Windows
      stanza for killing running server processes before launching a
      new one. It printed the process id it was going to kill in a way
      that caused an AttributError exception - this was a conversion
      error from when print statement was changed to print function,
      again the code path had not been hit. At the same time a second
      exception ocurred because when the first exception took place the
      script attempted to us the message attribute of the exception for
      printing, but not all exceptions have such an attribute. Change
      to just print the string representation of the exception, which
      is more reliable.
      Additionally, in the libcoap script, the term 'string' is used
      which while not broken since the script never imports the string
      module, is unnecessarily ambiguous. Use the Python recommended
      disambiguation of adding a trailing underscore on an identifier
      which might match one used by Python.
      Change-Id: I635796a6442caacb6988e21dbe46938f860e333f
      Signed-off-by: default avatarMats Wichmann <mats@linux.com>
    • Mats Wichmann's avatar
      Memory leak in security spresource · 0147561b
      Mats Wichmann authored
      In TestEncodeDecode, a profile is allocated and filled;
      it is unwound but not deallocated, leading to valgrind
      memory leak report like this:
      32 bytes in 1 blocks are definitely lost in loss record 130 of 271
      The freeing change eliminates nine such reports, one for
      each call to the function.
      Change-Id: I8b1223f7b832d4fafac4d7225ea2544fc348a7a4
      Signed-off-by: default avatarMats Wichmann <mats@linux.com>
  24. 09 Apr, 2018 1 commit
  25. 07 Apr, 2018 4 commits