oc_obt:check errors in get ACL and creds handlers

Signed-off-by: Kishen Maloor <kishen.maloor@intel.com>

oc_obt:check errors in get ACL and creds handlers
Signed-off-by: Kishen Maloor <kishen.maloor@intel.com>
cff623dd · Kishen Maloor · 897e215a · cff623dd · cff623dd · cff623dd
Commit cff623dd authored Apr 15, 2020 by Kishen Maloor
Hide whitespace changes
Inline Side-by-side

Showing with 40 additions and 29 deletions

onboarding_tool/obtmain.c onboarding_tool/obtmain.c +1 -0

security/oc_obt.c security/oc_obt.c +31 -25

security/oc_tls.c security/oc_tls.c +8 -4

No files found.
--- a/onboarding_tool/obtmain.c
+++ b/onboarding_tool/obtmain.c
@@ -1543,6 +1543,7 @@ read_pem(const char *file_path, char *buffer, size_t *buffer_len)
    return -1;
  }
  fclose(fp);
+  buffer[pem_len] = '\0';
  *buffer_len = (size_t)pem_len;
  return 0;
 }

--- a/security/oc_obt.c
+++ b/security/oc_obt.c
@@ -2094,19 +2094,22 @@ cred_rsrc(oc_client_response_t *data)
    return;
  }
  oc_list_remove(oc_credret_ctx_l, ctx);
-  oc_sec_creds_t *creds = (oc_sec_creds_t *)oc_memb_alloc(&oc_creds_m);
-  if (creds) {
-    OC_LIST_STRUCT_INIT(creds, creds);
-    if (decode_cred(data->payload, creds)) {
-      OC_DBG("oc_obt:decoded /oic/sec/cred payload");
-    } else {
-      OC_DBG("oc_obt:error decoding /oic/sec/cred payload");
-    }
-    if (oc_list_length(creds->creds) > 0) {
-      ctx->cb(creds, ctx->data);
-    } else {
-      oc_memb_free(&oc_creds_m, creds);
-      creds = NULL;
+  oc_sec_creds_t *creds = NULL;
+  if (data->code < OC_STATUS_BAD_REQUEST) {
+    creds = (oc_sec_creds_t *)oc_memb_alloc(&oc_creds_m);
+    if (creds) {
+      OC_LIST_STRUCT_INIT(creds, creds);
+      if (decode_cred(data->payload, creds)) {
+        OC_DBG("oc_obt:decoded /oic/sec/cred payload");
+      } else {
+        OC_DBG("oc_obt:error decoding /oic/sec/cred payload");
+      }
+      if (oc_list_length(creds->creds) > 0) {
+        ctx->cb(creds, ctx->data);
+      } else {
+        oc_memb_free(&oc_creds_m, creds);
+        creds = NULL;
+      }
    }
  }
  if (!creds) {
@@ -2421,18 +2424,21 @@ acl2_rsrc(oc_client_response_t *data)
    return;
  }
  oc_list_remove(oc_aclret_ctx_l, ctx);
-  oc_sec_acl_t *acl = (oc_sec_acl_t *)oc_memb_alloc(&oc_acl_m);
-  if (acl) {
-    if (decode_acl(data->payload, acl)) {
-      OC_DBG("oc_obt:decoded /oic/sec/acl2 payload");
-    } else {
-      OC_DBG("oc_obt:error decoding /oic/sec/acl2 payload");
-    }
-    if (oc_list_length(acl->subjects) > 0) {
-      ctx->cb(acl, ctx->data);
-    } else {
-      oc_memb_free(&oc_acl_m, acl);
-      acl = NULL;
+  oc_sec_acl_t *acl = NULL;
+  if (data->code < OC_STATUS_BAD_REQUEST) {
+    acl = (oc_sec_acl_t *)oc_memb_alloc(&oc_acl_m);
+    if (acl) {
+      if (decode_acl(data->payload, acl)) {
+        OC_DBG("oc_obt:decoded /oic/sec/acl2 payload");
+      } else {
+        OC_DBG("oc_obt:error decoding /oic/sec/acl2 payload");
+      }
+      if (oc_list_length(acl->subjects) > 0) {
+        ctx->cb(acl, ctx->data);
+      } else {
+        oc_memb_free(&oc_acl_m, acl);
+        acl = NULL;
+      }
    }
  }
  if (!acl) {

--- a/security/oc_tls.c
+++ b/security/oc_tls.c
@@ -1203,8 +1203,12 @@ oc_tls_add_peer(oc_endpoint_t *endpoint, int role)
                             ? MBEDTLS_SSL_TRANSPORT_STREAM
                             : MBEDTLS_SSL_TRANSPORT_DATAGRAM;

-      oc_tls_populate_ssl_config(&peer->ssl_conf, endpoint->device, role,
-                                 transport_type);
+      if (oc_tls_populate_ssl_config(&peer->ssl_conf, endpoint->device, role,
+                                     transport_type) < 0) {
+        OC_ERR("oc_tls: error in tls_populate_ssl_config");
+        oc_tls_free_peer(peer, false);
+        return NULL;
+      }

 #ifdef OC_PKI
 #if defined(OC_CLOUD) && defined(OC_CLIENT)
@@ -1222,7 +1226,7 @@ oc_tls_add_peer(oc_endpoint_t *endpoint, int role)

      if (err != 0) {
        OC_ERR("oc_tls: error in mbedtls_ssl_setup: %d", err);
-        oc_memb_free(&tls_peers_s, peer);
+        oc_tls_free_peer(peer, false);
        return NULL;
      }

@@ -1232,7 +1236,7 @@ oc_tls_add_peer(oc_endpoint_t *endpoint, int role)
          mbedtls_ssl_set_client_transport_id(
            &peer->ssl_ctx, (const unsigned char *)&endpoint->addr,
            sizeof(endpoint->addr)) != 0) {
-        oc_memb_free(&tls_peers_s, peer);
+        oc_tls_free_peer(peer, false);
        return NULL;
      }
      oc_list_add(tls_peers, peer);