Buffer overrun in ocstack.c

UUID length is 37, but CA was setting it as 32.
Since UUID length was set in octack, the correct
size has to berelatively in CA layer too.

BUG: https://jira.iotivity.org/browse/IOT-1638
Change-Id: I4c8713acf9329fe8ace64d1da56093c1126d9c19
Signed-off-by: Habib Virji <habib.virji@samsung.com>
Reviewed-on: https://gerrit.iotivity.org/gerrit/15353
Reviewed-by: George Nash <george.nash@intel.com>
Tested-by: jenkins-iotivity <jenkins-iotivity@opendaylight.org>
Reviewed-by: Kevin Kane <kkane@microsoft.com>
Reviewed-by: Ziran Sun <ziran.sun@samsung.com>

diff --git a/resource/csdk/connectivity/api/cacommon.h b/resource/csdk/connectivity/api/cacommon.h
index 077b216..ae29ab4 100755 (executable)
--- a/resource/csdk/connectivity/api/cacommon.h
+++ b/resource/csdk/connectivity/api/cacommon.h
@@ -113,7 +113,7 @@ extern "C"
 /**
  *Maximum length of the remoteEndpoint identity.
  */
-#define CA_MAX_ENDPOINT_IDENTITY_LEN   (32)
+#define CA_MAX_ENDPOINT_IDENTITY_LEN  UUID_STRING_SIZE
 
 /**
  * option types - the highest option number 63.

diff --git a/resource/csdk/stack/include/octypes.h b/resource/csdk/stack/include/octypes.h
index 027652c..d872e86 100755 (executable)
--- a/resource/csdk/stack/include/octypes.h
+++ b/resource/csdk/stack/include/octypes.h
@@ -332,9 +332,6 @@ extern "C" {
 /** Blocks of MAC address */
 #define MAC_ADDR_BLOCKS (6)
 
-/** Max identity size. */
-#define MAX_IDENTITY_SIZE (37)
-
 /** Universal unique identity size. */
 #define UUID_IDENTITY_SIZE (128/8)
 
@@ -679,7 +676,7 @@ typedef struct
     uint16_t id_length;
 
     /** Array of end point identity.*/
-    unsigned char id[MAX_IDENTITY_SIZE];
+    unsigned char id[UUID_STRING_SIZE];
 } OCIdentity;
 
 /**