Resolved security issues - IOT-1058 & IOT-1059

https://jira.iotivity.org/browse/IOT-1058
[PM] [C] [Linux] [API] OCProvisionDirectPairing Fails to Provision Direct Pairing

https://jira.iotivity.org/browse/IOT-1059
[PM] [C] [Linux] [API] OCDoDirectPairing returns OC_STACK_INVALID_PARAM instead of OC_STACK_CALLBACK while resultCallback= NULL

-Patch 1: Resolved security Issues on 1.1.0-RC2
-Patch 2: Fix the expected value of OCDoDirectPairingTests.NullCallback in the stack unit test

Change-Id: I82cd3f855eeda1a65596984804fc8f1ce10cb79f
Signed-off-by: Joonghwan Lee <jh05.lee@samsung.com>
Reviewed-on: https://gerrit.iotivity.org/gerrit/7479
Tested-by: jenkins-iotivity <jenkins-iotivity@opendaylight.org>
Reviewed-by: Jongsung Lee <js126.lee@samsung.com>
Reviewed-by: Randeep Singh <randeep.s@samsung.com>

diff --git a/resource/csdk/security/provisioning/src/secureresourceprovider.c b/resource/csdk/security/provisioning/src/secureresourceprovider.c
index 48be684..5e7a055 100644 (file)
--- a/resource/csdk/security/provisioning/src/secureresourceprovider.c
+++ b/resource/csdk/security/provisioning/src/secureresourceprovider.c
@@ -950,7 +950,7 @@ static OCStackApplicationResult SRPProvisionDirectPairingCB(void *ctx, OCDoHandl
     {
         if(OC_STACK_RESOURCE_CREATED == clientResponse->result)
         {
-            registerResultForDirectPairingProvisioning(pconfData, OC_STACK_RESOURCE_CREATED);
+            registerResultForDirectPairingProvisioning(pconfData, OC_STACK_OK);
             ((OCProvisionResultCB)(resultCallback))(pconfData->ctx, pconfData->numOfResults,
                                                     pconfData->resArr,
                                                     false);

diff --git a/resource/csdk/stack/src/ocstack.c b/resource/csdk/stack/src/ocstack.c
index 89c2bc1..aad12f6 100644 (file)
--- a/resource/csdk/stack/src/ocstack.c
+++ b/resource/csdk/stack/src/ocstack.c
@@ -3906,11 +3906,16 @@ OCStackResult OCDoDirectPairing(OCDPDev_t* peer, OCPrm_t pmSel, char *pinNumber,
                                                      OCDirectPairingCB resultCallback)
 {
     OIC_LOG(INFO, TAG, "Start OCDoDirectPairing");
-    if(NULL ==  peer || NULL == resultCallback)
+    if(NULL ==  peer || NULL == pinNumber)
     {
         OIC_LOG(ERROR, TAG, "Invalid parameters");
         return OC_STACK_INVALID_PARAM;
     }
+    if(NULL == resultCallback)
+    {
+        OIC_LOG(ERROR, TAG, "Invalid callback");
+        return OC_STACK_INVALID_CALLBACK;
+    }
 
     gDirectpairingCallback = resultCallback;
     return DPDirectPairing((OCDirectPairingDev_t*)peer, (OicSecPrm_t)pmSel,

diff --git a/resource/csdk/stack/test/stacktests.cpp b/resource/csdk/stack/test/stacktests.cpp
old mode 100755 (executable)
new mode 100644 (file)
index d5bdd26..ae60c5b
--- a/resource/csdk/stack/test/stacktests.cpp
+++ b/resource/csdk/stack/test/stacktests.cpp
@@ -1683,7 +1683,7 @@ TEST(OCDoDirectPairingTests, Nullpeer)
 
 TEST(OCDoDirectPairingTests, NullCallback)
 {
-    EXPECT_EQ(OC_STACK_INVALID_PARAM,OCDoDirectPairing(&peer, pmSel, &pinNumber, NULL));
+    EXPECT_EQ(OC_STACK_INVALID_CALLBACK,OCDoDirectPairing(&peer, pmSel, &pinNumber, NULL));
 }
 
 TEST(OCDoDirectPairingTests, NullpinNumber)