[IOT-994] Fixing crash for parsing arbitrary UTF-8 payload
authorMarkus Jung <markus.jung@samsung.com>
Mon, 11 Apr 2016 09:23:33 +0000 (18:23 +0900)
committerUze Choi <uzchoi@samsung.com>
Tue, 12 Apr 2016 00:16:02 +0000 (00:16 +0000)
Avoid the crash by checking whether the cbortype is map.
Fundamentally, no-cbor type payload should be filtered in tinycbor library.
This change can be removed later.

Change-Id: Icde1422c61319d8c5e66675d9ef2b66f30dc4077
Signed-off-by: Markus Jung <markus.jung@samsung.com>
Reviewed-on: https://gerrit.iotivity.org/gerrit/7737
Tested-by: jenkins-iotivity <jenkins-iotivity@opendaylight.org>
Reviewed-by: Uze Choi <uzchoi@samsung.com>
Reviewed-by: Markus Jung <markus.jung85@gmail.com>
resource/csdk/stack/src/ocpayloadparse.c

index 3000440..5aa1c3e 100644 (file)
@@ -1073,6 +1073,11 @@ static OCStackResult OCParseRepPayload(OCPayload **outPayload, CborValue *root)
         CborValue curVal;
         ret = OC_STACK_MALFORMED_RESPONSE;
 
+        // temporary fix to check for malformed cbor payload
+        if (!cbor_value_is_map(&rootMap) && !cbor_value_is_array(&rootMap)){
+            goto exit;
+        }
+
         if (cbor_value_is_map(&rootMap))
         {
             err = cbor_value_map_find_value(&rootMap, OC_RSRVD_HREF, &curVal);
@@ -1084,6 +1089,7 @@ static OCStackResult OCParseRepPayload(OCPayload **outPayload, CborValue *root)
                 VERIFY_CBOR_SUCCESS(TAG, err, "Failed to find uri");
             }
         }
+
         // Resource types
         if (cbor_value_is_map(&rootMap))
         {
@@ -1109,6 +1115,7 @@ static OCStackResult OCParseRepPayload(OCPayload **outPayload, CborValue *root)
             err = OCParseSingleRepPayload(&temp, &rootMap, true);
             VERIFY_CBOR_SUCCESS(TAG, err, "Failed to parse single rep payload");
         }
+
         if(rootPayload == NULL)
         {
             rootPayload = temp;