Fix to check payload type before parsing it

author Hongkuk, Son <hongkuk.son@samsung.com>

Wed, 1 Nov 2017 06:19:08 +0000 (15:19 +0900)

committer Hongkuk, Son <hongkuk.son@samsung.com>

Wed, 1 Nov 2017 11:28:35 +0000 (20:28 +0900)
author Hongkuk, Son <hongkuk.son@samsung.com>
Wed, 1 Nov 2017 06:19:08 +0000 (15:19 +0900)
committer Hongkuk, Son <hongkuk.son@samsung.com>
Wed, 1 Nov 2017 11:28:35 +0000 (20:28 +0900)
diff --git a/src/ic-ioty-ocprocess.c b/src/ic-ioty-ocprocess.c

old mode 100644 (file)

new mode 100755 (executable)

index d9b77bf..52794fc
--- a/src/ic-ioty-ocprocess.c
+++ b/src/ic-ioty-ocprocess.c
@@ -399,6 +399,10 @@ OCStackApplicationResult icl_ioty_ocprocess_presence_cb(void *ctx,
  
         DBG("presence->handle:[%p] vs handle:[%p]", presence->handle, handle);
  
+       RETV_IF(NULL == resp->payload, OC_STACK_KEEP_TRANSACTION);
+       RETVM_IF(PAYLOAD_TYPE_PRESENCE != resp->payload->type,
+                       OC_STACK_KEEP_TRANSACTION, "Invalid payload type(%d)", resp->payload->type);
+
         ret = ic_ioty_parse_oic_presence_payload(&resp->devAddr,
                         (OCPresencePayload*)resp->payload, resp->result, &presence_response);
         if (IOTCON_ERROR_NONE != ret) {
@@ -460,6 +464,9 @@ OCStackApplicationResult icl_ioty_ocprocess_observe_cb(void *ctx,
                 return OC_STACK_KEEP_TRANSACTION;
         }
  
+       RETVM_IF(PAYLOAD_TYPE_REPRESENTATION != resp->payload->type,
+                       OC_STACK_KEEP_TRANSACTION, "Invalid payload type(%d)", resp->payload->type);
+
         /* representation */
         ret = ic_ioty_parse_oic_rep_payload((OCRepPayload*)resp->payload, true, &repr);
         if (IOTCON_ERROR_NONE != ret) {
@@ -568,6 +575,15 @@ OCStackApplicationResult icl_ioty_ocprocess_crud_cb(void *ctx,
                 return OC_STACK_DELETE_TRANSACTION;
         }
  
+       if (PAYLOAD_TYPE_REPRESENTATION != resp->payload->type) {
+               ERR("Invalid payload type(%d)", resp->payload->type);
+               if (cb_container->cb) {
+                       cb_container->cb(cb_container->resource, IOTCON_ERROR_IOTIVITY,
+                                       cb_container->req_type, NULL, cb_container->user_data);
+               }
+               return OC_STACK_DELETE_TRANSACTION;
+       }
+
         /* representation */
         ret = ic_ioty_parse_oic_rep_payload((OCRepPayload*)resp->payload, true, &repr);
         if (IOTCON_ERROR_NONE != ret) {
@@ -717,6 +733,15 @@ OCEntityHandlerResult icl_ioty_ocprocess_request_cb(OCEntityHandlerFlag flag,
  
         /* representation */
         if (request->payload) {
+               if (PAYLOAD_TYPE_REPRESENTATION != request->payload->type) {
+                       ERR("Invalid payload type(%d)", request->payload->type);
+                       if (options)
+                               icl_options_destroy(options);
+                       if (query)
+                               icl_query_destroy(query);
+                       return OC_EH_ERROR;
+               }
+
                 ic_ioty_parse_oic_rep_payload((OCRepPayload*)request->payload, true, &repr);
                 if (repr && NULL == repr->uri_path)
                         repr->uri_path = ic_utils_strdup(resource->uri_path);
@@ -879,8 +904,14 @@ OCEntityHandlerResult icl_ioty_ocprocess_lite_request_cb(OCEntityHandlerFlag fla
         }
  
         /* representation */
-       if (request->payload)
+       if (request->payload) {
+               if (PAYLOAD_TYPE_REPRESENTATION != request->payload->type) {
+                       ERR("Invalid payload type(%d)", request->payload->type);
+                       return OC_EH_ERROR;
+               }
+
                 ic_ioty_parse_oic_rep_payload((OCRepPayload*)request->payload, true, &repr);
+       }
  
         res = calloc(1, sizeof(struct icl_resource_response));
         if (NULL == res) {
author	Hongkuk, Son <hongkuk.son@samsung.com>
	Wed, 1 Nov 2017 06:19:08 +0000 (15:19 +0900)
committer	Hongkuk, Son <hongkuk.son@samsung.com>
	Wed, 1 Nov 2017 11:28:35 +0000 (20:28 +0900)