--- /dev/null
+From e8bd647d8271174d3737dcf68086126b73a73df6 Mon Sep 17 00:00:00 2001
+From: Oleksii Beketov <ol.beketov@samsung.com>
+Date: Mon, 18 Dec 2017 15:23:28 +0200
+Subject: [PATCH] CVE-2017-14032
+
+Signed-off-by: Oleksii Beketov <ol.beketov@samsung.com>
+---
+ include/mbedtls/error.h | 2 +-
+ include/mbedtls/ssl.h | 2 +-
+ include/mbedtls/x509.h | 1 +
+ include/mbedtls/x509_crt.h | 8 +++++++-
+ library/error.c | 2 ++
+ library/x509_crt.c | 30 ++++++++++++++++++++++--------
+ 6 files changed, 34 insertions(+), 11 deletions(-)
+
+diff --git a/include/mbedtls/error.h b/include/mbedtls/error.h
+index 5e549f6..31591e2 100644
+--- a/include/mbedtls/error.h
++++ b/include/mbedtls/error.h
+@@ -71,7 +71,7 @@
+ * Name ID Nr of Errors
+ * PEM 1 9
+ * PKCS#12 1 4 (Started from top)
+- * X509 2 19
++ * X509 2 20
+ * PKCS5 2 4 (Started from top)
+ * DHM 3 9
+ * PK 3 14 (Started from top)
+diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h
+index 495e02c..4f171e0 100644
+--- a/include/mbedtls/ssl.h
++++ b/include/mbedtls/ssl.h
+@@ -1042,7 +1042,7 @@ void mbedtls_ssl_conf_authmode( mbedtls_ssl_config *conf, int authmode );
+ *
+ * If set, the verify callback is called for each
+ * certificate in the chain. For implementation
+- * information, please see \c x509parse_verify()
++ * information, please see \c mbedtls_x509_crt_verify()
+ *
+ * \param conf SSL configuration
+ * \param f_vrfy verification function
+diff --git a/include/mbedtls/x509.h b/include/mbedtls/x509.h
+index f219bf1..128eade 100644
+--- a/include/mbedtls/x509.h
++++ b/include/mbedtls/x509.h
+@@ -76,6 +76,7 @@
+ #define MBEDTLS_ERR_X509_ALLOC_FAILED -0x2880 /**< Allocation of memory failed. */
+ #define MBEDTLS_ERR_X509_FILE_IO_ERROR -0x2900 /**< Read/write of file failed. */
+ #define MBEDTLS_ERR_X509_BUFFER_TOO_SMALL -0x2980 /**< Destination buffer is too small. */
++#define MBEDTLS_ERR_X509_FATAL_ERROR -0x3000 /**< A fatal error occured, eg the chain is too long or the vrfy callback failed. */
+ /* \} name */
+
+ /**
+diff --git a/include/mbedtls/x509_crt.h b/include/mbedtls/x509_crt.h
+index 383e484..fd20336 100644
+--- a/include/mbedtls/x509_crt.h
++++ b/include/mbedtls/x509_crt.h
+@@ -267,7 +267,13 @@ int mbedtls_x509_crt_verify_info( char *buf, size_t size, const char *prefix,
+ *
+ * All flags left after returning from the callback
+ * are also returned to the application. The function should
+- * return 0 for anything but a fatal error.
++ * return 0 for anything (including invalid certificates)
++ * other than fatal error, as a non-zero return code
++ * immediately aborts the verification process. For fatal
++ * errors, a specific error code should be used (different
++ * from MBEDTLS_ERR_X509_CERT_VERIFY_FAILED which should not
++ * be returned at this point), or MBEDTLS_ERR_X509_FATAL_ERROR
++ * can be used if no better code is available.
+ *
+ * \note In case verification failed, the results can be displayed
+ * using \c mbedtls_x509_crt_verify_info()
+diff --git a/library/error.c b/library/error.c
+index dd2db0c..db42381 100644
+--- a/library/error.c
++++ b/library/error.c
+@@ -480,6 +480,8 @@ void mbedtls_strerror( int ret, char *buf, size_t buflen )
+ mbedtls_snprintf( buf, buflen, "X509 - Read/write of file failed" );
+ if( use_ret == -(MBEDTLS_ERR_X509_BUFFER_TOO_SMALL) )
+ mbedtls_snprintf( buf, buflen, "X509 - Destination buffer is too small" );
++ if( use_ret == -(MBEDTLS_ERR_X509_FATAL_ERROR) )
++ mbedtls_snprintf( buf, buflen, "X509 - A fatal error occured, eg the chain is too long or the vrfy callback failed" );
+ #endif /* MBEDTLS_X509_USE_C || MBEDTLS_X509_CREATE_C */
+ // END generated code
+
+diff --git a/library/x509_crt.c b/library/x509_crt.c
+index 234f145..1f31a6b 100644
+--- a/library/x509_crt.c
++++ b/library/x509_crt.c
+@@ -2055,8 +2055,8 @@ static int x509_crt_verify_child(
+ /* path_cnt is 0 for the first intermediate CA */
+ if( 1 + path_cnt > MBEDTLS_X509_MAX_INTERMEDIATE_CA )
+ {
+- *flags |= MBEDTLS_X509_BADCERT_NOT_TRUSTED;
+- return( MBEDTLS_ERR_X509_CERT_VERIFY_FAILED );
++ /* return immediately as the goal is to avoid unbounded recursion */
++ return( MBEDTLS_ERR_X509_FATAL_ERROR );
+ }
+
+ if( mbedtls_x509_time_is_past( &child->valid_to ) )
+@@ -2200,11 +2200,14 @@ int mbedtls_x509_crt_verify_with_profile( mbedtls_x509_crt *crt,
+ mbedtls_x509_sequence *cur = NULL;
+ mbedtls_pk_type_t pk_type;
+
+- if( profile == NULL )
+- return( MBEDTLS_ERR_X509_BAD_INPUT_DATA );
+-
+ *flags = 0;
+
++ if( profile == NULL )
++ {
++ ret = MBEDTLS_ERR_X509_BAD_INPUT_DATA;
++ goto exit;
++ }
++
+ if( cn != NULL )
+ {
+ name = &crt->subject;
+@@ -2278,7 +2281,7 @@ int mbedtls_x509_crt_verify_with_profile( mbedtls_x509_crt *crt,
+ ret = x509_crt_verify_top( crt, parent, ca_crl, profile,
+ pathlen, selfsigned, flags, f_vrfy, p_vrfy );
+ if( ret != 0 )
+- return( ret );
++ goto exit;
+ }
+ else
+ {
+@@ -2293,17 +2296,28 @@ int mbedtls_x509_crt_verify_with_profile( mbedtls_x509_crt *crt,
+ ret = x509_crt_verify_child( crt, parent, trust_ca, ca_crl, profile,
+ pathlen, selfsigned, flags, f_vrfy, p_vrfy );
+ if( ret != 0 )
+- return( ret );
++ goto exit;
+ }
+ else
+ {
+ ret = x509_crt_verify_top( crt, trust_ca, ca_crl, profile,
+ pathlen, selfsigned, flags, f_vrfy, p_vrfy );
+ if( ret != 0 )
+- return( ret );
++ goto exit;
+ }
+ }
+
++exit:
++ /* prevent misuse of the vrfy callback */
++ if( ret == MBEDTLS_ERR_X509_CERT_VERIFY_FAILED )
++ ret = MBEDTLS_ERR_X509_FATAL_ERROR;
++
++ if( ret != 0 )
++ {
++ *flags = (uint32_t) -1;
++ return( ret );
++ }
++
+ if( *flags != 0 )
+ return( MBEDTLS_ERR_X509_CERT_VERIFY_FAILED );
+
+--
+1.9.1
+
# Apply ocf patch on git revision
if os.path.exists('.git/HEAD'):
- cmd = 'git checkout development && git reset --hard ' + mbedtls_revision + ' && git apply --whitespace=fix ../ocf.patch'
+ cmd = 'git checkout development && git reset --hard ' + mbedtls_revision + ' && git apply --whitespace=fix ../ocf.patch' + ' && git apply --whitespace=fix ../CVE-2017-14032.patch'
os.system(cmd)
else:
print 'mbedtls: Assume ocf.patch (TLS_ECDH_ANON_WITH_AES_128_CBC_SHA256) was applied in %s' % mbedtls_dir
cp ./resource/csdk/security/provisioning/include/oxm/*.h %{buildroot}%{_includedir}
cp ./resource/csdk/security/provisioning/include/internal/*.h %{buildroot}%{_includedir}
cp ./resource/csdk/security/provisioning/include/*.h %{buildroot}%{_includedir}
-cp ./resource/csdk/security/provisioning/sample/oic_svr_db_server_justworks.dat %{buildroot}%{_libdir}/oic_svr_db_server.dat
cp out/%{TARGET_OS}/%{TARGET_ARCH}/%{build_mode}/resource/csdk/security/provisioning/sample/sampleserver_justworks %{ex_install_dir}/provision-sample/
cp ./resource/csdk/security/provisioning/sample/oic_svr_db_server_justworks.dat %{ex_install_dir}/provision-sample/
cp out/%{TARGET_OS}/%{TARGET_ARCH}/%{build_mode}/resource/csdk/security/provisioning/sample/sampleserver_randompin %{ex_install_dir}/provision-sample/
%{_libdir}/libmbedtls.so
%{_libdir}/libocpmapi.so
%{_libdir}/libocprovision.so
-%{_libdir}/oic_svr_db_server.dat
%endif
%files service
+http://suprem.sec.samsung.net/jira/browse/CONPRO-1180
+
+commit_info_2018-01-04.txt
+
+commit_id: a0593f6d08f74d736d39523f93b16077a5f6e659
+----------------------------------------------------------------------------------------------------------------------------------
http://suprem.sec.samsung.net/jira/browse/CONPRO-1176
[CONPRO-1176] iotivity crash during CAReceiveMessage
sizeof(sep->endpoint.addr));
ret = mbedtls_ssl_handshake_step(&peer->ssl);
}
- if (MBEDTLS_SSL_IS_CLIENT == peer->ssl.conf->endpoint)
+ uint32_t flags = mbedtls_ssl_get_verify_result(&peer->ssl);
+ if (0 != flags &&
+ ((MBEDTLS_SSL_IS_CLIENT == peer->ssl.conf->endpoint) ||
+ (MBEDTLS_SSL_IS_SERVER == peer->ssl.conf->endpoint && MBEDTLS_X509_BADCERT_MISSING != flags)))
{
- uint32_t flags = mbedtls_ssl_get_verify_result(&peer->ssl);
- if (0 != flags)
- {
- OIC_LOG_BUFFER(ERROR, NET_SSL_TAG, (const uint8_t *) &flags, sizeof(flags));
- SSL_CHECK_FAIL(peer, flags, "Cert verification failed", 1,
- CA_STATUS_FAILED, GetAlertCode(flags));
- }
+ OIC_LOG_BUFFER(ERROR, NET_SSL_TAG, (const uint8_t *) &flags, sizeof(flags));
+ SSL_CHECK_FAIL(peer, flags, "Cert verification failed", 1,
+ CA_STATUS_FAILED, GetAlertCode(flags));
}
SSL_CHECK_FAIL(peer, ret, "Handshake error", 1, CA_STATUS_FAILED, MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE);
if (MBEDTLS_SSL_CLIENT_CHANGE_CIPHER_SPEC == peer->ssl.state)
CAResult_t CALEClientSendUnicastMessageImpl(const char* address, const uint8_t* data,
const uint32_t dataLen)
{
- OIC_LOG_V(INFO, TAG, "CALEClientSendUnicastMessageImpl, address: %s, data: %p", address,
+ OIC_LOG(INFO, TAG, "CALEClientSendUnicastMessageImpl in");
+ OIC_LOG_V(DEBUG, TAG, "CALEClientSendUnicastMessageImpl, address: %s, data: %p", address,
data);
VERIFY_NON_NULL(address, TAG, "address is null");
CACheckJNIException(env);
goto error_exit;
}
- OIC_LOG_V(INFO, TAG, "CALeGattConnectionStateChangeCallback - address [%s]", address);
+ OIC_LOG_V(DEBUG, TAG, "CALeGattConnectionStateChangeCallback - address [%s]", address);
if (state_connected == newstate)
{
default:
break;
}
- OIC_LOG_V(INFO, TAG, "update state - addr: %s, conn: %d, send: %d, ACFlag: %d, mtu: %d",
+ OIC_LOG_V(DEBUG, TAG, "update state - addr: %s, conn: %d, send: %d, ACFlag: %d, mtu: %d",
curState->address, curState->connectedState, curState->sendState,
curState->autoConnectFlag, curState->mtuSize);
}
default:
break;
}
- OIC_LOG_V(INFO, TAG, "add a new state to List - addr : %s, "
+ OIC_LOG_V(DEBUG, TAG, "add a new state to List - addr : %s, "
"conn : %d, send : %d, ACFlag : %d",
newstate->address, newstate->connectedState, newstate->sendState,
newstate->autoConnectFlag);
}
curState->mtuSize = mtuSize;
- OIC_LOG_V(INFO, TAG, "update state - addr: %s, mtu: %d",
+ OIC_LOG_V(DEBUG, TAG, "update state - addr: %s, mtu: %d",
curState->address, curState->mtuSize);
}
else
return CA_DEFAULT_BLE_MTU_SIZE;
}
- OIC_LOG_V(INFO, TAG, "state - addr: %s, mtu: %d",
+ OIC_LOG_V(DEBUG, TAG, "state - addr: %s, mtu: %d",
curState->address, curState->mtuSize);
oc_mutex_unlock(deviceListMutex);
return curState->mtuSize;
if ((transportType & CA_ADAPTER_IP) || (CA_DEFAULT_ADAPTER == transportType)
|| (transportType == CA_ALL_ADAPTERS))
{
- CAInitializeIP(CARegisterCallback, CAReceivedPacketCallback, CAAdapterChangedCallback,
- CAAdapterErrorHandleCallback, handle);
+ CAInitializeIP(CARegisterCallback, (CANetworkPacketReceivedCallback)CAReceivedPacketCallback, CAAdapterChangedCallback,
+ (CAErrorHandleCallback)CAAdapterErrorHandleCallback, handle);
}
#endif /* IP_ADAPTER */
if ((transportType & CA_ADAPTER_GATT_BTLE) || (CA_DEFAULT_ADAPTER == transportType)
|| (transportType == CA_ALL_ADAPTERS))
{
- CAInitializeLE(CARegisterCallback, CAReceivedPacketCallback, CAAdapterChangedCallback,
- CAConnectionChangedCallback, CAAdapterErrorHandleCallback, handle);
+ CAInitializeLE(CARegisterCallback, (CANetworkPacketReceivedCallback)CAReceivedPacketCallback, CAAdapterChangedCallback,
+ CAConnectionChangedCallback, (CAErrorHandleCallback)CAAdapterErrorHandleCallback, handle);
}
#endif /* LE_ADAPTER */
#define SINGLE_HANDLE
#define MAX_THREAD_POOL_SIZE 20
+#define UNUSED(x) (void)(x)
+
// thread pool handle
static ca_thread_pool_t g_threadPoolHandle = NULL;
static bool CAClearQueueEndpointDataContext(void *data, uint32_t size, void *ctx)
{
- (void)size;
-
+ UNUSED(size);
if (NULL == data || NULL == ctx)
{
return false;
CAResult_t CAInitializeMessageHandler(CATransportAdapter_t transportType)
{
- CASetPacketReceivedCallback(CAReceivedPacketCallback);
- CASetErrorHandleCallback(CAErrorHandler);
+ CASetPacketReceivedCallback((CANetworkPacketReceivedCallback)CAReceivedPacketCallback);
+ CASetErrorHandleCallback((CAErrorHandleCallback)CAErrorHandler);
#ifndef SINGLE_THREAD
// create thread pool
if (NULL != data->remoteEndpoint)
{
CALogAdapterTypeInfo(data->remoteEndpoint->adapter);
- OIC_LOG_V(INFO, ANALYZER_TAG, "Address = [%s]:[%d]", data->remoteEndpoint->addr,
+ OIC_LOG_V(DEBUG, ANALYZER_TAG, "Address = [%s]:[%d]", data->remoteEndpoint->addr,
data->remoteEndpoint->port);
}
caglobals.ip.threadpool = handle;
CAIPSetErrorHandler(CAIPErrorHandler);
- CAIPSetPacketReceiveCallback(CAIPPacketReceivedCB);
+ CAIPSetPacketReceiveCallback((CAIPPacketReceivedCallback)CAIPPacketReceivedCB);
#ifdef __WITH_DTLS__
CAsetSslAdapterCallbacks(CAIPPacketReceivedCB, CAIPPacketSendCB, CA_ADAPTER_IP);
static ca_thread_pool_t g_threadPool = NULL;
/**
- * An unique identifier of receive thread.
- */
-static uint32_t g_recvThreadId = 0;
-
-/**
* Mutex to synchronize device object list.
*/
static oc_mutex g_mutexObjectList = NULL;
CAResult_t res = CA_STATUS_OK;
#ifndef __TIZENRT__
- res = ca_thread_pool_add_task(g_threadPool, CAReceiveHandler, NULL, &g_recvThreadId);
+ res = ca_thread_pool_add_task(g_threadPool, CAReceiveHandler, NULL, NULL);
#else
- res = ca_thread_pool_add_task(g_threadPool, CAReceiveHandler, NULL, &g_recvThreadId,
+ res = ca_thread_pool_add_task(g_threadPool, CAReceiveHandler, NULL, NULL,
"IoT_TCPReceive", CONFIG_IOTIVITY_TCPRECEIVE_PTHREAD_STACKSIZE);
#endif
if (CA_STATUS_OK != res)
{
- g_recvThreadId = 0;
oc_mutex_unlock(g_mutexObjectList);
OIC_LOG(ERROR, TAG, "thread_pool_add_task failed");
CATCPStopServer();
// set terminate flag.
caglobals.tcp.terminate = true;
+#ifdef __TIZENRT__
+ if (caglobals.tcp.started)
+ {
+ oc_cond_wait(g_condObjectList, g_mutexObjectList);
+ caglobals.tcp.started = false;
+ }
+#endif
+
// close accept socket.
#ifndef __WITH_TLS__
CLOSE_SOCKET(ipv4);
caglobals.tcp.shutdownFds[1] = OC_INVALID_SOCKET;
// receive thread will stop immediately
}
-#endif
if (caglobals.tcp.started)
{
oc_cond_wait(g_condObjectList, g_mutexObjectList);
caglobals.tcp.started = false;
}
-#ifndef __TIZENRT__
if (caglobals.tcp.shutdownFds[0] != OC_INVALID_SOCKET)
{
close(caglobals.tcp.shutdownFds[0]);
caglobals.tcp.shutdownFds[0] = OC_INVALID_SOCKET;
}
#endif
- CAResult_t res = ca_thread_pool_remove_task(g_threadPool, g_recvThreadId);
- if (CA_STATUS_OK != res)
- {
- OIC_LOG(ERROR, TAG, "ca_thread_pool_remove_task failed");
- }
- g_recvThreadId = 0;
oc_mutex_unlock(g_mutexObjectList);
CATCPDisconnectAll();
#include <fcntl.h>
#include <unistd.h>
#endif
+#define UNUSED(x) (void)(x)
#define TAG "OIC_SRM_CREDL"
*/
static bool CheckSubjectOfCertificate(OicSecCred_t* cred, OicUuid_t deviceID)
{
+ UNUSED(deviceID);
OicUuid_t emptyUuid = {.id={0}};
+ UNUSED(emptyUuid);
OIC_LOG(DEBUG, TAG, "IN CheckSubjectOfCertificate");
VERIFY_NON_NULL(TAG, cred, ERROR);
uint8_t numRcvdVendorSpecificHeaderOptions;
/** An Array of received vendor specific header options.*/
- OCHeaderOption rcvdVendorSpecificHeaderOptions[MAX_HEADER_OPTIONS];
+ OCHeaderOption *rcvdVendorSpecificHeaderOptions;
/** Request to complete.*/
uint8_t requestComplete;
uint8_t numRcvdVendorSpecificHeaderOptions;
/** Array of received vendor specific header option .*/
- OCHeaderOption rcvdVendorSpecificHeaderOptions[MAX_HEADER_OPTIONS];
+ OCHeaderOption *rcvdVendorSpecificHeaderOptions;
/** Remote end-point address **/
OCDevAddr devAddr;
#if defined(ARDUINO) || defined(__TIZENRT__)
#define MAX_HEADER_OPTIONS (2)
#else
-//#define MAX_HEADER_OPTIONS (50)
-// For CONPRO-1172
-#define MAX_HEADER_OPTIONS (5)
+#define MAX_HEADER_OPTIONS (50)
#endif
/**
uint8_t numRcvdVendorSpecificHeaderOptions;
/** An array of the received vendor specific header options.*/
- OCHeaderOption rcvdVendorSpecificHeaderOptions[MAX_HEADER_OPTIONS];
+ OCHeaderOption *rcvdVendorSpecificHeaderOptions;
} OCClientResponse;
/**
{"?if=oic.if.b", TEST_PUT_BATCH},
{"?if=oic.if.ll", TEST_PUT_LINK_LIST},
{"", TEST_GET_EMPTY},
- {NULL, TEST_GET_NULL},
+ {NULL, TEST_GET_NULL}
};
{
ehResult = observer->resource->entityHandler(OC_REQUEST_FLAG, &ehRequest,
observer->resource->entityHandlerCallbackParam);
- if (ehResult == OC_EH_ERROR)
+
+ // Clear server request on error case
+ if (!OCResultToSuccess(EntityHandlerCodeToOCStackCode(ehResult)))
{
FindAndDeleteServerRequest(request);
}
OICStrcpy(ehResponse.resourceUri, sizeof(ehResponse.resourceUri),
resourceObserver->resUri);
result = OCDoResponse(&ehResponse);
+ if (result != OC_STACK_OK)
+ {
+ OIC_LOG(ERROR, TAG, "Failed to send presence notification!");
+ FindAndDeleteServerRequest(request);
+ }
}
OCPresencePayloadDestroy(presenceResBuf);
// Increment only if OCDoResponse is successful
numSentNotification++;
-
- OICFree(ehResponse.payload);
- FindAndDeleteServerRequest(request);
}
else
{
OIC_LOG_V(INFO, TAG, "Error notifying observer id %d.", *obsIdList);
+ FindAndDeleteServerRequest(request);
}
+
// Reset Observer TTL.
observer->TTL =
GetTicks(MAX_OBSERVER_TTL_SECONDS * MILLISECONDS_PER_SECOND);
+
+ OICFree(ehResponse.payload);
}
else
{
OIC_LOG(INFO, TAG, "This is a slow resource");
request->slowFlag = 1;
}
- else if(ehResult == OC_EH_ERROR)
+
+ result = EntityHandlerCodeToOCStackCode(ehResult);
+
+ // Clear server request on error case
+ if (!OCResultToSuccess(result))
{
FindAndDeleteServerRequest(request);
}
- result = EntityHandlerCodeToOCStackCode(ehResult);
+
exit:
OCPayloadDestroy(ehRequest.payload);
return result;
OIC_LOG(INFO, TAG, "This is a slow resource");
request->slowFlag = 1;
}
- else if(ehResult == OC_EH_ERROR)
+
+ result = EntityHandlerCodeToOCStackCode(ehResult);
+
+ // Clear server request on error case
+ if (!OCResultToSuccess(result))
{
FindAndDeleteServerRequest(request);
}
- result = EntityHandlerCodeToOCStackCode(ehResult);
+
exit:
OCPayloadDestroy(ehRequest.payload);
FreeObserver(resObs);
{
LL_DELETE(serverRequestList, serverRequest);
OICFree(serverRequest->requestToken);
+ OICFree(serverRequest->rcvdVendorSpecificHeaderOptions);
OICFree(serverRequest);
serverRequest = NULL;
OIC_LOG(INFO, TAG, "Server Request Removed!!");
if(rcvdVendorSpecificHeaderOptions)
{
+ serverRequest->rcvdVendorSpecificHeaderOptions =
+ (OCHeaderOption *) OICCalloc(numRcvdVendorSpecificHeaderOptions, sizeof(OCHeaderOption));
+ VERIFY_NON_NULL(serverRequest->rcvdVendorSpecificHeaderOptions);
+
memcpy(serverRequest->rcvdVendorSpecificHeaderOptions, rcvdVendorSpecificHeaderOptions,
- MAX_HEADER_OPTIONS * sizeof(OCHeaderOption));
+ numRcvdVendorSpecificHeaderOptions * sizeof(OCHeaderOption));
}
if(payload && reqTotalSize)
{
if (serverRequest)
{
OICFree(serverRequest->requestToken);
+ OICFree(serverRequest->rcvdVendorSpecificHeaderOptions);
OICFree(serverRequest);
serverRequest = NULL;
}
static void deleteResourceInterface(OCResourceInterface *resourceInterface);
/**
- * Delete all child resources.
+ * Unbind all child resources.
*
- * @param resourceChild Specified binded resource is deleted from parent.
+ * @param resourceChild Specified binded resource head is deleted from parent.
*/
-static void deleteResourceChild(OCChildResource *resourceChild);
+static void unbindChildResources(OCChildResource *resourceChild);
/**
* Delete all of the dynamically allocated elements that were created for the resource.
return;
}
- for (uint8_t i = start; i < responseInfo->info.numOptions; i++)
+ if (response.numRcvdVendorSpecificHeaderOptions > 0)
{
- if(&(responseInfo->info.options[i]))
+ response.rcvdVendorSpecificHeaderOptions =
+ (OCHeaderOption *) OICCalloc(response.numRcvdVendorSpecificHeaderOptions, sizeof(OCHeaderOption));
+ if (NULL == response.rcvdVendorSpecificHeaderOptions)
{
- memcpy (&(response.rcvdVendorSpecificHeaderOptions[i-start]),
- &(responseInfo->info.options[i]), sizeof(OCHeaderOption));
+ OIC_LOG(ERROR, TAG, "Failed to allocate memory for vendor header options");
+ OCPayloadDestroy(response.payload);
+ OICFree((void *)response.resourceUri);
+ return;
}
+
+ memcpy(response.rcvdVendorSpecificHeaderOptions, responseInfo->info.options + start,
+ response.numRcvdVendorSpecificHeaderOptions*sizeof(OCHeaderOption));
}
}
OICFree((void *)response.resourceUri);
OCPayloadDestroy(response.payload);
+ OICFree(response.rcvdVendorSpecificHeaderOptions);
}
return;
}
OICFree(serverRequest.requestToken);
return;
}
+
serverRequest.numRcvdVendorSpecificHeaderOptions = tempNum;
if (serverRequest.numRcvdVendorSpecificHeaderOptions && requestInfo->info.options)
{
- memcpy (&(serverRequest.rcvdVendorSpecificHeaderOptions), requestInfo->info.options,
+ serverRequest.rcvdVendorSpecificHeaderOptions = (OCHeaderOption*) OICCalloc(tempNum, sizeof(OCHeaderOption));
+ if (NULL == serverRequest.rcvdVendorSpecificHeaderOptions)
+ {
+ OIC_LOG(ERROR, TAG, "Failed to allocated memory to vnd header options!");
+ OICFree(serverRequest.payload);
+ OICFree(serverRequest.requestToken);
+ return;
+ }
+
+ memcpy (serverRequest.rcvdVendorSpecificHeaderOptions, requestInfo->info.options,
sizeof(CAHeaderOption_t)*tempNum);
}
{
OIC_LOG_V(ERROR, TAG, "HandleStackRequests failed. error: %d", requestResult);
+ // Delete observer node if it is OBSERVE failure from app
+ if (serverRequest.observationOption == OC_OBSERVE_REGISTER)
+ {
+ DeleteObserverUsingToken(requestInfo->info.token, requestInfo->info.tokenLength);
+ }
+
CAResponseResult_t stackResponse =
OCToCAStackResult(requestResult, serverRequest.method);
// The token is copied in there, and is thus still owned by this function.
OICFree(serverRequest.payload);
OICFree(serverRequest.requestToken);
+ OICFree(serverRequest.rcvdVendorSpecificHeaderOptions);
OIC_LOG(INFO, TAG, "Exit OCHandleRequests");
}
}
if (resource->rsrcChildResourcesHead)
{
- deleteResourceChild(resource->rsrcChildResourcesHead);
+ unbindChildResources(resource->rsrcChildResourcesHead);
resource->rsrcChildResourcesHead = NULL;
}
if (resource->rsrcAttributes)
}
}
-void deleteResourceChild(OCChildResource *resourceChild)
+void unbindChildResources(OCChildResource *head)
{
OCChildResource *next = NULL;
- for (OCChildResource *pointer = resourceChild; pointer; pointer = next)
+ for (OCChildResource *current = head; current; current = next)
{
- next = pointer->next ? pointer->next : NULL;
- if (pointer->rsrcResource)
- {
- deleteResourceElements(pointer->rsrcResource);
- pointer->rsrcResource = NULL;
- }
- OICFree(pointer);
+ next = current->next;
+ OICFree(current);
}
}
std::string assembleSetResourceUri(std::string uri, const QueryParamsMap& queryParams);
std::string assembleSetResourceUri(std::string uri, const QueryParamsList& queryParams);
OCPayload* assembleSetResourcePayload(const OCRepresentation& attributes);
- OCHeaderOption* assembleHeaderOptions(OCHeaderOption options[],
- const HeaderOptions& headerOptions);
+ OCHeaderOption* assembleHeaderOptions(const HeaderOptions& headerOptions);
void convert(const OCDPDev_t *list, PairedDevices& dpList);
std::thread m_listeningThread;
bool m_threadRun;
ret = context->callback(cert, depth);
}
- if (0 == depth)
- {
- delete context;
- }
-
return (OC_STACK_OK == ret)? 0 : 1;
}
if (OC_STACK_OK != result)
{
oclog() << "OCSetPeerCertCallback() Failed";
- return result;
}
+ return result;
}
auto cLock = OCPlatform_impl::Instance().csdkLock().lock();
return OC_STACK_INVALID_PARAM;
}
+ if (headerOptions.size() > MAX_HEADER_OPTIONS)
+ {
+ oclog() << "ListenForMQTopic: Header options are more than MAX_HEADER_OPTIONS" << std::flush;
+ return OC_STACK_INVALID_PARAM;
+ }
+
ClientCallbackContext::MQTopicContext* context =
new ClientCallbackContext::MQTopicContext(callback, shared_from_this());
OCCallbackData cbdata;
if (cLock)
{
std::lock_guard<std::recursive_mutex> lock(*cLock);
- OCHeaderOption options[MAX_HEADER_OPTIONS];
+ OCHeaderOption *options = assembleHeaderOptions(headerOptions);
result = OCDoResource(
nullptr, OC_REST_GET,
uri.c_str(),
CT_DEFAULT,
static_cast<OCQualityOfService>(QoS),
&cbdata,
- assembleHeaderOptions(options, headerOptions),
+ options,
headerOptions.size());
+ delete[] options;
}
else
{
{
return OC_STACK_INVALID_PARAM;
}
+
+ if (headerOptions.size() > MAX_HEADER_OPTIONS)
+ {
+ oclog() << "PutMQTopicRepresentation: Header options are more than MAX_HEADER_OPTIONS" << std::flush;
+ return OC_STACK_INVALID_PARAM;
+ }
+
OCStackResult result;
ClientCallbackContext::MQTopicContext* ctx =
new ClientCallbackContext::MQTopicContext(callback, shared_from_this());
if (cLock)
{
std::lock_guard<std::recursive_mutex> lock(*cLock);
- OCHeaderOption options[MAX_HEADER_OPTIONS];
+ OCHeaderOption *options = assembleHeaderOptions(headerOptions);
result = OCDoResource(nullptr, OC_REST_PUT,
url.c_str(), &devAddr,
CT_DEFAULT,
static_cast<OCQualityOfService>(QoS),
&cbdata,
- assembleHeaderOptions(options, headerOptions),
+ options,
headerOptions.size());
+ delete[] options;
}
else
{
{
return OC_STACK_INVALID_PARAM;
}
+
+ if (headerOptions.size() > MAX_HEADER_OPTIONS)
+ {
+ oclog() << "GetResourceRepresentation: Header options are more than MAX_HEADER_OPTIONS" << std::flush;
+ return OC_STACK_INVALID_PARAM;
+ }
+
OCStackResult result;
ClientCallbackContext::GetContext* ctx =
new ClientCallbackContext::GetContext(callback);
if (cLock)
{
std::lock_guard<std::recursive_mutex> lock(*cLock);
- OCHeaderOption options[MAX_HEADER_OPTIONS];
+ OCHeaderOption *options = assembleHeaderOptions(headerOptions);
result = OCDoResource(
nullptr, OC_REST_GET,
connectivityType,
static_cast<OCQualityOfService>(QoS),
&cbdata,
- assembleHeaderOptions(options, headerOptions),
+ options,
headerOptions.size());
+ delete[] options;
}
else
{
{
return OC_STACK_INVALID_PARAM;
}
+
+ if (headerOptions.size() > MAX_HEADER_OPTIONS)
+ {
+ oclog() << "PostResourceRepresentation: Header options are more than MAX_HEADER_OPTIONS" << std::flush;
+ return OC_STACK_INVALID_PARAM;
+ }
+
OCStackResult result;
ClientCallbackContext::SetContext* ctx = new ClientCallbackContext::SetContext(callback);
OCCallbackData cbdata;
if (cLock)
{
std::lock_guard<std::recursive_mutex> lock(*cLock);
- OCHeaderOption options[MAX_HEADER_OPTIONS];
+ OCHeaderOption *options = assembleHeaderOptions(headerOptions);
result = OCDoResource(nullptr, OC_REST_POST,
url.c_str(), &devAddr,
connectivityType,
static_cast<OCQualityOfService>(QoS),
&cbdata,
- assembleHeaderOptions(options, headerOptions),
+ options,
headerOptions.size());
+ delete[] options;
}
else
{
{
return OC_STACK_INVALID_PARAM;
}
+
+ if (headerOptions.size() > MAX_HEADER_OPTIONS)
+ {
+ oclog() << "PutResourceRepresentation: Header options are more than MAX_HEADER_OPTIONS" << std::flush;
+ return OC_STACK_INVALID_PARAM;
+ }
+
OCStackResult result;
ClientCallbackContext::SetContext* ctx = new ClientCallbackContext::SetContext(callback);
OCCallbackData cbdata;
{
std::lock_guard<std::recursive_mutex> lock(*cLock);
OCDoHandle handle;
- OCHeaderOption options[MAX_HEADER_OPTIONS];
+ OCHeaderOption *options = assembleHeaderOptions(headerOptions);
result = OCDoResource(&handle, OC_REST_PUT,
url.c_str(), &devAddr,
CT_DEFAULT,
static_cast<OCQualityOfService>(QoS),
&cbdata,
- assembleHeaderOptions(options, headerOptions),
+ options,
headerOptions.size());
+ delete[] options;
}
else
{
{
return OC_STACK_INVALID_PARAM;
}
+
+ if (headerOptions.size() > MAX_HEADER_OPTIONS)
+ {
+ oclog() << "DeleteResource: Header options are more than MAX_HEADER_OPTIONS" << std::flush;
+ return OC_STACK_INVALID_PARAM;
+ }
+
OCStackResult result;
ClientCallbackContext::DeleteContext* ctx =
new ClientCallbackContext::DeleteContext(callback);
if (cLock)
{
- OCHeaderOption options[MAX_HEADER_OPTIONS];
+ OCHeaderOption *options = assembleHeaderOptions(headerOptions);
std::lock_guard<std::recursive_mutex> lock(*cLock);
connectivityType,
static_cast<OCQualityOfService>(m_cfg.QoS),
&cbdata,
- assembleHeaderOptions(options, headerOptions),
+ options,
headerOptions.size());
+ delete[] options;
}
else
{
{
return OC_STACK_INVALID_PARAM;
}
+
+ if (headerOptions.size() > MAX_HEADER_OPTIONS)
+ {
+ oclog() << "ObserveResource: Header options are more than MAX_HEADER_OPTIONS" << std::flush;
+ return OC_STACK_INVALID_PARAM;
+ }
+
OCStackResult result;
ClientCallbackContext::ObserveContext* ctx =
if (cLock)
{
std::lock_guard<std::recursive_mutex> lock(*cLock);
- OCHeaderOption options[MAX_HEADER_OPTIONS];
+ OCHeaderOption *options = assembleHeaderOptions(headerOptions);
result = OCDoResource(handle, method,
url.c_str(), &devAddr,
CT_DEFAULT,
static_cast<OCQualityOfService>(QoS),
&cbdata,
- assembleHeaderOptions(options, headerOptions),
+ options,
headerOptions.size());
+ delete[] options;
}
else
{
const HeaderOptions& headerOptions,
QualityOfService QoS)
{
+ if (headerOptions.size() > MAX_HEADER_OPTIONS)
+ {
+ oclog() << "CancelObserveResource: Header options are more than MAX_HEADER_OPTIONS" << std::flush;
+ return OC_STACK_INVALID_PARAM;
+ }
+
OCStackResult result;
auto cLock = m_csdkLock.lock();
if (cLock)
{
std::lock_guard<std::recursive_mutex> lock(*cLock);
- OCHeaderOption options[MAX_HEADER_OPTIONS];
+ OCHeaderOption *options = assembleHeaderOptions(headerOptions);
result = OCCancel(handle,
static_cast<OCQualityOfService>(QoS),
- assembleHeaderOptions(options, headerOptions),
+ options,
headerOptions.size());
+ delete[] options;
}
else
{
return OC_STACK_OK;
}
- OCHeaderOption* InProcClientWrapper::assembleHeaderOptions(OCHeaderOption options[],
- const HeaderOptions& headerOptions)
+ OCHeaderOption* InProcClientWrapper::assembleHeaderOptions(const HeaderOptions& headerOptions)
{
- int i = 0;
-
if ( headerOptions.size() == 0)
{
return nullptr;
}
+ OCHeaderOption* options = new OCHeaderOption[headerOptions.size()];
+ int i = 0;
for (auto it=headerOptions.begin(); it != headerOptions.end(); ++it)
{
options[i] = OCHeaderOption();
<< "' " << std::endl;
return fopen(SVR_DB_FILE_NAME, mode);
}
- OCPersistentStorage gps {client_open, fread, fwrite, fclose, unlink };
+ OCPersistentStorage gps {client_open, fread, fwrite, fclose, unlink, NULL, NULL };
// Callbacks
OCEntityHandlerResult entityHandler(std::shared_ptr<OCResourceRequest> /*request*/)
result = OCProcess();
if (result != OC_STACK_OK)
{
- printf("OCStack stop error");
+ printf("OCProcess error");
}
+
+ // Sleep for 100 ms to avoid high CPU Utilization.
+ usleep(100 * 1000); // 100 milli-seconds
}
return NULL;
}
cp ./resource/csdk/security/provisioning/include/oxm/*.h %{buildroot}%{_includedir}
cp ./resource/csdk/security/provisioning/include/internal/*.h %{buildroot}%{_includedir}
cp ./resource/csdk/security/provisioning/include/*.h %{buildroot}%{_includedir}
-cp ./resource/csdk/security/provisioning/sample/oic_svr_db_server_justworks.dat %{buildroot}%{_libdir}/oic_svr_db_server.dat
cp out/%{TARGET_OS}/%{TARGET_ARCH}/%{build_mode}/resource/csdk/security/provisioning/sample/sampleserver_justworks %{ex_install_dir}/provision-sample/
cp ./resource/csdk/security/provisioning/sample/oic_svr_db_server_justworks.dat %{ex_install_dir}/provision-sample/
cp out/%{TARGET_OS}/%{TARGET_ARCH}/%{build_mode}/resource/csdk/security/provisioning/sample/sampleserver_randompin %{ex_install_dir}/provision-sample/
%{_libdir}/libmbedtls.so
%{_libdir}/libocpmapi.so
%{_libdir}/libocprovision.so
-%{_libdir}/oic_svr_db_server.dat
%endif
%files service
cp ./resource/csdk/security/provisioning/include/oxm/*.h %{buildroot}%{_includedir}
cp ./resource/csdk/security/provisioning/include/internal/*.h %{buildroot}%{_includedir}
cp ./resource/csdk/security/provisioning/include/*.h %{buildroot}%{_includedir}
-cp ./resource/csdk/security/provisioning/sample/oic_svr_db_server_justworks.dat %{buildroot}%{_libdir}/oic_svr_db_server.dat
cp out/%{TARGET_OS}/%{TARGET_ARCH}/%{build_mode}/resource/csdk/security/provisioning/sample/sampleserver_justworks %{ex_install_dir}/provision-sample/
cp ./resource/csdk/security/provisioning/sample/oic_svr_db_server_justworks.dat %{ex_install_dir}/provision-sample/
cp out/%{TARGET_OS}/%{TARGET_ARCH}/%{build_mode}/resource/csdk/security/provisioning/sample/sampleserver_randompin %{ex_install_dir}/provision-sample/
%{_libdir}/libmbedtls.so
%{_libdir}/libocpmapi.so
%{_libdir}/libocprovision.so
-%{_libdir}/oic_svr_db_server.dat
%endif
%files service
cp ./resource/csdk/security/provisioning/include/oxm/*.h %{buildroot}%{_includedir}
cp ./resource/csdk/security/provisioning/include/internal/*.h %{buildroot}%{_includedir}
cp ./resource/csdk/security/provisioning/include/*.h %{buildroot}%{_includedir}
-cp ./resource/csdk/security/provisioning/sample/oic_svr_db_server_justworks.dat %{buildroot}%{_libdir}/oic_svr_db_server.dat
cp out/%{TARGET_OS}/%{TARGET_ARCH}/%{build_mode}/resource/csdk/security/provisioning/sample/sampleserver_justworks %{ex_install_dir}/provision-sample/
cp ./resource/csdk/security/provisioning/sample/oic_svr_db_server_justworks.dat %{ex_install_dir}/provision-sample/
cp out/%{TARGET_OS}/%{TARGET_ARCH}/%{build_mode}/resource/csdk/security/provisioning/sample/sampleserver_randompin %{ex_install_dir}/provision-sample/
%{_libdir}/libmbedtls.so
%{_libdir}/libocpmapi.so
%{_libdir}/libocprovision.so
-%{_libdir}/oic_svr_db_server.dat
%endif
%files service
projects / platform / upstream / iotivity.git / commitdiff