From: Vijay <vijay.s.kesavan@intel.com>
Date: Wed, 1 Oct 2014 07:49:17 +0000 (-0700)
Subject: 1 Bug fix to check for length of uri and query separately.
X-Git-Tag: 1.2.0+RC1~2200^2
X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=6f44ba164de06656f7465ab4faad4cd8d79411e0;p=platform%2Fupstream%2Fiotivity.git

1 Bug fix to check for length of uri and query separately.
2 Addressed the code review feedback. No longer using strtok,
moved check logic to separate function.
3 Optimized the code to use strlen only once.
4. Fixed Build failure

Change-Id: I1d1c8ad39716a93dc32196e110d5a8f1df2ee959
---

diff --git a/csdk/stack/src/ocstack.c b/csdk/stack/src/ocstack.c
index d847cf7..770af0a 100644
--- a/csdk/stack/src/ocstack.c
+++ b/csdk/stack/src/ocstack.c
@@ -202,6 +202,8 @@ static void deleteResourceElements(OCResource *resource);
 static int deleteResource(OCResource *resource);
 static void deleteAllResources();
 static void incrementSequenceNumber(OCResource * resPtr);
+static OCStackResult verifyUriQueryLength(const char * inputUri,
+        uint16_t uriLen);
 
 
 //-----------------------------------------------------------------------------
@@ -312,6 +314,38 @@ OCStackResult OCStop()
 }
 
 /**
+ * Verify the lengths of the URI and the query separately
+ *
+ * @param inputUri       - Input URI and query
+ *
+ * Note: The '?' that appears after the URI is considered as
+ * a part of the query.
+ */
+OCStackResult verifyUriQueryLength(const char *inputUri, uint16_t uriLen)
+{
+    char *query;
+    uint16_t queryLen = 0;
+
+    query = strchr (inputUri, '?');
+    if (query != NULL)
+    {
+        queryLen = strlen (query);
+    }
+
+    if (queryLen > MAX_QUERY_LENGTH)
+    {
+        return OC_STACK_INVALID_URI;
+    }
+
+    if ((uriLen - queryLen) > MAX_URI_LENGTH)
+    {
+        return OC_STACK_INVALID_QUERY;
+    }
+
+    return OC_STACK_OK;
+}
+
+/**
  * Discover or Perform requests on a specified resource (specified by that Resource's respective URI).
  *
  * @param handle             - @ref OCDoHandle to refer to the request sent out on behalf of calling this API.
@@ -367,16 +401,17 @@ OCStackResult OCDoResource(OCDoHandle *handle, OCMethod method, const char *requ
             goto exit;
     }
 
-    if(strlen(requiredUri) > MAX_URI_LENGTH + MAX_QUERY_LENGTH)
+    uint16_t uriLen = strlen(requiredUri);
+
+    if((result = verifyUriQueryLength(requiredUri, uriLen)) != OC_STACK_OK)
     {
-        result = OC_STACK_INVALID_PARAM;
         goto exit;
     }
 
-    requestUri = (unsigned char *) OCMalloc(strlen(requiredUri) + 1);
+    requestUri = (unsigned char *) OCMalloc(uriLen + 1);
     if(requestUri)
     {
-        memcpy(requestUri, requiredUri, strlen(requiredUri) + 1);
+        memcpy(requestUri, requiredUri, (uriLen + 1));
     }
     else
     {