From: Anupam Roy Date: Mon, 17 Aug 2020 18:29:21 +0000 (+0530) Subject: Mesh: Add sanity checks for handles X-Git-Tag: accepted/tizen/unified/20200819.035929~1 X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=845f4da37ea618b461f0853de3be9d5612774469;p=platform%2Fcore%2Fapi%2Fbluetooth.git Mesh: Add sanity checks for handles This patch adds handle validation checks at several places to prevent application crash in case of passing invalid handles from application. Change-Id: I1bf47bf631b2aa06c185da84d27e655d7b115adc Signed-off-by: Anupam Roy --- diff --git a/src/bluetooth-mesh.c b/src/bluetooth-mesh.c index 6ea3340..2f99232 100644 --- a/src/bluetooth-mesh.c +++ b/src/bluetooth-mesh.c @@ -779,7 +779,6 @@ int bt_mesh_node_destroy(bt_mesh_node_h node_handle) BT_CHECK_INPUT_PARAMETER(node_handle); bt_mesh_node_s *node = (bt_mesh_node_s*)node_handle; - BT_MESH_VALIDATE_HANDLE(node, node_list); /* It is NOT allowed to destroy attached node: Do Reset */ @@ -1005,13 +1004,17 @@ int bt_mesh_model_destroy(bt_mesh_model_h model_handle) BT_CHECK_MESH_INIT_STATUS(); BT_CHECK_INPUT_PARAMETER(model_handle); - bt_mesh_node_s *node = (bt_mesh_node_s*)((bt_mesh_element_s*)((bt_mesh_model_s*)model_handle)->parent)->parent; bt_mesh_model_s *model = (bt_mesh_model_s*)model_handle; - bt_mesh_element_s *element = model->parent; - BT_MESH_VALIDATE_HANDLE(model, model_list); + + bt_mesh_element_s *element = model->parent; + BT_CHECK_INPUT_PARAMETER(element); BT_MESH_VALIDATE_HANDLE(element, element_list); + bt_mesh_node_s *node = element->parent; + BT_CHECK_INPUT_PARAMETER(node); + BT_MESH_VALIDATE_HANDLE(node, node_list); + /* It is NOT allowed to destroy remote model */ BT_CHECK_MESH_LOCAL(node); @@ -1194,7 +1197,6 @@ int bt_mesh_network_create(bt_mesh_node_h config_client, BT_INFO("Mesh: Create Network: Name [%s]", network_name); bt_mesh_node_s *node = (bt_mesh_node_s*)config_client; - BT_MESH_VALIDATE_HANDLE(node, node_list); /* Error if remote node*/ @@ -1581,6 +1583,7 @@ int bt_mesh_netkey_update(bt_mesh_netkey_h netkey) netkey_s = (bt_mesh_netkey_s*)netkey; BT_MESH_VALIDATE_HANDLE(netkey_s, netkey_list); network_s = netkey_s->parent; + BT_CHECK_INPUT_PARAMETER(network_s); BT_MESH_VALIDATE_HANDLE(network_s, networks); memset(&net, 0x00, sizeof(bluetooth_mesh_network_t)); @@ -1615,7 +1618,9 @@ int bt_mesh_netkey_delete(bt_mesh_netkey_h netkey) netkey_s = (bt_mesh_netkey_s*)netkey; BT_MESH_VALIDATE_HANDLE(netkey_s, netkey_list); + network_s = netkey_s->parent; + BT_CHECK_INPUT_PARAMETER(network_s); BT_MESH_VALIDATE_HANDLE(network_s, networks); memset(&net, 0x00, sizeof(bluetooth_mesh_network_t)); @@ -1658,7 +1663,9 @@ int bt_mesh_netkey_add_appkey(bt_mesh_netkey_h netkey, netkey_s = (bt_mesh_netkey_s*)netkey; BT_MESH_VALIDATE_HANDLE(netkey_s, netkey_list); + network_s = netkey_s->parent; + BT_CHECK_INPUT_PARAMETER(network_s); BT_MESH_VALIDATE_HANDLE(network_s, networks); memset(&net, 0x00, sizeof(bluetooth_mesh_network_t)); @@ -1700,10 +1707,15 @@ int bt_mesh_appkey_update(bt_mesh_appkey_h appkey) BT_CHECK_INPUT_PARAMETER(appkey); appkey_s = (bt_mesh_appkey_s*)appkey; + BT_CHECK_INPUT_PARAMETER(appkey_s); BT_MESH_VALIDATE_HANDLE(appkey_s, appkey_list); + netkey_s = appkey_s->parent; + BT_CHECK_INPUT_PARAMETER(netkey_s); BT_MESH_VALIDATE_HANDLE(netkey_s, netkey_list); + network_s = netkey_s->parent; + BT_CHECK_INPUT_PARAMETER(network_s); BT_MESH_VALIDATE_HANDLE(network_s, networks); memset(&net, 0x00, sizeof(bluetooth_mesh_network_t)); @@ -1738,9 +1750,13 @@ int bt_mesh_appkey_delete(bt_mesh_appkey_h appkey) appkey_s = (bt_mesh_appkey_s*)appkey; BT_MESH_VALIDATE_HANDLE(appkey_s, appkey_list); + netkey_s = appkey_s->parent; + BT_CHECK_INPUT_PARAMETER(netkey_s); BT_MESH_VALIDATE_HANDLE(netkey_s, netkey_list); + network_s = netkey_s->parent; + BT_CHECK_INPUT_PARAMETER(network_s); BT_MESH_VALIDATE_HANDLE(network_s, networks); memset(&net, 0x00, sizeof(bluetooth_mesh_network_t)); @@ -1787,7 +1803,10 @@ int bt_mesh_netkey_foreach_appkeys(bt_mesh_netkey_h netkey, BT_MESH_VALIDATE_HANDLE(netkey, netkey_list); netkey_s = (bt_mesh_netkey_s*)netkey; + network_s = netkey_s->parent; + BT_CHECK_INPUT_PARAMETER(network_s); + BT_MESH_VALIDATE_HANDLE(network_s, networks); appkeys = g_ptr_array_new(); if (appkeys == NULL) { @@ -1975,11 +1994,6 @@ int bt_mesh_node_foreach_element(bt_mesh_node_h node, BT_MESH_VALIDATE_HANDLE(node, node_list); node_s = (bt_mesh_node_s*) node; - /* Only for Node which is attached to the Network */ -#if 0 - if (!node_s->is_attached) - return BT_ERROR_INVALID_PARAMETER; -#endif total = g_slist_length(node_s->elements); if (!total) { callback(BT_ERROR_NONE, (bt_mesh_node_h) node, total, @@ -2021,10 +2035,13 @@ int bt_mesh_element_foreach_models(bt_mesh_element_h element, BT_CHECK_INPUT_PARAMETER(element); BT_CHECK_INPUT_PARAMETER(callback); - BT_MESH_VALIDATE_HANDLE(element, element_list); - element_s = (bt_mesh_element_s*) element; + BT_MESH_VALIDATE_HANDLE(element_s, element_list); + node_s = (bt_mesh_node_s*) element_s->parent; + BT_CHECK_INPUT_PARAMETER(node_s); + BT_MESH_VALIDATE_HANDLE(node_s, node_list); + network_s = (bt_mesh_network_s*) node_s->parent; /* Only for local Node */ @@ -2365,8 +2382,11 @@ int bt_mesh_network_discover_node(bt_mesh_network_h network, return BT_ERROR_NONE; } -int bt_mesh_node_configure_netkey(bt_mesh_node_h node, bt_mesh_node_key_configuration_e netkey_op, - bt_mesh_netkey_h netkey, bt_mesh_netkey_status_cb callback, void *user_data) +int bt_mesh_node_configure_netkey(bt_mesh_node_h node, + bt_mesh_node_key_configuration_e netkey_op, + bt_mesh_netkey_h netkey, + bt_mesh_netkey_status_cb callback, + void *user_data) { int error_code = BT_ERROR_NONE; bt_mesh_network_s *network_s; @@ -2382,11 +2402,13 @@ int bt_mesh_node_configure_netkey(bt_mesh_node_h node, bt_mesh_node_key_configur BT_CHECK_INPUT_PARAMETER(callback); node_s = (bt_mesh_node_s*) node; - network_s = node_s->parent; - netkey_s = (bt_mesh_netkey_s*) netkey; + BT_MESH_VALIDATE_HANDLE(node_s, node_list); + network_s = node_s->parent; + BT_CHECK_INPUT_PARAMETER(network_s); BT_MESH_VALIDATE_HANDLE(network_s, networks); - BT_MESH_VALIDATE_HANDLE(node_s, node_list); + + netkey_s = (bt_mesh_netkey_s*) netkey; BT_MESH_VALIDATE_HANDLE(netkey_s, netkey_list); /* Return error, if node is not attached */ @@ -2423,8 +2445,11 @@ int bt_mesh_node_configure_netkey(bt_mesh_node_h node, bt_mesh_node_key_configur return BT_ERROR_NONE; } -int bt_mesh_node_configure_appkey(bt_mesh_node_h node, bt_mesh_node_key_configuration_e appkey_op, - bt_mesh_appkey_h appkey, bt_mesh_appkey_status_cb callback, void *user_data) +int bt_mesh_node_configure_appkey(bt_mesh_node_h node, + bt_mesh_node_key_configuration_e appkey_op, + bt_mesh_appkey_h appkey, + bt_mesh_appkey_status_cb callback, + void *user_data) { int error_code = BT_ERROR_NONE; bt_mesh_network_s *network_s; @@ -2441,13 +2466,17 @@ int bt_mesh_node_configure_appkey(bt_mesh_node_h node, bt_mesh_node_key_configur BT_CHECK_INPUT_PARAMETER(callback); node_s = (bt_mesh_node_s*) node; - network_s = node_s->parent; - appkey_s = (bt_mesh_appkey_s*) appkey; - netkey_s = (bt_mesh_netkey_s*) appkey_s->parent; + BT_MESH_VALIDATE_HANDLE(node_s, node_list); + network_s = node_s->parent; + BT_CHECK_INPUT_PARAMETER(network_s); BT_MESH_VALIDATE_HANDLE(network_s, networks); - BT_MESH_VALIDATE_HANDLE(node_s, node_list); + + appkey_s = (bt_mesh_appkey_s*) appkey; BT_MESH_VALIDATE_HANDLE(appkey_s, appkey_list); + + netkey_s = (bt_mesh_netkey_s*) appkey_s->parent; + BT_CHECK_INPUT_PARAMETER(netkey_s); BT_MESH_VALIDATE_HANDLE(netkey_s, netkey_list); /* Return error, if node is not attached */ @@ -2478,9 +2507,9 @@ int bt_mesh_node_configure_appkey(bt_mesh_node_h node, bt_mesh_node_key_configur return BT_ERROR_NONE; } - /* Remote Node Operations: CONFIG: Non Key */ -int bt_mesh_node_get_features(bt_mesh_node_h node, bt_mesh_node_features_cb callback, void *user_data) +int bt_mesh_node_get_features(bt_mesh_node_h node, + bt_mesh_node_features_cb callback, void *user_data) { int error_code = BT_ERROR_NONE; bt_mesh_network_s *network_s; @@ -2494,15 +2523,15 @@ int bt_mesh_node_get_features(bt_mesh_node_h node, bt_mesh_node_features_cb call BT_CHECK_INPUT_PARAMETER(callback); node_s = (bt_mesh_node_s*) node; + BT_MESH_VALIDATE_HANDLE(node_s, node_list); /* Return error, if node is not attached */ if (!node_s->is_attached) return BT_ERROR_INVALID_PARAMETER; network_s = (bt_mesh_network_s*) node_s->parent; - + BT_CHECK_INPUT_PARAMETER(network_s); BT_MESH_VALIDATE_HANDLE(network_s, networks); - BT_MESH_VALIDATE_HANDLE(node_s, node_list); memset(&req, 0x00, sizeof(bluetooth_mesh_node_features_t)); @@ -2535,10 +2564,11 @@ int bt_mesh_node_get_ttl(bt_mesh_node_h node, bt_mesh_node_ttl_cb callback, void BT_CHECK_INPUT_PARAMETER(callback); node_s = (bt_mesh_node_s*) node; - network_s = node_s->parent; + BT_MESH_VALIDATE_HANDLE(node_s, node_list); + network_s = node_s->parent; + BT_CHECK_INPUT_PARAMETER(network_s); BT_MESH_VALIDATE_HANDLE(network_s, networks); - BT_MESH_VALIDATE_HANDLE(node_s, node_list); /* Return error, if node is not attached */ if (!node_s->is_attached)