pillip8282 [Tue, 17 Oct 2017 10:17:53 +0000 (19:17 +0900)]
Merge pull request #836 from HONGCHAEHEE/dm
Edit makefiles of framework and tc for the path inclusion of DM API header
sunghan-chang [Tue, 17 Oct 2017 09:52:58 +0000 (18:52 +0900)]
Merge pull request #819 from pillip8282/cjson_update
external:cjson update cJSON to the version 1.5.7 released Jun 29 2017
sunghan-chang [Tue, 17 Oct 2017 09:41:37 +0000 (18:41 +0900)]
Merge pull request #846 from jeongchanKim/missed_doxy
doxygen : Add include path in stdio.h
pillip8282 [Tue, 17 Oct 2017 09:34:49 +0000 (18:34 +0900)]
Merge pull request #850 from HONGCHAEHEE/http-header
Fix a http header parsing function in webserver
chaehee.hong [Tue, 17 Oct 2017 08:26:45 +0000 (17:26 +0900)]
Fix a http header parsing function in webserver
- Remove the code for checking the length of the http header. The whole unseparated http header can be longer than the max key length.
- Re-fix of commit
eda61d6f7b0b1ed4a17a62206ddf94d6fc8069d1
pillip8282 [Tue, 17 Oct 2017 08:53:31 +0000 (17:53 +0900)]
Merge pull request #802 from JeonginKim/sec3
Fix buffer overflow in FTP client
pillip8282 [Tue, 17 Oct 2017 07:28:21 +0000 (16:28 +0900)]
Merge pull request #815 from sinzah/master
wpa_supplicant : security vulnerability patch (http://w1.fi/security/2016-1/)
pillip8282 [Tue, 17 Oct 2017 07:08:16 +0000 (16:08 +0900)]
Merge pull request #803 from dr-venkman/fix_coap_parsing
Fix er-coap parsing in wakaama to handle heap buffer overflows
jc_.kim [Tue, 17 Oct 2017 06:48:11 +0000 (15:48 +0900)]
doxygen : Add include path in stdio.h
if not, we cannot know which header we should include for using 'puts' api
pillip8282 [Tue, 17 Oct 2017 06:43:56 +0000 (15:43 +0900)]
Merge pull request #812 from dr-venkman/fix_dos_issues_wakaama
Merge security-related fixes from eclipse wakaama Github to TizenRT
sunghan-chang [Tue, 17 Oct 2017 06:19:52 +0000 (15:19 +0900)]
Merge pull request #827 from HONGCHAEHEE/doc
doxygen : Add include path and missing param name in framework
Dongeon Kim [Tue, 17 Oct 2017 06:18:16 +0000 (15:18 +0900)]
doxygen : tidy up framework/tinyalsa and st_things
* Add header include path for framework/tinyalsa and framework/st_things on doxygen comments
- if not, we cannot know which header we should include for using that api
* modify indentations
sunghan-chang [Tue, 17 Oct 2017 06:09:45 +0000 (15:09 +0900)]
Merge pull request #841 from jeongchanKim/doxy_include
doxygen : Add include path, brief desc and missing param name and fix…
sunghan-chang [Tue, 17 Oct 2017 06:07:51 +0000 (15:07 +0900)]
Merge pull request #844 from heejin-kim/hj_18
Add header file info in iotbus API's doxygen comment
Heejin Kim [Tue, 17 Oct 2017 05:44:37 +0000 (14:44 +0900)]
Add header file info in iotbus API's doxygen comment
You can see which path should be included to use iotbus APIs.
davidfather [Tue, 17 Oct 2017 04:57:18 +0000 (13:57 +0900)]
Merge pull request #811 from pillip8282/fix_netlib
net:netlib fix vulerability while parsing malicious URLs
davidfather [Tue, 17 Oct 2017 04:56:12 +0000 (13:56 +0900)]
Merge pull request #810 from pillip8282/fix_mdns
protocol:mdns fix vulnerability at mdns
jc_.kim [Mon, 16 Oct 2017 01:08:12 +0000 (10:08 +0900)]
doxygen : Add include path, brief desc and missing param name and fix wrong desc in os/include
1. Add include path for each apis
- if not, we cannot know which header we should include for using that api
2. Add missing param name for each apis
- argument name is needed after param[in] or param[out]
3. Add brief description for POSIX APIs
4. Fix wrong desc
- some apis are not POSIX apis, but marked POSIX. so fix.
assert.h, crc16.h, crc32.h, crc8.h, debug.h, dirent.h, errno.h, fcntl.h, fixedmath.h, inttypes.h,
libgen.h, mqueue.h, pthread.h, queue.h, sched.h, semaphore.h, signal.h, spawn.h, stdio.h, stdlib.h,
string.h, syslog.h, termios.h, time.h, unistd.h
sys/prctl.h, sys/stat.h, sys/time.h, sys/wait.h, sys/ioctl.h
tinyara/clock.h, tinyara/math.h, tinyara/regex.h, tinyara/sched.h, tinyara/spawn.h, tinyara/streams.h,
tinyara/time.h, tinyara/ttrace.h
sunghan-chang [Tue, 17 Oct 2017 03:43:12 +0000 (12:43 +0900)]
Merge pull request #839 from jeongchanKim/mqtt_codingrule
testcase/mqtt_itc : fix coding rule error - space is needed before '='
kang [Thu, 12 Oct 2017 04:18:16 +0000 (13:18 +0900)]
protocol:mdns fix vulnerability at mdns
1) fix overflow when mdns is parsing the packet
2) checking cycle reference when it is parsing the packet
https://www.kb.cert.org/vuls/id/23495
3) adding a buffer overflow check when it is converting a name label
jc_.kim [Tue, 17 Oct 2017 01:20:50 +0000 (10:20 +0900)]
testcase/mqtt_itc : fix coding rule error - space is needed before '='
[SPC_M_OPR] spaces required around that '=' (ctx:VxW)
chaehee.hong [Mon, 16 Oct 2017 23:57:31 +0000 (08:57 +0900)]
Merge branch 'master' of https://github.com/Samsung/TizenRT into dm
sunghan-chang [Mon, 16 Oct 2017 10:16:17 +0000 (19:16 +0900)]
Merge pull request #832 from an4967/bug_fix_iotbus_pwm
iotbus: bug fix in pwm
chaehee.hong [Mon, 16 Oct 2017 09:42:30 +0000 (18:42 +0900)]
Edit makefiles of framework and tc for the path inclusion of DM API header
- Edit the compile option not to find the header file directory and use the original one as the other framework modules do.
kang [Fri, 13 Oct 2017 00:42:58 +0000 (09:42 +0900)]
net:netlib fix vulerability while parsing malicious URLs
netlib_parsehttpurl() should be returned when error is detected
sunghan-chang [Mon, 16 Oct 2017 08:43:33 +0000 (17:43 +0900)]
Merge pull request #830 from an4967/apply_coding_rule
st_things: apply tizenrt coding rule
chaehee.hong [Mon, 16 Oct 2017 08:07:38 +0000 (17:07 +0900)]
doxygen : Add include path and missing param name for mqtt APIs
1.Add include path for each api
•if not, we cannot know which header we should include for using that api
2.Add missing param name for each api
•argument name is needed after param[in] or param[out]
chaehee.hong [Mon, 16 Oct 2017 08:05:26 +0000 (17:05 +0900)]
doxygen : Add include path and missing param names for DM APIs
1.Add include path for each api
•if not, we cannot know which header we should include for using that api
2.Add missing param name for each api
•argument name is needed after param[in] or param[out]
venkat.iyer [Fri, 13 Oct 2017 01:20:05 +0000 (10:20 +0900)]
Merge security-related fixes from eclipse wakaama Github to TizenRT
Wakaama in the version currently used by TizenRT (seems to be from around March/April) is vulnerable to several security issues, which were since fixed in the upstream version at https://github.com/eclipse/wakaama.
Reference to the original fixes are given below:
1. https://github.com/eclipse/wakaama/issues/319 (fix unknown, but likely https://github.com/eclipse/wakaama/commit/
8037174913a5937c3bcb5ffe7838e4d3b867c53e)
2. https://github.com/eclipse/wakaama/issues/320
3. https://github.com/eclipse/wakaama/issues/268
4. https://github.com/eclipse/wakaama/issues/301
JeonginKim [Thu, 12 Oct 2017 10:16:33 +0000 (19:16 +0900)]
Fix buffer overflow in FTP client
Function ftpc_dequote that converts quoted hexadecimal constants to binary values goes outside input data buffer -str pointer is checked, while str[1] and str[2] are read.
while parsing the server response end of string should be checked
Taejun-Kwon [Mon, 16 Oct 2017 07:29:37 +0000 (16:29 +0900)]
Merge pull request #833 from shivgarg/audio
framework/tinyalsa : Removing pcm_set_config as public API
Shivam Garg [Mon, 16 Oct 2017 07:09:44 +0000 (16:09 +0900)]
framework/tinyalsa : Removing pcm_set_config as public API
pcm_set_config has been removed from tinyalsa include file. The tcs in utc and itc which tested pcm_set_config have been removed. Calls to pcm_set_config outside of tinyalsa have also been removed .pcm_set_config has been made a static function so that it can it is called only from tinyalsa.c file.
Daesung [Mon, 16 Oct 2017 06:56:16 +0000 (15:56 +0900)]
iotbus: bug fix in pwm
- change type of divisor to get the result as float value.
Daesung [Mon, 16 Oct 2017 06:53:29 +0000 (15:53 +0900)]
st_things: apply tizenrt coding rule
- apply tizenrt coding rule
Taejun-Kwon [Mon, 16 Oct 2017 06:41:47 +0000 (15:41 +0900)]
Merge pull request #828 from shivgarg/audio
ta_tc/audio/{utc,itc} : Removing assert failure in audio TCs
Shivam Garg [Mon, 16 Oct 2017 06:16:49 +0000 (15:16 +0900)]
Removing assert failure in audio TCs
In audio utc/itc, readi positive tc gave an assert failure. The failure was due to the last pcm_readi call returning a negative value. The negative value was passed to write function which led to assert failure.
Now an if block has been added which checks the return value of pcm_readi before passing it to the write function.
davidfather [Sat, 14 Oct 2017 06:58:23 +0000 (23:58 -0700)]
Merge pull request #820 from pillip8282/fix_xmlrpc
external:xmlrpc handle an exceptional case when invalid parameters ar…
kang [Fri, 13 Oct 2017 06:01:49 +0000 (15:01 +0900)]
external:xmlrpc handle an exceptional case when invalid parameters are inserted
<> description:
Properly crafted xml request, can cause a situation in which the value of
the len field in the parsebuf_s structure will be less than the index field.
In this situation, when calling the xmlrpc_getelement from the xmlrpc_parseparams
function, the while loop will read the content of memory outside the buffer causing segmentation fault.
<> solution:
While calling xmlrpc_getelement function, check if index value inside parsebuf_s structure is less than len value.
kang [Fri, 13 Oct 2017 05:44:02 +0000 (14:44 +0900)]
external:cjson update cJSON to the version 1.5.7 released Jun 29 2017
It will fix the below vulnerability issues existed at old version
https://www.talosintelligence.com/reports/TALOS-2016-0164/
sangwon03 [Fri, 13 Oct 2017 09:52:56 +0000 (18:52 +0900)]
Merge pull request #822 from arvinmittal/fix_systemio_i2c_itc
apps/examples/testcase/ta_tc/systemio/itc : fix itc_iotbus_i2c_write_read_p
sangwon03 [Fri, 13 Oct 2017 09:48:59 +0000 (18:48 +0900)]
Merge pull request #804 from arvinmittal/fix_systemio_gpio_itc
Fix systemio itc_gpio.c file, change gpio pin 12 to 41
Taejun-Kwon [Fri, 13 Oct 2017 09:46:14 +0000 (18:46 +0900)]
Merge pull request #726 from arvinmittal/fix_audio_fw_itc
apps/examples/testcase/ta_tc/audio/itc: Add ITCs for Audio_Framework Module
Juitem JoonWoo Kim [Fri, 13 Oct 2017 09:34:07 +0000 (18:34 +0900)]
Merge pull request #809 from thapav/fixAPIerrors
(libc/stdio): Fix wrong initialization in FS TC.
Arvin Mittal [Thu, 28 Sep 2017 12:38:08 +0000 (18:08 +0530)]
apps/examples/testcase/ta_tc/audio/itc: Add ITCs for Audio_Framework
Signed-off-by: Arvin Mittal <arvin.mittal@samsung.com>
davidfather [Fri, 13 Oct 2017 08:41:20 +0000 (01:41 -0700)]
Merge pull request #814 from pillip8282/wifimanager_network_event_signal
net:wifimanager fix sending net events to iotivity from wifi manager
pillip8282 [Fri, 13 Oct 2017 08:20:40 +0000 (17:20 +0900)]
Merge pull request #725 from arvinmittal/fix_mqtt_itc
apps/examples/testcase/ta_tc/mqtt/itc : Add ITCs for MQTT Module
sunghan-chang [Fri, 13 Oct 2017 07:52:52 +0000 (16:52 +0900)]
Merge pull request #796 from an4967/mbedtls_hw_support
mbedtls: implement hardware support in mbedtls
Arvin Mittal [Thu, 28 Sep 2017 12:05:54 +0000 (17:35 +0530)]
apps/examples/testcase/ta_tc/mqtt/itc: Add ITCs for MQTT
Signed-off-by: Arvin Mittal <arvin.mittal@samsung.com>
Juitem JoonWoo Kim [Fri, 13 Oct 2017 07:37:07 +0000 (16:37 +0900)]
Merge pull request #821 from jeongarmy/ttrace_config
testcase/ttrace: add select condition for using ttrace in Kconfig
Ahreum Jeong [Fri, 13 Oct 2017 06:56:24 +0000 (15:56 +0900)]
testcase/ttrace: add select condition for using ttrace in Kconfig
Add select config in Kconfig for testcase of T-trace.
Enable CONFIG_TTRACE when EXAMPLES_TESTCASE_TTRACE is turned on.
sangwon03 [Fri, 13 Oct 2017 07:15:19 +0000 (16:15 +0900)]
Merge pull request #817 from HONGCHAEHEE/sdk
Fix assert during things reset
Arvin Mittal [Fri, 13 Oct 2017 07:12:23 +0000 (12:42 +0530)]
apps/examples/testcase/ta_tc/systemio/itc : fix itc_iotbus_i2c_write_read_p
Signed-off-by: Arvin Mittal <arvin.mittal@samsung.com>
chaehee.hong [Fri, 13 Oct 2017 03:06:32 +0000 (12:06 +0900)]
Fix assert during things reset
- Assert often occur during the reset process as the TCP receive thread is trying to use resources of the ping thread already terminated.
- The TCP receive thread does not need to call the session state callback to terminate the ping thread during reset because the reset loop thread will unregister that callback.
Vidisha Thapa [Thu, 12 Oct 2017 15:30:36 +0000 (21:00 +0530)]
(libc/stdio): Fix wrong initialization in FS TC.
This patch fixes wrong initialization in setvbuf and remove API testcases.
Signed-off-by: Vidisha Thapa <thapa.v@samsung.com>
Taejun-Kwon [Fri, 13 Oct 2017 05:44:28 +0000 (14:44 +0900)]
Merge pull request #818 from jeongarmy/fix_tc_arastorage
testcase/arastorage: delete checking result value in cleanup function.
Ahreum Jeong [Fri, 13 Oct 2017 05:27:22 +0000 (14:27 +0900)]
testcase/arastorage: delete checking result value in cleanup function.
cleanup function is called before and after arastorage TCs run to verify cleaning related resources
We don't need to check whether result value of function used here is valid or not.
Because this function is not tc and is used internally.
kang [Fri, 13 Oct 2017 02:04:30 +0000 (11:04 +0900)]
net:wifimanager fix sending net events to iotivity from wifi manager
Send network events to Iotivity only when the IP address is changed on the device.
Wifi manager sends network event even though sta leaves on SoftAP mode
In above case, The IP address on the device is still ok, so it doesn't need to send.
sunghan-chang [Fri, 13 Oct 2017 05:09:17 +0000 (14:09 +0900)]
Merge pull request #816 from an4967/adjust_things_sample
st_things: update st_things sample app
Taejun-Kwon [Fri, 13 Oct 2017 05:02:44 +0000 (14:02 +0900)]
Merge pull request #805 from sunghan-chang/tc
apps/testcase: refactor codes
Daesung [Fri, 13 Oct 2017 03:01:07 +0000 (12:01 +0900)]
st_things: update st_things sample app
- Add 2 dimmer resources
- Add handlers for additional resources
pillip8282 [Fri, 13 Oct 2017 04:22:13 +0000 (13:22 +0900)]
Merge pull request #808 from davidfather/wifi_manager_refactoring
Wi-Fi Manager: add a checkpoint, to check if Wi-Fi Manager is initial…
sangwon03 [Fri, 13 Oct 2017 03:29:29 +0000 (12:29 +0900)]
Merge pull request #797 from JeonginKim/gpio2
removed unsupported gpio output mode
Jin-Seong Kim [Thu, 12 Oct 2017 07:51:06 +0000 (16:51 +0900)]
wpa_supplicant : PSK configuration parameter update allowing arbitrary data to be written
This commit is patch for mitigation security vulnerability on wpa_supplicant
- https://w1.fi/security/2016-1/
Reject SET commands with newline characters in the string values
Many of the global configuration parameters are written as strings
without filtering and if there is an embedded newline character in the
value, unexpected configuration file data might be written.
This fixes an issue where wpa_supplicant could have updated the
configuration file global parameter with arbitrary data from the control
interface or D-Bus interface. While those interfaces are supposed to be
accessible only for trusted users/applications, it may be possible that
an untrusted user has access to a management software component that
does not validate the value of a parameter before passing it to
wpa_supplicant.
This could allow such an untrusted user to inject almost arbitrary data
into the configuration file. Such configuration file could result in
wpa_supplicant trying to load a library (e.g., opensc_engine_path,
pkcs11_engine_path, pkcs11_module_path, load_dynamic_eap) from user
controlled location when starting again. This would allow code from that
library to be executed under the wpa_supplicant process privileges.
Change-Id: I0f0237ff9809fa8173a08fa45e74447e95a33e7d
Signed-off-by: Jin-Seong Kim <jseong82.kim@samsung.com>
Jin-Seong Kim [Thu, 12 Oct 2017 07:49:00 +0000 (16:49 +0900)]
wpa_supplicant : PSK configuration parameter update allowing arbitrary data to be written
This commit is patch for mitigation security vulnerability on wpa_supplicant
- https://w1.fi/security/2016-1/
Reject SET_CRED commands with newline characters in the string values
Most of the cred block parameters are written as strings without
filtering and if there is an embedded newline character in the value,
unexpected configuration file data might be written.
This fixes an issue where wpa_supplicant could have updated the
configuration file cred parameter with arbitrary data from the control
interface or D-Bus interface. While those interfaces are supposed to be
accessible only for trusted users/applications, it may be possible that
an untrusted user has access to a management software component that
does not validate the credential value before passing it to
wpa_supplicant.
This could allow such an untrusted user to inject almost arbitrary data
into the configuration file. Such configuration file could result in
wpa_supplicant trying to load a library (e.g., opensc_engine_path,
pkcs11_engine_path, pkcs11_module_path, load_dynamic_eap) from user
controlled location when starting again. This would allow code from that
library to be executed under the wpa_supplicant process privileges.
Change-Id: I41f6fed02ed00b0031b25a7e629094509d753675
Signed-off-by: Jin-Seong Kim <jseong82.kim@samsung.com>
Jin-Seong Kim [Thu, 12 Oct 2017 07:39:09 +0000 (16:39 +0900)]
wpa_supplicant : PSK configuration parameter update allowing arbitrary data to be written
This commit is patch for mitigation security vulnerability on wpa_supplicant
- https://w1.fi/security/2016-1/
Remove newlines from wpa_supplicant config network output
Spurious newlines output while writing the config file can corrupt the
wpa_supplicant configuration. Avoid writing these for the network block
parameters. This is a generic filter that cover cases that may not have
been explicitly addressed with a more specific commit to avoid control
characters in the psk parameter.
Change-Id: I7c4d6ac0bb0fbc34225a03690034cd0e429a44cf
Signed-off-by: Jin-Seong Kim <jseong82.kim@samsung.com>
Jin-Seong Kim [Thu, 12 Oct 2017 07:28:29 +0000 (16:28 +0900)]
wpa_supplicant : PSK configuration parameter update allowing arbitrary data to be written
This commit is patch for mitigation security vulnerability on wpa_supplicant
- https://w1.fi/security/2016-1/
Reject psk parameter set with invalid passphrase character
WPA/WPA2-Personal passphrase is not allowed to include control
characters. Reject a passphrase configuration attempt if that passphrase
includes an invalid passphrase.
This fixes an issue where wpa_supplicant could have updated the
configuration file psk parameter with arbitrary data from the control
interface or D-Bus interface. While those interfaces are supposed to be
accessible only for trusted users/applications, it may be possible that
an untrusted user has access to a management software component that
does not validate the passphrase value before passing it to
wpa_supplicant.
This could allow such an untrusted user to inject up to 63 characters of
almost arbitrary data into the configuration file. Such configuration
file could result in wpa_supplicant trying to load a library (e.g.,
opensc_engine_path, pkcs11_engine_path, pkcs11_module_path,
load_dynamic_eap) from user controlled location when starting again.
This would allow code from that library to be executed under the
wpa_supplicant process privileges.
Change-Id: Ic86dc19346f1a4601ae954dc169b1f0de57514de
Signed-off-by: Jin-Seong Kim <jseong82.kim@samsung.com>
Jin-Seong Kim [Thu, 12 Oct 2017 07:14:49 +0000 (16:14 +0900)]
wpa_supplicant : PSK configuration parameter update allowing arbitrary data to be written
This commit is patch for mitigation security vulnerability on wpa_supplicant
- https://w1.fi/security/2016-1/
WPS: Reject a Credential with invalid passphrase
WPA/WPA2-Personal passphrase is not allowed to include control
characters. Reject a Credential received from a WPS Registrar both as
STA (Credential) and AP (AP Settings) if the credential is for WPAPSK or
WPA2PSK authentication type and includes an invalid passphrase.
This fixes an issue where hostapd or wpa_supplicant could have updated
the configuration file PSK/passphrase parameter with arbitrary data from
an external device (Registrar) that may not be fully trusted. Should
such data include a newline character, the resulting configuration file
could become invalid and fail to be parsed.
Change-Id: I106f6949da95b6e03e1489b63c1e7787e24eb478
Signed-off-by: Jin-Seong Kim <jseong82.kim@samsung.com>
sunghan-chang [Fri, 13 Oct 2017 02:39:10 +0000 (11:39 +0900)]
Merge pull request #807 from jeongarmy/fix_tc_arastorage
testcase/arastorage: call cleanup function at the beginning arastorage TCs to verify cleaning all undeleted resources
sunghan-chang [Fri, 13 Oct 2017 02:32:39 +0000 (11:32 +0900)]
Merge pull request #813 from jeongchanKim/coding_rule
testcase/filesystem : fix coding rule error - remove unnecessary space
Seongil Hahm [Thu, 12 Oct 2017 15:20:12 +0000 (08:20 -0700)]
Wi-Fi Manager: add a checkpoint, to check if Wi-Fi Manager is initialized, in APIs and callback handlers
To make Wi-Fi Manager thread-safe, it is necessary to check if Wi-Fi Manager is initialized.
For simplicity, we just do null-comparison of w_mutex and w_info_mutex at the very beginning of each API and each callback handler.
sunghan-chang [Fri, 13 Oct 2017 02:28:32 +0000 (11:28 +0900)]
Merge pull request #750 from JeongJunSik/temp
st_things : Get the manufacturerName from JSON
정준식/Things Platform Lab(S/W센터)/Engineer/삼성전자 [Sun, 1 Oct 2017 05:50:09 +0000 (14:50 +0900)]
st_things : add logic of parsing manufacturerName from JSON
- Changed the pre-defined value to use JSON value
jc_.kim [Fri, 13 Oct 2017 02:12:18 +0000 (11:12 +0900)]
testcase/filesystem : fix coding rule error - remove unnecessary space
[IDT_M_TAB] please, no space before tabs
JeonginKim [Thu, 12 Oct 2017 10:00:28 +0000 (19:00 +0900)]
remove unsupported gpio output mode
artik053 board is not support 2mode(IOTBUS_GPIO_DRIVE_NONE, IOTBUS_GPIO_DRIVE_PUSHPULL)
davidfather [Fri, 13 Oct 2017 00:54:03 +0000 (17:54 -0700)]
Merge pull request #720 from arvinmittal/fix_wifi_manager_itc
Add ITCs for Wifi_manager Module
sangwon03 [Thu, 12 Oct 2017 23:57:35 +0000 (08:57 +0900)]
Merge pull request #801 from JeonginKim/sec2
Fixed stack based memory disclosure in FTP client
sangwon03 [Thu, 12 Oct 2017 23:46:54 +0000 (08:46 +0900)]
Merge pull request #800 from an4967/remove_unused_ca
st_things: modify things_sdk security resources process
venkat.iyer [Thu, 12 Oct 2017 12:21:07 +0000 (21:21 +0900)]
Fix er-coap parsing in wakaama to handle heap buffer overflows
Two cases of heap buffer overflows are considered:
1. When packet length is less than the coap header length of 4 bytes
2. when the option byte lengths have values far greater than what the packet buffer capacity. In this case, especially when merging contiguous location query coap options, buffer overflow tends to occur.
Functions modified: coap_parse_message, and coap_merge_multi_option.
Arvin Mittal [Thu, 28 Sep 2017 08:45:15 +0000 (14:15 +0530)]
[TizenRT][Added ITCs for Wifi_manager]
Signed-off-by: Arvin Mittal <arvin.mittal@samsung.com>
davidfather [Thu, 12 Oct 2017 13:06:33 +0000 (06:06 -0700)]
Merge pull request #795 from HONGCHAEHEE/web
Fix stack buffer overflow in webserver
Ahreum Jeong [Thu, 12 Oct 2017 12:45:44 +0000 (21:45 +0900)]
testcase/arastorage: call cleanup function at the beginning arastorage TCs to verify cleaning all undeleted resources
cleanup function cleans all comopents like relations used in these TCs.
Some files used before in arastorage operations and so on may be removed.
So we call cleanup function before running arastorage TCs to verify cleaning all existent things.
sunghan [Thu, 12 Oct 2017 11:52:04 +0000 (20:52 +0900)]
apps/testcase: refactor codes
1. remove unused definition, RETURN_ERR
2. remove unused header file, tc_internal.h on systemio itc
3. fix incorrect definition of preventing duplicated-including header file
4. move a location of including header to inside definition
5. remove unnecessary relative path of header, tc_common.h
6. remove definition of same global variables and initialize them before using,
total_pass and total_fail
Arvin Mittal [Thu, 12 Oct 2017 12:24:12 +0000 (17:54 +0530)]
Fix systemio itc_gpio.c file, change gpio pin 12 to 41
Signed-off-by: Arvin Mittal <arvin.mittal@samsung.com>
chaehee.hong [Thu, 12 Oct 2017 08:04:37 +0000 (17:04 +0900)]
Fix stack buffer overflow in webserver
- Add the code to check that the resulting string is null-terminated.
- Add the code for url length to respect the buffer sizes.
davidfather [Thu, 12 Oct 2017 11:37:16 +0000 (04:37 -0700)]
Merge pull request #791 from JeonginKim/master
Memory corruption security issue fixed for FTP client
Daesung [Thu, 12 Oct 2017 11:19:09 +0000 (20:19 +0900)]
mbedtls: apply coding rule and adjust Kconfig in mbedtls
- apply tizenrt coding rule
- adjust Kconfig in mbedtls
JeonginKim [Thu, 12 Oct 2017 10:57:26 +0000 (19:57 +0900)]
Fix stack based memory disclosure in FTP client
Function ftp_pasvmode that parses FTP server response to PASV command goes outside data buffer - ptr is increased and checked only using !isdigit function.
Junhwan Park [Thu, 10 Aug 2017 00:29:10 +0000 (09:29 +0900)]
tls: fix memory leak
If you do not release the allocated memory and return it, a memory leak
may occur.
Change-Id: I27a892c56e8ca381679d730c95014455b5de19b9
Signed-off-by: Junhwan Park <junhwan.park@samsung.com>
sunghan-chang [Thu, 12 Oct 2017 11:11:40 +0000 (20:11 +0900)]
Merge pull request #799 from jeongarmy/modify_tcname
testcase/fs : change the name of all filesystem TCs to tc_[module]_[function]
Daesung [Thu, 12 Oct 2017 10:41:35 +0000 (19:41 +0900)]
st_things: modify things_sdk security resources process
- remove unused CAs
- check svrdb file contents before initialize st_things
Ahreum Jeong [Thu, 12 Oct 2017 10:18:36 +0000 (19:18 +0900)]
testcase/fs : change the name of all filesystem TCs to tc_[module]_[function]
The name of all testcases in le_tc has naming rule, tc_[module]_[function]
So I need to change all testcases for fs, stdio in fs_main.c to apply it
davidfather [Thu, 12 Oct 2017 09:20:13 +0000 (02:20 -0700)]
Merge pull request #759 from olegartys/1017
drivers/scsc/Kconfig: make SCSC_WLAN dependent on WPA_SUPPLICANT and …
davidfather [Thu, 12 Oct 2017 09:15:22 +0000 (02:15 -0700)]
Merge pull request #793 from chanijjani/fix/delete_dead_code
Delete dead code related to things_data_manager
davidfather [Thu, 12 Oct 2017 09:10:42 +0000 (02:10 -0700)]
Merge pull request #783 from HONGCHAEHEE/wifi-mode
Fix the WiFi linkdown hang up issue
sunghan-chang [Thu, 12 Oct 2017 08:39:24 +0000 (17:39 +0900)]
Merge pull request #794 from jeongchanKim/svace_env
testcase/environ : check null case when getenv()
Joohwan Kim [Mon, 19 Jun 2017 13:31:15 +0000 (22:31 +0900)]
sss: change ispdriver library for sss and add header files
This library adds features to improve performance when tls is performed.
Change-Id: Ifb344de9a0cead5c22eee119557db0a140802105
Signed-off-by: Joohwan Kim <joohwani.kim@samsung.com>
Joohwan Kim [Wed, 20 Sep 2017 11:00:38 +0000 (20:00 +0900)]
net/tls: apply mbedtls patch to prevent bypass of authentication issue
If optional authentication is configured, allows remote attackers
to bypass peer authentication via an X.509 certificate chain with
many intermediates. So, this commit applies patch to prevent thus issue.
Change-Id: If77de1f62928c1107e420c2b41bccf6186f19599
Signed-off-by: Joohwan Kim <joohwani.kim@samsung.com>
Joohwan Kim [Mon, 28 Aug 2017 23:07:18 +0000 (08:07 +0900)]
net/tls: add see_misc file for supporting miscellaneous functions
This file includes feature for getting uuid of ARTIK
certificate.
Change-Id: I6e9a65293edbdf2dd618f2faad4092ffa80d37bd
Signed-off-by: Joohwan Kim <joohwani.kim@samsung.com>
Joohwan Kim [Mon, 24 Jul 2017 04:14:58 +0000 (13:14 +0900)]
net/tls: change HW_ECDSA_VERIFICATION config location
Because see_setup_key_internal function is common api, it doesn't
need to be bind by HW_ECDSA_VERIFICATION config.
Change-Id: I6e7cd49fb5d2988619e4a5199b44deac0bae77c1
Signed-off-by: Joohwan Kim <joohwani.kim@samsung.com>
Joohwan Kim [Tue, 20 Jun 2017 04:41:12 +0000 (13:41 +0900)]
net/tls: add sss hw interface parts in mbedtls
Add the following in mbedtls
- performance : merge see_internal functions
- tls with secure storage : merge see_api functions
Change-Id: I0126bddcc83fe801a52ee66fea200d4b1c4cf8a3
Signed-off-by: Joohwan Kim <joohwani.kim@samsung.com>