From 26135d7d4954f863495f3b088412df1ce9e869a8 Mon Sep 17 00:00:00 2001 From: "jihwan.seo" Date: Fri, 16 Dec 2016 13:29:24 +0900 Subject: [PATCH] add checking logic of pdu data length. unneccessary parsing logic is running when received data is wrong. it should be prevented. Change-Id: Ic36359ae96f0aaa7321a1f1e8ed2d5d086ba1198 Signed-off-by: jihwan.seo Reviewed-on: https://gerrit.iotivity.org/gerrit/15743 Tested-by: jenkins-iotivity Reviewed-by: Ashok Babu Channa --- resource/csdk/connectivity/src/camessagehandler.c | 17 +++++++++++++++-- 1 file changed, 15 insertions(+), 2 deletions(-) diff --git a/resource/csdk/connectivity/src/camessagehandler.c b/resource/csdk/connectivity/src/camessagehandler.c index 18cb16f..c10a5aa 100644 --- a/resource/csdk/connectivity/src/camessagehandler.c +++ b/resource/csdk/connectivity/src/camessagehandler.c @@ -737,6 +737,12 @@ static void CAReceivedPacketCallback(const CASecureEndpoint_t *sep, VERIFY_NON_NULL_VOID(sep, TAG, "remoteEndpoint"); VERIFY_NON_NULL_VOID(data, TAG, "data"); + if (0 == dataLen) + { + OIC_LOG(ERROR, TAG, "dataLen is zero"); + return; + } + uint32_t code = CA_NOT_FOUND; CAData_t *cadata = NULL; @@ -1249,11 +1255,16 @@ void CAErrorHandler(const CAEndpoint_t *endpoint, CAResult_t result) { OIC_LOG(DEBUG, TAG, "CAErrorHandler IN"); - -#ifndef SINGLE_THREAD VERIFY_NON_NULL_VOID(endpoint, TAG, "remoteEndpoint"); VERIFY_NON_NULL_VOID(data, TAG, "data"); + if (0 == dataLen) + { + OIC_LOG(ERROR, TAG, "dataLen is zero"); + return; + } + +#ifndef SINGLE_THREAD uint32_t code = CA_NOT_FOUND; //Do not free remoteEndpoint and data. Currently they will be freed in data thread //Get PDU data @@ -1276,6 +1287,8 @@ void CAErrorHandler(const CAEndpoint_t *endpoint, CAQueueingThreadAddData(&g_receiveThread, cadata, sizeof(CAData_t)); coap_delete_pdu(pdu); +#else + (void)result; #endif OIC_LOG(DEBUG, TAG, "CAErrorHandler OUT"); -- 2.7.4