From add093b173491fdf4bc4f9964e5dc956a96123fa Mon Sep 17 00:00:00 2001
From: Aleksey Volkov <a.volkov@samsung.com>
Date: Wed, 20 Sep 2017 16:33:27 +0300
Subject: [PATCH] [IOT-2726] Add pstat.dos check in AddCredential

This change adds /pstat.dos state check to protect credentials modifications in read-only states.

Change-Id: I9a3402e458db8c5fa62a5a0fa0e08c1dd432ceaf
Signed-off-by: Aleksey Volkov <a.volkov@samsung.com>
---
 resource/csdk/security/src/credresource.c | 13 ++++++++++++-
 1 file changed, 12 insertions(+), 1 deletion(-)

diff --git a/resource/csdk/security/src/credresource.c b/resource/csdk/security/src/credresource.c
index 94cd79e..fe24c13 100644
--- a/resource/csdk/security/src/credresource.c
+++ b/resource/csdk/security/src/credresource.c
@@ -1680,6 +1680,17 @@ OCStackResult AddCredential(OicSecCred_t * newCred)
 
     bool found = false;
 
+    OicSecDostype_t dos;
+
+    VERIFY_SUCCESS(TAG, OC_STACK_OK == GetDos(&dos), ERROR);
+    if ((DOS_RESET == dos.state) ||
+        (DOS_RFNOP == dos.state))
+    {
+        OIC_LOG_V(ERROR, TAG, "%s /cred resource is read-only in RESET and RFNOP.", __func__);
+        result = OC_EH_NOT_ACCEPTABLE;
+        goto exit;
+    }
+
     //leave IOT-1936 fix for preconfig pin
 #if ((defined(__WITH_DTLS__) || defined(__WITH_TLS__)) && defined(MULTIPLE_OWNER))
     LL_FOREACH_SAFE(gCred, cred, tempCred)
@@ -1743,7 +1754,7 @@ saveToDB:
     {
         result = OC_STACK_OK;
     }
-
+exit:
     return result;
 }
 
-- 
2.7.4