From d8b26ad314250271d994b7e07efad4e3f7cf22b9 Mon Sep 17 00:00:00 2001 From: Markus Jung Date: Mon, 11 Apr 2016 18:23:33 +0900 Subject: [PATCH] [IOT-994] Fixing crash for parsing arbitrary UTF-8 payload Avoid the crash by checking whether the cbortype is map. Fundamentally, no-cbor type payload should be filtered in tinycbor library. This change can be removed later. Change-Id: Icde1422c61319d8c5e66675d9ef2b66f30dc4077 Signed-off-by: Markus Jung Reviewed-on: https://gerrit.iotivity.org/gerrit/7737 Tested-by: jenkins-iotivity Reviewed-by: Uze Choi Reviewed-by: Markus Jung (cherry picked from commit d237eecb9b581157dee9c3314d5a07091b0078ed) Reviewed-on: https://gerrit.iotivity.org/gerrit/7835 Reviewed-by: Habib Virji --- resource/csdk/stack/src/ocpayloadparse.c | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/resource/csdk/stack/src/ocpayloadparse.c b/resource/csdk/stack/src/ocpayloadparse.c index f731823..b4e053c 100755 --- a/resource/csdk/stack/src/ocpayloadparse.c +++ b/resource/csdk/stack/src/ocpayloadparse.c @@ -969,6 +969,11 @@ static OCStackResult OCParseRepPayload(OCPayload **outPayload, CborValue *root) CborValue curVal; ret = OC_STACK_MALFORMED_RESPONSE; + // temporary fix to check for malformed cbor payload + if (!cbor_value_is_map(&rootMap) && !cbor_value_is_array(&rootMap)){ + goto exit; + } + if (cbor_value_is_map(&rootMap)) { err = cbor_value_map_find_value(&rootMap, OC_RSRVD_HREF, &curVal); @@ -979,6 +984,7 @@ static OCStackResult OCParseRepPayload(OCPayload **outPayload, CborValue *root) VERIFY_CBOR_SUCCESS(TAG, err, "Failed to find uri"); } } + // Resource types if (cbor_value_is_map(&rootMap)) { @@ -1004,6 +1010,7 @@ static OCStackResult OCParseRepPayload(OCPayload **outPayload, CborValue *root) err = OCParseSingleRepPayload(&temp, &rootMap, true); VERIFY_CBOR_SUCCESS(TAG, err, "Failed to parse single rep payload"); } + if(rootPayload == NULL) { rootPayload = temp; -- 2.7.4