From e2175d0339cc560551fde20bcf933798798e1dc3 Mon Sep 17 00:00:00 2001 From: "js126.lee" Date: Thu, 24 Nov 2016 20:19:16 +0900 Subject: [PATCH] [IOT-1601]Adding logic to validate oxmsel updating Oxms should be considered at updating oxmsel. Oxm should be read-only. Patch 1: Init patch Patch 2: Rebase Patch 3: If owned=Ture, validate oxmsel is omitted for CTT testing Patch 4: Revert file permission to 644 Don't merge this patch because need to confirm an operation in case of owned=True Change-Id: I57fbd6a65db9a8d4400934e11ec40cc4c8e96051 Signed-off-by: js126.lee Reviewed-on: https://gerrit.iotivity.org/gerrit/14755 Tested-by: jenkins-iotivity Reviewed-by: Chul Lee Reviewed-by: Randeep Singh (cherry picked from commit d53432d2d090a3ea28611454650c9cc285dd1ba6) Reviewed-on: https://gerrit.iotivity.org/gerrit/14833 --- resource/csdk/security/src/doxmresource.c | 63 ++++++++++++++++++++++--------- 1 file changed, 46 insertions(+), 17 deletions(-) diff --git a/resource/csdk/security/src/doxmresource.c b/resource/csdk/security/src/doxmresource.c index 6bdccdd..122de33 100644 --- a/resource/csdk/security/src/doxmresource.c +++ b/resource/csdk/security/src/doxmresource.c @@ -862,23 +862,6 @@ static void updateWriteableProperty(const OicSecDoxm_t* src, OicSecDoxm_t* dst) dst->owned = src->owned; } - //update oxms - if(0 < src->oxmLen) - { - OicSecOxm_t* tempOxm = (OicSecOxm_t*)OICMalloc(sizeof(OicSecOxm_t) * src->oxmLen); - if(NULL != tempOxm) - { - for(size_t i = 0; i < src->oxmLen; i++) - { - tempOxm[i] = src->oxm[i]; - } - OICFree(dst->oxm); - - dst->oxm = tempOxm; - dst->oxmLen = src->oxmLen; - } - } - #ifdef _ENABLE_MULTIPLE_OWNER_ if(src->mom) { @@ -952,6 +935,45 @@ void MultipleOwnerDTLSHandshakeCB(const CAEndpoint_t *object, #endif //_ENABLE_MULTIPLE_OWNER_ #endif // defined(__WITH_DTLS__) || defined (__WITH_TLS__) +/** + * Function to validate oxmsel with oxms. + * + * @param[in] supportedMethods Array of supported methods + * @param[in] numberOfMethods number of supported methods + * @param[out] selectedMethod Selected methods + * @return TRUE on success + */ +static bool ValidateOxmsel(const OicSecOxm_t *supportedMethods, + size_t numberOfMethods, OicSecOxm_t *selectedMethod) +{ + bool isValidOxmsel = false; + + OIC_LOG(DEBUG, TAG, "IN ValidateOxmsel"); + if (numberOfMethods == 0 || !supportedMethods) + { + OIC_LOG(WARNING, TAG, "Could not find a supported OxM."); + return isValidOxmsel; + } + + for (size_t i = 0; i < numberOfMethods; i++) + { + if (*selectedMethod == supportedMethods[i]) + { + isValidOxmsel = true; + break; + } + } + if (!isValidOxmsel) + { + OIC_LOG(ERROR, TAG, "Not allowed Oxmsel."); + return isValidOxmsel; + } + + OIC_LOG(DEBUG, TAG, "OUT ValidateOxmsel"); + + return isValidOxmsel; +} + static OCEntityHandlerResult HandleDoxmPostRequest(OCEntityHandlerRequest * ehRequest) { OIC_LOG (DEBUG, TAG, "Doxm EntityHandle processing POST request"); @@ -1068,6 +1090,13 @@ static OCEntityHandlerResult HandleDoxmPostRequest(OCEntityHandlerRequest * ehRe // in unowned state if ((false == gDoxm->owned) && (false == newDoxm->owned)) { + if (false == ValidateOxmsel(gDoxm->oxm, gDoxm->oxmLen, &newDoxm->oxmSel)) + { + OIC_LOG(ERROR, TAG, "Not acceptable request because oxmsel does not support on Server"); + ehRet = OC_EH_NOT_ACCEPTABLE; + goto exit; + } + if (OIC_JUST_WORKS == newDoxm->oxmSel) { /* -- 2.7.4