Mesh: Add sanity checks for handles

This patch adds handle validation checks
at several places to prevent application
crash in case of passing invalid handles
from application.

Change-Id: I1bf47bf631b2aa06c185da84d27e655d7b115adc
Signed-off-by: Anupam Roy <anupam.r@samsung.com>

diff --git a/src/bluetooth-mesh.c b/src/bluetooth-mesh.c
index 6ea3340..2f99232 100644 (file)
--- a/src/bluetooth-mesh.c
+++ b/src/bluetooth-mesh.c
@@ -779,7 +779,6 @@ int bt_mesh_node_destroy(bt_mesh_node_h node_handle)
        BT_CHECK_INPUT_PARAMETER(node_handle);
 
        bt_mesh_node_s *node = (bt_mesh_node_s*)node_handle;
-
        BT_MESH_VALIDATE_HANDLE(node, node_list);
 
        /* It is NOT allowed to destroy attached node: Do Reset */
@@ -1005,13 +1004,17 @@ int bt_mesh_model_destroy(bt_mesh_model_h model_handle)
        BT_CHECK_MESH_INIT_STATUS();
        BT_CHECK_INPUT_PARAMETER(model_handle);
 
-       bt_mesh_node_s *node = (bt_mesh_node_s*)((bt_mesh_element_s*)((bt_mesh_model_s*)model_handle)->parent)->parent;
        bt_mesh_model_s *model = (bt_mesh_model_s*)model_handle;
-       bt_mesh_element_s *element = model->parent;
-
        BT_MESH_VALIDATE_HANDLE(model, model_list);
+
+       bt_mesh_element_s *element = model->parent;
+       BT_CHECK_INPUT_PARAMETER(element);
        BT_MESH_VALIDATE_HANDLE(element, element_list);
 
+       bt_mesh_node_s *node = element->parent;
+       BT_CHECK_INPUT_PARAMETER(node);
+       BT_MESH_VALIDATE_HANDLE(node, node_list);
+
        /* It is NOT allowed to destroy remote model */
        BT_CHECK_MESH_LOCAL(node);
 
@@ -1194,7 +1197,6 @@ int bt_mesh_network_create(bt_mesh_node_h config_client,
 
        BT_INFO("Mesh: Create Network: Name [%s]", network_name);
        bt_mesh_node_s *node = (bt_mesh_node_s*)config_client;
-
        BT_MESH_VALIDATE_HANDLE(node, node_list);
 
        /* Error if remote node*/
@@ -1581,6 +1583,7 @@ int bt_mesh_netkey_update(bt_mesh_netkey_h netkey)
        netkey_s = (bt_mesh_netkey_s*)netkey;
        BT_MESH_VALIDATE_HANDLE(netkey_s, netkey_list);
        network_s = netkey_s->parent;
+       BT_CHECK_INPUT_PARAMETER(network_s);
        BT_MESH_VALIDATE_HANDLE(network_s, networks);
 
        memset(&net, 0x00, sizeof(bluetooth_mesh_network_t));
@@ -1615,7 +1618,9 @@ int bt_mesh_netkey_delete(bt_mesh_netkey_h netkey)
 
        netkey_s = (bt_mesh_netkey_s*)netkey;
        BT_MESH_VALIDATE_HANDLE(netkey_s, netkey_list);
+
        network_s = netkey_s->parent;
+       BT_CHECK_INPUT_PARAMETER(network_s);
        BT_MESH_VALIDATE_HANDLE(network_s, networks);
 
        memset(&net, 0x00, sizeof(bluetooth_mesh_network_t));
@@ -1658,7 +1663,9 @@ int bt_mesh_netkey_add_appkey(bt_mesh_netkey_h netkey,
 
        netkey_s = (bt_mesh_netkey_s*)netkey;
        BT_MESH_VALIDATE_HANDLE(netkey_s, netkey_list);
+
        network_s = netkey_s->parent;
+       BT_CHECK_INPUT_PARAMETER(network_s);
        BT_MESH_VALIDATE_HANDLE(network_s, networks);
 
        memset(&net, 0x00, sizeof(bluetooth_mesh_network_t));
@@ -1700,10 +1707,15 @@ int bt_mesh_appkey_update(bt_mesh_appkey_h appkey)
        BT_CHECK_INPUT_PARAMETER(appkey);
 
        appkey_s = (bt_mesh_appkey_s*)appkey;
+       BT_CHECK_INPUT_PARAMETER(appkey_s);
        BT_MESH_VALIDATE_HANDLE(appkey_s, appkey_list);
+
        netkey_s = appkey_s->parent;
+       BT_CHECK_INPUT_PARAMETER(netkey_s);
        BT_MESH_VALIDATE_HANDLE(netkey_s, netkey_list);
+
        network_s = netkey_s->parent;
+       BT_CHECK_INPUT_PARAMETER(network_s);
        BT_MESH_VALIDATE_HANDLE(network_s, networks);
 
        memset(&net, 0x00, sizeof(bluetooth_mesh_network_t));
@@ -1738,9 +1750,13 @@ int bt_mesh_appkey_delete(bt_mesh_appkey_h appkey)
 
        appkey_s = (bt_mesh_appkey_s*)appkey;
        BT_MESH_VALIDATE_HANDLE(appkey_s, appkey_list);
+
        netkey_s = appkey_s->parent;
+       BT_CHECK_INPUT_PARAMETER(netkey_s);
        BT_MESH_VALIDATE_HANDLE(netkey_s, netkey_list);
+
        network_s = netkey_s->parent;
+       BT_CHECK_INPUT_PARAMETER(network_s);
        BT_MESH_VALIDATE_HANDLE(network_s, networks);
 
        memset(&net, 0x00, sizeof(bluetooth_mesh_network_t));
@@ -1787,7 +1803,10 @@ int bt_mesh_netkey_foreach_appkeys(bt_mesh_netkey_h netkey,
        BT_MESH_VALIDATE_HANDLE(netkey, netkey_list);
 
        netkey_s = (bt_mesh_netkey_s*)netkey;
+
        network_s = netkey_s->parent;
+       BT_CHECK_INPUT_PARAMETER(network_s);
+       BT_MESH_VALIDATE_HANDLE(network_s, networks);
 
        appkeys = g_ptr_array_new();
        if (appkeys == NULL) {
@@ -1975,11 +1994,6 @@ int bt_mesh_node_foreach_element(bt_mesh_node_h node,
        BT_MESH_VALIDATE_HANDLE(node, node_list);
        node_s = (bt_mesh_node_s*) node;
 
-       /* Only for Node which is attached to the Network */
-#if 0
-       if (!node_s->is_attached)
-               return BT_ERROR_INVALID_PARAMETER;
-#endif
        total = g_slist_length(node_s->elements);
        if (!total) {
                callback(BT_ERROR_NONE, (bt_mesh_node_h) node, total,
@@ -2021,10 +2035,13 @@ int bt_mesh_element_foreach_models(bt_mesh_element_h element,
        BT_CHECK_INPUT_PARAMETER(element);
        BT_CHECK_INPUT_PARAMETER(callback);
 
-       BT_MESH_VALIDATE_HANDLE(element, element_list);
-
        element_s = (bt_mesh_element_s*) element;
+       BT_MESH_VALIDATE_HANDLE(element_s, element_list);
+
        node_s = (bt_mesh_node_s*) element_s->parent;
+       BT_CHECK_INPUT_PARAMETER(node_s);
+       BT_MESH_VALIDATE_HANDLE(node_s, node_list);
+
        network_s = (bt_mesh_network_s*) node_s->parent;
 
        /* Only for local Node */
@@ -2365,8 +2382,11 @@ int bt_mesh_network_discover_node(bt_mesh_network_h network,
        return BT_ERROR_NONE;
 }
 
-int bt_mesh_node_configure_netkey(bt_mesh_node_h node, bt_mesh_node_key_configuration_e netkey_op,
-                                       bt_mesh_netkey_h netkey,  bt_mesh_netkey_status_cb callback, void *user_data)
+int bt_mesh_node_configure_netkey(bt_mesh_node_h node,
+               bt_mesh_node_key_configuration_e netkey_op,
+                       bt_mesh_netkey_h netkey,
+                               bt_mesh_netkey_status_cb callback,
+                                       void *user_data)
 {
        int error_code = BT_ERROR_NONE;
        bt_mesh_network_s *network_s;
@@ -2382,11 +2402,13 @@ int bt_mesh_node_configure_netkey(bt_mesh_node_h node, bt_mesh_node_key_configur
        BT_CHECK_INPUT_PARAMETER(callback);
 
        node_s = (bt_mesh_node_s*) node;
-       network_s = node_s->parent;
-       netkey_s = (bt_mesh_netkey_s*) netkey;
+       BT_MESH_VALIDATE_HANDLE(node_s, node_list);
 
+       network_s = node_s->parent;
+       BT_CHECK_INPUT_PARAMETER(network_s);
        BT_MESH_VALIDATE_HANDLE(network_s, networks);
-       BT_MESH_VALIDATE_HANDLE(node_s, node_list);
+
+       netkey_s = (bt_mesh_netkey_s*) netkey;
        BT_MESH_VALIDATE_HANDLE(netkey_s, netkey_list);
 
        /* Return error, if node is not attached */
@@ -2423,8 +2445,11 @@ int bt_mesh_node_configure_netkey(bt_mesh_node_h node, bt_mesh_node_key_configur
        return BT_ERROR_NONE;
 }
 
-int bt_mesh_node_configure_appkey(bt_mesh_node_h node, bt_mesh_node_key_configuration_e appkey_op,
-                                       bt_mesh_appkey_h appkey, bt_mesh_appkey_status_cb callback, void *user_data)
+int bt_mesh_node_configure_appkey(bt_mesh_node_h node,
+               bt_mesh_node_key_configuration_e appkey_op,
+                       bt_mesh_appkey_h appkey,
+                               bt_mesh_appkey_status_cb callback,
+                                       void *user_data)
 {
        int error_code = BT_ERROR_NONE;
        bt_mesh_network_s *network_s;
@@ -2441,13 +2466,17 @@ int bt_mesh_node_configure_appkey(bt_mesh_node_h node, bt_mesh_node_key_configur
        BT_CHECK_INPUT_PARAMETER(callback);
 
        node_s = (bt_mesh_node_s*) node;
-       network_s = node_s->parent;
-       appkey_s = (bt_mesh_appkey_s*) appkey;
-       netkey_s = (bt_mesh_netkey_s*) appkey_s->parent;
+       BT_MESH_VALIDATE_HANDLE(node_s, node_list);
 
+       network_s = node_s->parent;
+       BT_CHECK_INPUT_PARAMETER(network_s);
        BT_MESH_VALIDATE_HANDLE(network_s, networks);
-       BT_MESH_VALIDATE_HANDLE(node_s, node_list);
+
+       appkey_s = (bt_mesh_appkey_s*) appkey;
        BT_MESH_VALIDATE_HANDLE(appkey_s, appkey_list);
+
+       netkey_s = (bt_mesh_netkey_s*) appkey_s->parent;
+       BT_CHECK_INPUT_PARAMETER(netkey_s);
        BT_MESH_VALIDATE_HANDLE(netkey_s, netkey_list);
 
        /* Return error, if node is not attached */
@@ -2478,9 +2507,9 @@ int bt_mesh_node_configure_appkey(bt_mesh_node_h node, bt_mesh_node_key_configur
        return BT_ERROR_NONE;
 }
 
-
 /* Remote Node Operations: CONFIG: Non Key */
-int bt_mesh_node_get_features(bt_mesh_node_h node, bt_mesh_node_features_cb callback, void *user_data)
+int bt_mesh_node_get_features(bt_mesh_node_h node,
+               bt_mesh_node_features_cb callback, void *user_data)
 {
        int error_code = BT_ERROR_NONE;
        bt_mesh_network_s *network_s;
@@ -2494,15 +2523,15 @@ int bt_mesh_node_get_features(bt_mesh_node_h node, bt_mesh_node_features_cb call
        BT_CHECK_INPUT_PARAMETER(callback);
 
        node_s = (bt_mesh_node_s*) node;
+       BT_MESH_VALIDATE_HANDLE(node_s, node_list);
 
        /* Return error, if node is not attached */
        if (!node_s->is_attached)
                return BT_ERROR_INVALID_PARAMETER;
 
        network_s = (bt_mesh_network_s*) node_s->parent;
-
+       BT_CHECK_INPUT_PARAMETER(network_s);
        BT_MESH_VALIDATE_HANDLE(network_s, networks);
-       BT_MESH_VALIDATE_HANDLE(node_s, node_list);
 
        memset(&req, 0x00, sizeof(bluetooth_mesh_node_features_t));
 
@@ -2535,10 +2564,11 @@ int bt_mesh_node_get_ttl(bt_mesh_node_h node, bt_mesh_node_ttl_cb callback, void
        BT_CHECK_INPUT_PARAMETER(callback);
 
        node_s = (bt_mesh_node_s*) node;
-       network_s = node_s->parent;
+       BT_MESH_VALIDATE_HANDLE(node_s, node_list);
 
+       network_s = node_s->parent;
+       BT_CHECK_INPUT_PARAMETER(network_s);
        BT_MESH_VALIDATE_HANDLE(network_s, networks);
-       BT_MESH_VALIDATE_HANDLE(node_s, node_list);
 
        /* Return error, if node is not attached */
        if (!node_s->is_attached)