RPK: add length check

RPK master key length check and logging added

https://github.sec.samsung.net/RS7-IOTIVITY/IoTivity/pull/303
(cherry picked from commit c8d7cb113be986ad53aa1b498280530277597187)

Change-Id: Ia9d5a974476fee3d9fc64a2267c3b8db8ff3f7b4
Signed-off-by: Oleksii Beketov <ol.beketov@samsung.com>
Signed-off-by: Amit KS <amit.s12@samsung.com>

diff --git a/resource/csdk/security/provisioning/src/oxmrawpublickey.c b/resource/csdk/security/provisioning/src/oxmrawpublickey.c
index a1a62dd..62a3be3 100644 (file)
--- a/resource/csdk/security/provisioning/src/oxmrawpublickey.c
+++ b/resource/csdk/security/provisioning/src/oxmrawpublickey.c
@@ -110,9 +110,15 @@ OCStackResult GetMasterRPK(char* master, size_t* master_len)
         return OC_STACK_INVALID_PARAM;
     }
 
+    OIC_LOG(DEBUG, TAG, "Invoking gGetRPKMasterKeyCallback");
     if(gGetRPKMasterKeyCallback)
     {
         gGetRPKMasterKeyCallback(g_RPKOxmData.rpkData, &g_RPKOxmData.rpkSize);
+        if (g_RPKOxmData.rpkSize > OXM_RPK_MASTER_KEY_MAX_SIZE)
+        {
+            OIC_LOG(ERROR, TAG, "Buffer overflow: RPK master key must not exceed OXM_RPK_MASTER_KEY_MAX_SIZE");
+            return OC_STACK_ERROR;
+        }
     }
     else
     {