{
char strUuid[STRING_UUID_SIZE] = {0};
VERIFY_SUCCESS(TAG, 0 != parseIter.valLen, ERROR);
+ if (sizeof(strUuid) < parseIter.valLen)
+ {
+ OIC_LOG(ERROR, TAG, "Uuid is too long");
+ goto exit;
+ }
+
memcpy(strUuid, parseIter.valPos, parseIter.valLen);
OCStackResult res = ConvertStrToUuid(strUuid, subject);
VERIFY_SUCCESS(TAG, OC_STACK_OK == res, ERROR);
{
if (ValueWithinBounds(cred->privateData.len, INT32_MAX))
{
- ret = (int32_t)cred->privateData.len;
- memcpy(result, cred->privateData.data, ret);
+ size_t len = cred->privateData.len;
+ if (result_length < len)
+ {
+ OIC_LOG (ERROR, TAG, "Wrong value for result_length");
+ return ret;
+ }
+ memcpy(result, cred->privateData.data, len);
}
}
else if(OIC_ENCODING_BASE64 == cred->privateData.encoding)
{
if (ValueWithinBounds(outKeySize, INT32_MAX))
{
+ if (result_length < outKeySize)
+ {
+ OIC_LOG (ERROR, TAG, "Wrong value for result_length");
+ return ret;
+ }
memcpy(result, outKey, outKeySize);
ret = (int32_t)outKeySize;
}
bDeviceIDQry = true;
OicUuid_t subject = {.id={0}};
+ if (sizeof(subject.id) < parseIter.valLen)
+ {
+ OIC_LOG (ERROR, TAG, "Subject ID length is too long");
+ return false;
+ }
memcpy(subject.id, parseIter.valPos, parseIter.valLen);
if (0 == memcmp(&gDoxm->deviceID.id, &subject.id, sizeof(gDoxm->deviceID.id)))
{
if(subOwnerInst)
{
char* strUuid = NULL;
+ if (sizeof(subOwnerInst->uuid.id) < authenticationSubOwnerInfo.identity.id)
+ {
+ OIC_LOG(ERROR, TAG, "Identity id is too long");
+ return;
+ }
memcpy(subOwnerInst->uuid.id, authenticationSubOwnerInfo.identity.id,
authenticationSubOwnerInfo.identity.id_length);
if(OC_STACK_OK != ConvertUuidToStr(&subOwnerInst->uuid, &strUuid))
return ret;
}
+ if (g_PinOxmData.pinSize < pinLength)
+ {
+ OIC_LOG (ERROR, TAG, "PIN length too long");
+ OICFree(pinBuffer);
+ return ret;
+ }
memcpy(g_PinOxmData.pinData, pinBuffer, pinLength);
OICFree(pinBuffer);
}
return ret;
}
+ if (g_PinOxmData.pinSize < pinLength)
+ {
+ OIC_LOG (ERROR, TAG, "PIN length is too long");
+ OICFree(pinBuffer);
+ return ret;
+ }
memcpy(g_PinOxmData.pinData, pinBuffer, pinLength);
OICFree(pinBuffer);
}
uint8_t *pin = NULL;
cborFindResult = cbor_value_dup_byte_string(&pconfMap, &pin, &len, NULL);
VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed to get value");
+ if (sizeof(pconf->pin.val) < len)
+ {
+ OIC_LOG (ERROR, TAG, "PIN length is too long");
+ goto exit;
+ }
memcpy(pconf->pin.val, pin, len);
OICFree(pin);
}
char *version = NULL;
cborFindResult = cbor_value_dup_text_string(&verMap, &version, &len, NULL);
VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Finding Security Version Value.");
+ if (sizeof(ver->secv) < len)
+ {
+ OIC_LOG (ERROR, TAG, "Version length is too long");
+ OICFree(version);
+ OICFree(ver);
+ goto exit;
+ }
memcpy(ver->secv, version, len);
OICFree(version);
}