From 99e543a166923c35b66db2e3605ae52af6093434 Mon Sep 17 00:00:00 2001
From: "Hongkuk, Son" <hongkuk.son@samsung.com>
Date: Wed, 20 Dec 2017 21:28:49 +0900
Subject: [PATCH] Update snapshot(2017-12-20)

Signed-off-by: Hongkuk, Son <hongkuk.son@samsung.com>
Change-Id: I04303750581f9349f4694ba903c8e2f6379c91d4
---
 packaging/snapshot_history.txt                     |  6 ++
 resource/csdk/connectivity/inc/catcpadapter.h      |  1 +
 .../connectivity/src/bt_le_adapter/caleadapter.c   |  2 +
 .../connectivity/src/tcp_adapter/catcpserver.c     | 39 ++++++---
 resource/csdk/security/src/pkix_interface.c        | 97 +++++++++++++++++++---
 resource/csdk/stack/src/ocpayloadconvert.c         |  2 +
 resource/csdk/stack/src/ocserverrequest.c          | 12 ++-
 7 files changed, 131 insertions(+), 28 deletions(-)

diff --git a/packaging/snapshot_history.txt b/packaging/snapshot_history.txt
index 11e92e7..63eb5ee 100755
--- a/packaging/snapshot_history.txt
+++ b/packaging/snapshot_history.txt
@@ -1,3 +1,9 @@
+http://suprem.sec.samsung.net/jira/browse/CONPRO-1169
+
+commit_info_2017-12-20.txt
+
+commit_id: 7ac4e144dd5b9080e82bed83eb62fa52d0a2a103
+----------------------------------------------------------------------------------------------------------------------------------
 http://suprem.sec.samsung.net/jira/browse/CONPRO-1163
 
 commit_info_2017-12-14.txt
diff --git a/resource/csdk/connectivity/inc/catcpadapter.h b/resource/csdk/connectivity/inc/catcpadapter.h
index 536f8f6..9938183 100644
--- a/resource/csdk/connectivity/inc/catcpadapter.h
+++ b/resource/csdk/connectivity/inc/catcpadapter.h
@@ -64,6 +64,7 @@ typedef struct
     unsigned char* data;                /**< received data from remote device */
     size_t len;                         /**< received data length */
     size_t totalLen;                    /**< total coap data length required to receive */
+    size_t bufLen;                      /**< Buffer length. Buffer will be grown dynamically with respect to data received. */
     unsigned char tlsdata[18437];       /**< tls data(rfc5246: TLSCiphertext max (2^14+2048+5)) */
     size_t tlsLen;                      /**< received tls data length */
     CAProtocol_t protocol;              /**< application-level protocol */
diff --git a/resource/csdk/connectivity/src/bt_le_adapter/caleadapter.c b/resource/csdk/connectivity/src/bt_le_adapter/caleadapter.c
index 5f4904c..2bfa6b6 100755
--- a/resource/csdk/connectivity/src/bt_le_adapter/caleadapter.c
+++ b/resource/csdk/connectivity/src/bt_le_adapter/caleadapter.c
@@ -3640,6 +3640,7 @@ static void CALERemoveSendQueueData(CAQueueingThread_t *queueHandle, oc_mutex mu
     VERIFY_NON_NULL_VOID(address, CALEADAPTER_TAG, "address");
 
     oc_mutex_lock(mutex);
+    oc_mutex_lock(queueHandle->threadMutex);
     while (u_queue_get_size(queueHandle->dataQueue) > 0)
     {
         OIC_LOG(DEBUG, CALEADAPTER_TAG, "get data from queue");
@@ -3666,6 +3667,7 @@ static void CALERemoveSendQueueData(CAQueueingThread_t *queueHandle, oc_mutex mu
             }
         }
     }
+    oc_mutex_unlock(queueHandle->threadMutex);
     oc_mutex_unlock(mutex);
 }
 
diff --git a/resource/csdk/connectivity/src/tcp_adapter/catcpserver.c b/resource/csdk/connectivity/src/tcp_adapter/catcpserver.c
index 8551650..7741e68 100644
--- a/resource/csdk/connectivity/src/tcp_adapter/catcpserver.c
+++ b/resource/csdk/connectivity/src/tcp_adapter/catcpserver.c
@@ -75,6 +75,8 @@
  */
 #define MAX_CONNECTION_COUNTS   500
 
+#define COAP_TCP_MAX_BUFFER_CHUNK_SIZE 65530 //64kb - 6 (coap+tcp max header size)
+
 /**
  * Thread pool.
  */
@@ -386,6 +388,7 @@ void CACleanData(CATCPSessionInfo_t *svritem)
         svritem->tlsLen = 0;
 #endif
         svritem->totalLen = 0;
+        svritem->bufLen = 0;
         svritem->protocol = UNKNOWN;
     }
 }
@@ -426,6 +429,7 @@ CAResult_t CAConstructCoAP(CATCPSessionInfo_t *svritem, unsigned char **data,
         // copy 1 byte to parse coap header length
         memcpy(svritem->data, inBuffer, 1);
         svritem->len = 1;
+        svritem->bufLen = COAP_MAX_HEADER_SIZE;
         inBuffer++;
         inLen--;
     }
@@ -470,28 +474,41 @@ CAResult_t CAConstructCoAP(CATCPSessionInfo_t *svritem, unsigned char **data,
 
         //calculate CoAP message length
         svritem->totalLen = CAGetTotalLengthFromHeader(svritem->data);
-
-        // allocate required memory
-        unsigned char *buffer = OICRealloc(svritem->data, svritem->totalLen);
-        if (NULL == buffer)
-        {
-            OIC_LOG(ERROR, TAG, "OICRealloc - out of memory");
-            return CA_MEMORY_ALLOC_FAILED;
-        }
-        svritem->data = buffer;
     }
 
     // PAYLOAD
     if (inLen > 0)
     {
-        // read required bytes to have full CoAP payload
+        // Calculate length of data to be copied.
         copyLen = svritem->totalLen - svritem->len;
         if (inLen < copyLen)
         {
             copyLen = inLen;
         }
 
-        //read required bytes to have full CoAP header
+        // Is buffer not big enough for remaining data ?
+        if (svritem->len + copyLen > svritem->bufLen)
+        {
+            // Resize buffer to accommodate enough space
+            size_t extLen = svritem->totalLen - svritem->bufLen;
+            if (extLen > COAP_TCP_MAX_BUFFER_CHUNK_SIZE)
+            {
+                extLen = COAP_TCP_MAX_BUFFER_CHUNK_SIZE;
+            }
+
+            // Allocate required memory
+            unsigned char *buffer = OICRealloc(svritem->data, svritem->bufLen + extLen);
+            if (NULL == buffer)
+            {
+                OIC_LOG(ERROR, TAG, "OICRealloc - out of memory");
+                return CA_MEMORY_ALLOC_FAILED;
+            }
+
+            svritem->data = buffer;
+            svritem->bufLen += extLen;
+        }
+
+        // Read required bytes to have full CoAP payload
         memcpy(svritem->data + svritem->len, inBuffer, copyLen);
         svritem->len += copyLen;
         inBuffer += copyLen;
diff --git a/resource/csdk/security/src/pkix_interface.c b/resource/csdk/security/src/pkix_interface.c
index 5b1dc61..8de7e4c 100644
--- a/resource/csdk/security/src/pkix_interface.c
+++ b/resource/csdk/security/src/pkix_interface.c
@@ -24,9 +24,11 @@
 #include "srmresourcestrings.h"
 #include "casecurityinterface.h"
 #include "logger.h"
-#ifdef __TIZENRT__
+#include "base64.h"
 #include "oic_malloc.h"
-#endif
+
+#define PEM_BEGIN_CRT "-----BEGIN CERTIFICATE-----"
+#define PEM_END_CRT "-----END CERTIFICATE-----"
 
 #define TAG "OIC_SRM_PKIX_INTERFACE"
 
@@ -111,11 +113,81 @@ void CheckInvalidDERSignature(uint8_t *crtBuf, size_t *crtBufLen)
     OIC_LOG_BUFFER(INFO, TAG, crtBuf, *crtBufLen);
 
     mbedtls_x509_crt deviceCert;
+    mbedtls_x509_crt_init(&deviceCert);
     int ret = 0;
 
+    uint8_t *derCrtBuf = NULL;
+    size_t *derCrtBufLen = NULL;
+
+    uint8_t *derCrtBufTmp = NULL;
+    size_t derCrtBufLenTmp = 0;
+
     // check only first(i.e., device) certificate
     if (crtBuf[0] == 0x30 && crtBuf[1] == 0x82)
     {
+        derCrtBuf = crtBuf;
+        derCrtBufLen = crtBufLen;
+    }
+    else
+    {
+        uint8_t * begin = (uint8_t *)memmem(crtBuf, *crtBufLen,
+                                            PEM_BEGIN_CRT, sizeof(PEM_BEGIN_CRT) - 1);
+        if (NULL != begin)
+        {
+            uint8_t * end = (uint8_t *)memmem(crtBuf, *crtBufLen,
+                                              PEM_END_CRT, sizeof(PEM_END_CRT) - 1);
+            if (NULL != end)
+            {
+                uint32_t idx = 0;
+                uint32_t count = 0;
+                uint32_t decodedLen = 0;
+                begin += sizeof(PEM_BEGIN_CRT) - 1;
+                size_t certLen = (size_t)(end - begin);
+                size_t outBufSize = B64DECODE_OUT_SAFESIZE(certLen + 1);
+
+                uint8_t * certCopy = (uint8_t *)OICCalloc(certLen, 1);
+                if(NULL == certCopy)
+                {
+                    OIC_LOG (ERROR, TAG, "Failed to allocate memory.");
+                    goto exit;
+                }
+                for (idx = 0; idx < certLen; idx++)
+                {
+                    if (begin[idx] != '\r' && begin[idx] != '\n')
+                    {
+                        certCopy[count] = begin[idx];
+                        count++;
+                    }
+                }
+                certLen = count;
+
+                derCrtBufTmp = (uint8_t *)OICCalloc(outBufSize, 1);
+                if(NULL == derCrtBufTmp)
+                {
+                    OIC_LOG (ERROR, TAG, "Failed to allocate memory.");
+                    goto exit;
+                }
+
+                if (B64_OK != b64Decode((char *)certCopy, certLen, derCrtBufTmp, outBufSize, &decodedLen))
+                {
+                    OICFree(certCopy);
+                    goto exit;
+                }
+                OICFree(certCopy);
+
+                derCrtBuf = derCrtBufTmp;
+                derCrtBufLenTmp = decodedLen;
+                derCrtBufLen = &derCrtBufLenTmp;
+            }
+        }
+        else
+        {
+            goto exit;
+        }
+    }
+
+    if (NULL != derCrtBuf && NULL != derCrtBufLen && 0 != *derCrtBufLen)
+    {
         uint8_t *sign_ptr = NULL;
         /**
         * structure of r_buf & s_buf
@@ -132,18 +204,16 @@ void CheckInvalidDERSignature(uint8_t *crtBuf, size_t *crtBufLen)
         uint32_t removed_total = 0;
         size_t org_len = 0;
 
-        mbedtls_x509_crt_init(&deviceCert);
-
-        unsigned char * tmp = (unsigned char *)crtBuf + 1;
-        if ( 0 != mbedtls_asn1_get_len(&tmp, crtBuf + *crtBufLen, &org_len))
+        unsigned char * tmp = (unsigned char *)derCrtBuf + 1;
+        if ( 0 != mbedtls_asn1_get_len(&tmp, derCrtBuf + *derCrtBufLen, &org_len))
         {
             OIC_LOG(ERROR, TAG, "Invalid parsed length");
             goto exit;
         }
 
-        if (org_len < *crtBufLen)
+        if (org_len < *derCrtBufLen)
         {
-            ret = mbedtls_x509_crt_parse_der(&deviceCert, crtBuf, org_len + 4);
+            ret = mbedtls_x509_crt_parse_der(&deviceCert, derCrtBuf, org_len + 4);
             if (0 != ret)
             {
                 OIC_LOG_V(ERROR, TAG, "mbedtls_x509_crt_parse_der returned -0x%04x", -(ret));
@@ -198,7 +268,7 @@ void CheckInvalidDERSignature(uint8_t *crtBuf, size_t *crtBufLen)
             if (removed_total > 0)
             {
                 // if length of signature is incorrect.
-                OIC_LOG_V(INFO, TAG, "Cert Length (Before) : %lu", *crtBufLen);
+                OIC_LOG_V(INFO, TAG, "Cert Length (Before) : %lu", *derCrtBufLen);
                 OIC_LOG(INFO, TAG, "Invalid length of signature is dectected.");
                 OIC_LOG(INFO, TAG, "Update signature...");
 
@@ -244,10 +314,10 @@ void CheckInvalidDERSignature(uint8_t *crtBuf, size_t *crtBufLen)
                     }
 
                     org_len += 4; // include header and length field
-                    size_t remained_len = (*crtBufLen - org_len);
-                    memcpy(crtBuf, deviceCert.raw.p, crt_len);
-                    memcpy(crtBuf + crt_len, crtBuf + org_len, remained_len);
-                    *crtBufLen = (size_t)crt_len + remained_len;
+                    size_t remained_len = (*derCrtBufLen - org_len);
+                    memcpy(derCrtBuf, deviceCert.raw.p, crt_len);
+                    memcpy(derCrtBuf + crt_len, derCrtBuf + org_len, remained_len);
+                    *derCrtBufLen = (size_t)crt_len + remained_len;
 
                     mbedtls_x509_crt_free(&crt_cpy);
                     OIC_LOG_V(INFO, TAG, "Dev cert : %lu -> %lu", org_len, crt_len);
@@ -270,6 +340,7 @@ void CheckInvalidDERSignature(uint8_t *crtBuf, size_t *crtBufLen)
 
 exit:
     mbedtls_x509_crt_free(&deviceCert);
+    OICFree(derCrtBufTmp);
     OIC_LOG_V(DEBUG, TAG, "Cert chain length = %d", *crtBufLen);
     OIC_LOG_V(DEBUG, TAG, "Out %s", __func__);
 }
diff --git a/resource/csdk/stack/src/ocpayloadconvert.c b/resource/csdk/stack/src/ocpayloadconvert.c
index daa9003..e931624 100755
--- a/resource/csdk/stack/src/ocpayloadconvert.c
+++ b/resource/csdk/stack/src/ocpayloadconvert.c
@@ -542,6 +542,8 @@ exit:
 static int64_t OCConvertSingleRepPayload(CborEncoder *repMap, const OCRepPayload *payload)
 {
     int64_t err = CborNoError;
+    VERIFY_PARAM_NON_NULL(TAG, payload, "Input param, payload is NULL");
+
     OCRepPayloadValue *value = payload->values;
     while (value)
     {
diff --git a/resource/csdk/stack/src/ocserverrequest.c b/resource/csdk/stack/src/ocserverrequest.c
index 46afb69..9241a5f 100644
--- a/resource/csdk/stack/src/ocserverrequest.c
+++ b/resource/csdk/stack/src/ocserverrequest.c
@@ -202,13 +202,17 @@ OCServerRequest * GetServerRequestUsingToken (const CAToken_t token, uint8_t tok
     OIC_LOG(INFO, TAG,"Get server request with token");
     OIC_LOG_BUFFER(INFO, TAG, (const uint8_t *)token, tokenLength);
 
-    OIC_LOG(INFO, TAG,"Found token");
+    OIC_LOG(INFO, TAG, "Found token");
     LL_FOREACH (serverRequestList, out)
     {
-        OIC_LOG_BUFFER(INFO, TAG, (const uint8_t *)out->requestToken, tokenLength);
-        if(memcmp(out->requestToken, token, tokenLength) == 0)
+        if(out)
         {
-            return out;
+            OIC_LOG_BUFFER(INFO, TAG, (const uint8_t *)out->requestToken, out->tokenLength);
+            if((tokenLength == out->tokenLength) &&
+                memcmp(out->requestToken, token, tokenLength) == 0)
+            {
+                return out;
+            }
         }
     }
     OIC_LOG(INFO, TAG, "Server Request not found!!");
-- 
2.7.4