security: Add roles cert null terminator 25/22125/3
authorDan Mihai <Daniel.Mihai@microsoft.com>
Fri, 25 Aug 2017 07:10:21 +0000 (00:10 -0700)
committerAlex Kelley <alexke@microsoft.com>
Wed, 6 Sep 2017 18:31:43 +0000 (18:31 +0000)
mbedtls_x509_crt_parse requires null string terminator to determine
the cert format.

This patch allows CT1.7.8.5 to make progress. This test case still
fails later, because CTT posts an entire chain to /roles, and
IoTivity expects just one Role cert. This failure is still being
investigated.

Change-Id: I769cb104e43e4dc8d18b05dfb3851e5f4921fd00
Signed-off-by: Dan Mihai <Daniel.Mihai@microsoft.com>
Bug: https://jira.iotivity.org/browse/IOT-2648

resource/csdk/security/src/rolesresource.c

index 4e9d511..588f887 100644 (file)
@@ -216,6 +216,31 @@ static void FreeSymmetricRolesList(SymmetricRoleEntry_t *head)
     }
 }
 
+static bool AddNullTerminator(OicSecKey_t *key)
+{
+    size_t length = key->len;
+    uint8_t *data = key->data;
+
+    if ((length > 0) && (data != NULL) && (data[length - 1] != 0))
+    {
+        key->data = OICRealloc(data, length + 1);
+
+        if (key->data == NULL)
+        {
+            OIC_LOG_V(ERROR, TAG, "%s: OICRealloc failed", __func__);
+            OICFree(data);
+            key->len = 0;
+            return false;
+        }
+
+        OIC_LOG(DEBUG, TAG, "Adding key null terminator");
+        key->data[length] = 0;
+        key->len++;
+    }
+
+    return true;
+}
+
 OCStackResult RegisterSymmetricCredentialRole(const OicSecCred_t *cred)
 {
     VERIFY_NON_NULL_RET(cred, TAG, "Parameter cred is NULL", OC_STACK_INVALID_PARAM);
@@ -695,6 +720,9 @@ OCStackResult CBORPayloadToRoles(const uint8_t *cborPayload, size_t size, RoleCe
                             {
                                 cborFindResult = DeserializeEncodingFromCbor(&roleMap, &currEntry->certificate);
                                 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed to read publicData");
+
+                                /* mbedtls_x509_crt_parse requires null string terminator */
+                                VERIFY_TRUE_OR_EXIT(TAG, AddNullTerminator(&currEntry->certificate), ERROR);
                             }
                             else if (strcmp(tagName, OIC_JSON_OPTDATA_NAME) == 0)
                             {