add checking logic of pdu data length. 43/15743/2
authorjihwan.seo <jihwan.seo@samsung.com>
Fri, 16 Dec 2016 04:29:24 +0000 (13:29 +0900)
committerAshok Babu Channa <ashok.channa@samsung.com>
Fri, 16 Dec 2016 09:06:06 +0000 (09:06 +0000)
unneccessary parsing logic is running
when received data is wrong.
it should be prevented.

Change-Id: Ic36359ae96f0aaa7321a1f1e8ed2d5d086ba1198
Signed-off-by: jihwan.seo <jihwan.seo@samsung.com>
Reviewed-on: https://gerrit.iotivity.org/gerrit/15743
Tested-by: jenkins-iotivity <jenkins-iotivity@opendaylight.org>
Reviewed-by: Ashok Babu Channa <ashok.channa@samsung.com>
resource/csdk/connectivity/src/camessagehandler.c

index 18cb16f..c10a5aa 100644 (file)
@@ -737,6 +737,12 @@ static void CAReceivedPacketCallback(const CASecureEndpoint_t *sep,
     VERIFY_NON_NULL_VOID(sep, TAG, "remoteEndpoint");
     VERIFY_NON_NULL_VOID(data, TAG, "data");
 
+    if (0 == dataLen)
+    {
+        OIC_LOG(ERROR, TAG, "dataLen is zero");
+        return;
+    }
+
     uint32_t code = CA_NOT_FOUND;
     CAData_t *cadata = NULL;
 
@@ -1249,11 +1255,16 @@ void CAErrorHandler(const CAEndpoint_t *endpoint,
                     CAResult_t result)
 {
     OIC_LOG(DEBUG, TAG, "CAErrorHandler IN");
-
-#ifndef SINGLE_THREAD
     VERIFY_NON_NULL_VOID(endpoint, TAG, "remoteEndpoint");
     VERIFY_NON_NULL_VOID(data, TAG, "data");
 
+    if (0 == dataLen)
+    {
+        OIC_LOG(ERROR, TAG, "dataLen is zero");
+        return;
+    }
+
+#ifndef SINGLE_THREAD
     uint32_t code = CA_NOT_FOUND;
     //Do not free remoteEndpoint and data. Currently they will be freed in data thread
     //Get PDU data
@@ -1276,6 +1287,8 @@ void CAErrorHandler(const CAEndpoint_t *endpoint,
 
     CAQueueingThreadAddData(&g_receiveThread, cadata, sizeof(CAData_t));
     coap_delete_pdu(pdu);
+#else
+    (void)result;
 #endif
 
     OIC_LOG(DEBUG, TAG, "CAErrorHandler OUT");