[IOT-2726] Add pstat.dos check in AddCredential 29/22529/2
authorAleksey Volkov <a.volkov@samsung.com>
Wed, 20 Sep 2017 13:33:27 +0000 (16:33 +0300)
committerNathan Heldt-Sheller <nathan.heldt-sheller@intel.com>
Wed, 4 Oct 2017 23:35:40 +0000 (23:35 +0000)
This change adds /pstat.dos state check to protect credentials modifications in read-only states.

Change-Id: I9a3402e458db8c5fa62a5a0fa0e08c1dd432ceaf
Signed-off-by: Aleksey Volkov <a.volkov@samsung.com>
resource/csdk/security/src/credresource.c

index 94cd79e..fe24c13 100644 (file)
@@ -1680,6 +1680,17 @@ OCStackResult AddCredential(OicSecCred_t * newCred)
 
     bool found = false;
 
+    OicSecDostype_t dos;
+
+    VERIFY_SUCCESS(TAG, OC_STACK_OK == GetDos(&dos), ERROR);
+    if ((DOS_RESET == dos.state) ||
+        (DOS_RFNOP == dos.state))
+    {
+        OIC_LOG_V(ERROR, TAG, "%s /cred resource is read-only in RESET and RFNOP.", __func__);
+        result = OC_EH_NOT_ACCEPTABLE;
+        goto exit;
+    }
+
     //leave IOT-1936 fix for preconfig pin
 #if ((defined(__WITH_DTLS__) || defined(__WITH_TLS__)) && defined(MULTIPLE_OWNER))
     LL_FOREACH_SAFE(gCred, cred, tempCred)
@@ -1743,7 +1754,7 @@ saveToDB:
     {
         result = OC_STACK_OK;
     }
-
+exit:
     return result;
 }