diff options
author | Sushil Yadav <sushil.ky@samsung.com> | 2017-04-28 16:21:07 +0530 |
---|---|---|
committer | Uze Choi <uzchoi@samsung.com> | 2017-05-03 03:03:06 +0000 |
commit | 71cbada29e85f8a95f0bce324244e6e8d5b77412 (patch) | |
tree | 90c35f5d1367605f4e7308fbfe133f8ca4d39b31 /resource/csdk | |
parent | 21115929c226532b3c7399a5fd5a919412667d92 (diff) | |
download | iotivity-71cbada29e85f8a95f0bce324244e6e8d5b77412.tar.gz iotivity-71cbada29e85f8a95f0bce324244e6e8d5b77412.tar.bz2 iotivity-71cbada29e85f8a95f0bce324244e6e8d5b77412.zip |
Check string length before passing to OICStrDup
Assuming that a remote server will always send a string
larger than CA_MSG_ARBITER_DI_URI_LENGTH is wrong.
A length check before indexing should fix the issue.
Fixed issue: https://jira.iotivity.org/browse/IOT-2109
Change-Id: I63b2584acfa250569957e369fe0415f824052585
Signed-off-by: Sushil Yadav <sushil.ky@samsung.com>
Reviewed-on: https://gerrit.iotivity.org/gerrit/19437
Reviewed-by: Ashok Babu Channa <ashok.channa@samsung.com>
Tested-by: jenkins-iotivity <jenkins@iotivity.org>
Diffstat (limited to 'resource/csdk')
-rw-r--r-- | resource/csdk/connectivity/util/src/camanager/camessagearbiter.c | 16 |
1 files changed, 12 insertions, 4 deletions
diff --git a/resource/csdk/connectivity/util/src/camanager/camessagearbiter.c b/resource/csdk/connectivity/util/src/camanager/camessagearbiter.c index ff5f53639..59d6733ac 100644 --- a/resource/csdk/connectivity/util/src/camanager/camessagearbiter.c +++ b/resource/csdk/connectivity/util/src/camanager/camessagearbiter.c @@ -179,10 +179,18 @@ CAResult_t CAMsgArbiterGetMessageData(CAData_t *data) } data->remoteEndpoint->flags = targetInfo->d2dInfo.flags; - CAURI_t resourceUri = OICStrdup(data->requestInfo->info.resourceUri - + CA_MSG_ARBITER_DI_URI_LENGTH); - OICFree(data->requestInfo->info.resourceUri); - data->requestInfo->info.resourceUri = resourceUri; + if (strlen(data->requestInfo->info.resourceUri) > CA_MSG_ARBITER_DI_URI_LENGTH) + { + CAURI_t resourceUri = OICStrdup(data->requestInfo->info.resourceUri + + CA_MSG_ARBITER_DI_URI_LENGTH); + OICFree(data->requestInfo->info.resourceUri); + data->requestInfo->info.resourceUri = resourceUri; + } + else + { + OIC_LOG_V(ERROR, TAG, "device id[%s] received resourceUri[%s] too short!", deviceId, + data->requestInfo->info.resourceUri); + } OIC_LOG_V(DEBUG, TAG, "device id[%s] switched to D2D connect", deviceId); OIC_LOG_V(DEBUG, TAG, "local addr[%s] local port[%d] adapter[%s]", |