diff options
-rwxr-xr-x | packaging/snapshot_history.txt | 6 | ||||
-rw-r--r-- | resource/csdk/connectivity/inc/catcpadapter.h | 1 | ||||
-rwxr-xr-x | resource/csdk/connectivity/src/bt_le_adapter/caleadapter.c | 2 | ||||
-rw-r--r-- | resource/csdk/connectivity/src/tcp_adapter/catcpserver.c | 39 | ||||
-rw-r--r-- | resource/csdk/security/src/pkix_interface.c | 97 | ||||
-rwxr-xr-x | resource/csdk/stack/src/ocpayloadconvert.c | 2 | ||||
-rw-r--r-- | resource/csdk/stack/src/ocserverrequest.c | 12 |
7 files changed, 131 insertions, 28 deletions
diff --git a/packaging/snapshot_history.txt b/packaging/snapshot_history.txt index 11e92e7bc..63eb5eeb4 100755 --- a/packaging/snapshot_history.txt +++ b/packaging/snapshot_history.txt @@ -1,3 +1,9 @@ +http://suprem.sec.samsung.net/jira/browse/CONPRO-1169 + +commit_info_2017-12-20.txt + +commit_id: 7ac4e144dd5b9080e82bed83eb62fa52d0a2a103 +---------------------------------------------------------------------------------------------------------------------------------- http://suprem.sec.samsung.net/jira/browse/CONPRO-1163 commit_info_2017-12-14.txt diff --git a/resource/csdk/connectivity/inc/catcpadapter.h b/resource/csdk/connectivity/inc/catcpadapter.h index 536f8f611..99381836e 100644 --- a/resource/csdk/connectivity/inc/catcpadapter.h +++ b/resource/csdk/connectivity/inc/catcpadapter.h @@ -64,6 +64,7 @@ typedef struct unsigned char* data; /**< received data from remote device */ size_t len; /**< received data length */ size_t totalLen; /**< total coap data length required to receive */ + size_t bufLen; /**< Buffer length. Buffer will be grown dynamically with respect to data received. */ unsigned char tlsdata[18437]; /**< tls data(rfc5246: TLSCiphertext max (2^14+2048+5)) */ size_t tlsLen; /**< received tls data length */ CAProtocol_t protocol; /**< application-level protocol */ diff --git a/resource/csdk/connectivity/src/bt_le_adapter/caleadapter.c b/resource/csdk/connectivity/src/bt_le_adapter/caleadapter.c index 5f4904cd0..2bfa6b608 100755 --- a/resource/csdk/connectivity/src/bt_le_adapter/caleadapter.c +++ b/resource/csdk/connectivity/src/bt_le_adapter/caleadapter.c @@ -3640,6 +3640,7 @@ static void CALERemoveSendQueueData(CAQueueingThread_t *queueHandle, oc_mutex mu VERIFY_NON_NULL_VOID(address, CALEADAPTER_TAG, "address"); oc_mutex_lock(mutex); + oc_mutex_lock(queueHandle->threadMutex); while (u_queue_get_size(queueHandle->dataQueue) > 0) { OIC_LOG(DEBUG, CALEADAPTER_TAG, "get data from queue"); @@ -3666,6 +3667,7 @@ static void CALERemoveSendQueueData(CAQueueingThread_t *queueHandle, oc_mutex mu } } } + oc_mutex_unlock(queueHandle->threadMutex); oc_mutex_unlock(mutex); } diff --git a/resource/csdk/connectivity/src/tcp_adapter/catcpserver.c b/resource/csdk/connectivity/src/tcp_adapter/catcpserver.c index 85516503a..7741e683d 100644 --- a/resource/csdk/connectivity/src/tcp_adapter/catcpserver.c +++ b/resource/csdk/connectivity/src/tcp_adapter/catcpserver.c @@ -75,6 +75,8 @@ */ #define MAX_CONNECTION_COUNTS 500 +#define COAP_TCP_MAX_BUFFER_CHUNK_SIZE 65530 //64kb - 6 (coap+tcp max header size) + /** * Thread pool. */ @@ -386,6 +388,7 @@ void CACleanData(CATCPSessionInfo_t *svritem) svritem->tlsLen = 0; #endif svritem->totalLen = 0; + svritem->bufLen = 0; svritem->protocol = UNKNOWN; } } @@ -426,6 +429,7 @@ CAResult_t CAConstructCoAP(CATCPSessionInfo_t *svritem, unsigned char **data, // copy 1 byte to parse coap header length memcpy(svritem->data, inBuffer, 1); svritem->len = 1; + svritem->bufLen = COAP_MAX_HEADER_SIZE; inBuffer++; inLen--; } @@ -470,28 +474,41 @@ CAResult_t CAConstructCoAP(CATCPSessionInfo_t *svritem, unsigned char **data, //calculate CoAP message length svritem->totalLen = CAGetTotalLengthFromHeader(svritem->data); - - // allocate required memory - unsigned char *buffer = OICRealloc(svritem->data, svritem->totalLen); - if (NULL == buffer) - { - OIC_LOG(ERROR, TAG, "OICRealloc - out of memory"); - return CA_MEMORY_ALLOC_FAILED; - } - svritem->data = buffer; } // PAYLOAD if (inLen > 0) { - // read required bytes to have full CoAP payload + // Calculate length of data to be copied. copyLen = svritem->totalLen - svritem->len; if (inLen < copyLen) { copyLen = inLen; } - //read required bytes to have full CoAP header + // Is buffer not big enough for remaining data ? + if (svritem->len + copyLen > svritem->bufLen) + { + // Resize buffer to accommodate enough space + size_t extLen = svritem->totalLen - svritem->bufLen; + if (extLen > COAP_TCP_MAX_BUFFER_CHUNK_SIZE) + { + extLen = COAP_TCP_MAX_BUFFER_CHUNK_SIZE; + } + + // Allocate required memory + unsigned char *buffer = OICRealloc(svritem->data, svritem->bufLen + extLen); + if (NULL == buffer) + { + OIC_LOG(ERROR, TAG, "OICRealloc - out of memory"); + return CA_MEMORY_ALLOC_FAILED; + } + + svritem->data = buffer; + svritem->bufLen += extLen; + } + + // Read required bytes to have full CoAP payload memcpy(svritem->data + svritem->len, inBuffer, copyLen); svritem->len += copyLen; inBuffer += copyLen; diff --git a/resource/csdk/security/src/pkix_interface.c b/resource/csdk/security/src/pkix_interface.c index 5b1dc613b..8de7e4c1a 100644 --- a/resource/csdk/security/src/pkix_interface.c +++ b/resource/csdk/security/src/pkix_interface.c @@ -24,9 +24,11 @@ #include "srmresourcestrings.h" #include "casecurityinterface.h" #include "logger.h" -#ifdef __TIZENRT__ +#include "base64.h" #include "oic_malloc.h" -#endif + +#define PEM_BEGIN_CRT "-----BEGIN CERTIFICATE-----" +#define PEM_END_CRT "-----END CERTIFICATE-----" #define TAG "OIC_SRM_PKIX_INTERFACE" @@ -111,11 +113,81 @@ void CheckInvalidDERSignature(uint8_t *crtBuf, size_t *crtBufLen) OIC_LOG_BUFFER(INFO, TAG, crtBuf, *crtBufLen); mbedtls_x509_crt deviceCert; + mbedtls_x509_crt_init(&deviceCert); int ret = 0; + uint8_t *derCrtBuf = NULL; + size_t *derCrtBufLen = NULL; + + uint8_t *derCrtBufTmp = NULL; + size_t derCrtBufLenTmp = 0; + // check only first(i.e., device) certificate if (crtBuf[0] == 0x30 && crtBuf[1] == 0x82) { + derCrtBuf = crtBuf; + derCrtBufLen = crtBufLen; + } + else + { + uint8_t * begin = (uint8_t *)memmem(crtBuf, *crtBufLen, + PEM_BEGIN_CRT, sizeof(PEM_BEGIN_CRT) - 1); + if (NULL != begin) + { + uint8_t * end = (uint8_t *)memmem(crtBuf, *crtBufLen, + PEM_END_CRT, sizeof(PEM_END_CRT) - 1); + if (NULL != end) + { + uint32_t idx = 0; + uint32_t count = 0; + uint32_t decodedLen = 0; + begin += sizeof(PEM_BEGIN_CRT) - 1; + size_t certLen = (size_t)(end - begin); + size_t outBufSize = B64DECODE_OUT_SAFESIZE(certLen + 1); + + uint8_t * certCopy = (uint8_t *)OICCalloc(certLen, 1); + if(NULL == certCopy) + { + OIC_LOG (ERROR, TAG, "Failed to allocate memory."); + goto exit; + } + for (idx = 0; idx < certLen; idx++) + { + if (begin[idx] != '\r' && begin[idx] != '\n') + { + certCopy[count] = begin[idx]; + count++; + } + } + certLen = count; + + derCrtBufTmp = (uint8_t *)OICCalloc(outBufSize, 1); + if(NULL == derCrtBufTmp) + { + OIC_LOG (ERROR, TAG, "Failed to allocate memory."); + goto exit; + } + + if (B64_OK != b64Decode((char *)certCopy, certLen, derCrtBufTmp, outBufSize, &decodedLen)) + { + OICFree(certCopy); + goto exit; + } + OICFree(certCopy); + + derCrtBuf = derCrtBufTmp; + derCrtBufLenTmp = decodedLen; + derCrtBufLen = &derCrtBufLenTmp; + } + } + else + { + goto exit; + } + } + + if (NULL != derCrtBuf && NULL != derCrtBufLen && 0 != *derCrtBufLen) + { uint8_t *sign_ptr = NULL; /** * structure of r_buf & s_buf @@ -132,18 +204,16 @@ void CheckInvalidDERSignature(uint8_t *crtBuf, size_t *crtBufLen) uint32_t removed_total = 0; size_t org_len = 0; - mbedtls_x509_crt_init(&deviceCert); - - unsigned char * tmp = (unsigned char *)crtBuf + 1; - if ( 0 != mbedtls_asn1_get_len(&tmp, crtBuf + *crtBufLen, &org_len)) + unsigned char * tmp = (unsigned char *)derCrtBuf + 1; + if ( 0 != mbedtls_asn1_get_len(&tmp, derCrtBuf + *derCrtBufLen, &org_len)) { OIC_LOG(ERROR, TAG, "Invalid parsed length"); goto exit; } - if (org_len < *crtBufLen) + if (org_len < *derCrtBufLen) { - ret = mbedtls_x509_crt_parse_der(&deviceCert, crtBuf, org_len + 4); + ret = mbedtls_x509_crt_parse_der(&deviceCert, derCrtBuf, org_len + 4); if (0 != ret) { OIC_LOG_V(ERROR, TAG, "mbedtls_x509_crt_parse_der returned -0x%04x", -(ret)); @@ -198,7 +268,7 @@ void CheckInvalidDERSignature(uint8_t *crtBuf, size_t *crtBufLen) if (removed_total > 0) { // if length of signature is incorrect. - OIC_LOG_V(INFO, TAG, "Cert Length (Before) : %lu", *crtBufLen); + OIC_LOG_V(INFO, TAG, "Cert Length (Before) : %lu", *derCrtBufLen); OIC_LOG(INFO, TAG, "Invalid length of signature is dectected."); OIC_LOG(INFO, TAG, "Update signature..."); @@ -244,10 +314,10 @@ void CheckInvalidDERSignature(uint8_t *crtBuf, size_t *crtBufLen) } org_len += 4; // include header and length field - size_t remained_len = (*crtBufLen - org_len); - memcpy(crtBuf, deviceCert.raw.p, crt_len); - memcpy(crtBuf + crt_len, crtBuf + org_len, remained_len); - *crtBufLen = (size_t)crt_len + remained_len; + size_t remained_len = (*derCrtBufLen - org_len); + memcpy(derCrtBuf, deviceCert.raw.p, crt_len); + memcpy(derCrtBuf + crt_len, derCrtBuf + org_len, remained_len); + *derCrtBufLen = (size_t)crt_len + remained_len; mbedtls_x509_crt_free(&crt_cpy); OIC_LOG_V(INFO, TAG, "Dev cert : %lu -> %lu", org_len, crt_len); @@ -270,6 +340,7 @@ void CheckInvalidDERSignature(uint8_t *crtBuf, size_t *crtBufLen) exit: mbedtls_x509_crt_free(&deviceCert); + OICFree(derCrtBufTmp); OIC_LOG_V(DEBUG, TAG, "Cert chain length = %d", *crtBufLen); OIC_LOG_V(DEBUG, TAG, "Out %s", __func__); } diff --git a/resource/csdk/stack/src/ocpayloadconvert.c b/resource/csdk/stack/src/ocpayloadconvert.c index daa9003d9..e931624de 100755 --- a/resource/csdk/stack/src/ocpayloadconvert.c +++ b/resource/csdk/stack/src/ocpayloadconvert.c @@ -542,6 +542,8 @@ exit: static int64_t OCConvertSingleRepPayload(CborEncoder *repMap, const OCRepPayload *payload) { int64_t err = CborNoError; + VERIFY_PARAM_NON_NULL(TAG, payload, "Input param, payload is NULL"); + OCRepPayloadValue *value = payload->values; while (value) { diff --git a/resource/csdk/stack/src/ocserverrequest.c b/resource/csdk/stack/src/ocserverrequest.c index 46afb69b7..9241a5fe3 100644 --- a/resource/csdk/stack/src/ocserverrequest.c +++ b/resource/csdk/stack/src/ocserverrequest.c @@ -202,13 +202,17 @@ OCServerRequest * GetServerRequestUsingToken (const CAToken_t token, uint8_t tok OIC_LOG(INFO, TAG,"Get server request with token"); OIC_LOG_BUFFER(INFO, TAG, (const uint8_t *)token, tokenLength); - OIC_LOG(INFO, TAG,"Found token"); + OIC_LOG(INFO, TAG, "Found token"); LL_FOREACH (serverRequestList, out) { - OIC_LOG_BUFFER(INFO, TAG, (const uint8_t *)out->requestToken, tokenLength); - if(memcmp(out->requestToken, token, tokenLength) == 0) + if(out) { - return out; + OIC_LOG_BUFFER(INFO, TAG, (const uint8_t *)out->requestToken, out->tokenLength); + if((tokenLength == out->tokenLength) && + memcmp(out->requestToken, token, tokenLength) == 0) + { + return out; + } } } OIC_LOG(INFO, TAG, "Server Request not found!!"); |