From bc65e8840dcf2c3c42f5cefed7cc1ea9e0ff3669 Mon Sep 17 00:00:00 2001 From: Inga Stotland Date: Fri, 12 Feb 2021 13:42:42 -0800 Subject: mesh: Add validation of Device UUID value Validate that the value of Device UUID supplied in CreateNetwork/Join/Import methods is compliant with RFC 4122. --- Makefile.am | 6 ++++-- mesh/mesh.c | 18 +++++++++--------- 2 files changed, 13 insertions(+), 11 deletions(-) diff --git a/Makefile.am b/Makefile.am index d0f979586..86f3409c3 100644 --- a/Makefile.am +++ b/Makefile.am @@ -134,7 +134,8 @@ ell_headers = ell/util.h \ ell/base64.h \ ell/asn1-private.h \ ell/cert-private.h \ - ell/pem-private.h + ell/pem-private.h \ + ell/uuid.h ell_sources = ell/private.h ell/missing.h \ ell/util.c \ @@ -169,7 +170,8 @@ ell_sources = ell/private.h ell/missing.h \ ell/gvariant-private.h \ ell/gvariant-util.c \ ell/siphash-private.h \ - ell/siphash.c + ell/siphash.c \ + ell/uuid.c ell_libell_internal_la_SOURCES = $(ell_headers) $(ell_sources) endif diff --git a/mesh/mesh.c b/mesh/mesh.c index f29e8b6be..62d650328 100644 --- a/mesh/mesh.c +++ b/mesh/mesh.c @@ -533,7 +533,7 @@ static struct l_dbus_message *join_network_call(struct l_dbus *dbus, void *user_data) { const char *app_path, *sender; - struct l_dbus_message_iter iter_uuid; + struct l_dbus_message_iter iter; uint32_t n; l_debug("Join network request"); @@ -543,14 +543,13 @@ static struct l_dbus_message *join_network_call(struct l_dbus *dbus, "Provisioning in progress"); if (!l_dbus_message_get_arguments(msg, "oay", &app_path, - &iter_uuid)) + &iter)) return dbus_error(msg, MESH_ERROR_INVALID_ARGS, NULL); join_pending = l_new(struct join_data, 1); - if (!l_dbus_message_iter_get_fixed_array(&iter_uuid, - &join_pending->uuid, &n) - || n != 16) { + if (!l_dbus_message_iter_get_fixed_array(&iter, &join_pending->uuid, &n) + || n != 16 || !l_uuid_is_valid(join_pending->uuid)) { l_free(join_pending); join_pending = NULL; return dbus_error(msg, MESH_ERROR_INVALID_ARGS, @@ -785,8 +784,8 @@ static struct l_dbus_message *create_network_call(struct l_dbus *dbus, &iter_uuid)) return dbus_error(msg, MESH_ERROR_INVALID_ARGS, NULL); - if (!l_dbus_message_iter_get_fixed_array(&iter_uuid, &uuid, &n) - || n != 16) + if (!l_dbus_message_iter_get_fixed_array(&iter_uuid, &uuid, &n) || + n != 16 || !l_uuid_is_valid(uuid)) return dbus_error(msg, MESH_ERROR_INVALID_ARGS, "Bad device UUID"); @@ -835,8 +834,9 @@ static struct l_dbus_message *import_call(struct l_dbus *dbus, return dbus_error(msg, MESH_ERROR_INVALID_ARGS, NULL); if (!l_dbus_message_iter_get_fixed_array(&iter_uuid, &uuid, &n) || - n != 16) - return dbus_error(msg, MESH_ERROR_INVALID_ARGS, "Bad dev UUID"); + n != 16 || !l_uuid_is_valid(uuid)) + return dbus_error(msg, MESH_ERROR_INVALID_ARGS, + "Bad device UUID"); if (node_find_by_uuid(uuid)) return dbus_error(msg, MESH_ERROR_ALREADY_EXISTS, -- cgit v1.2.1