Skip to content

Commit

Permalink
Enforce spec limit on the location in OTA QueryImage.
Browse files Browse the repository at this point in the history
Fixes #7112

Also fixes missing return if the metadata size was wrong, which would
lead to us trying to process the command anyway.
  • Loading branch information
bzbarsky-apple committed Oct 21, 2021
1 parent b7f98f7 commit a15cb7c
Showing 1 changed file with 11 additions and 1 deletion.
12 changes: 11 additions & 1 deletion src/app/clusters/ota-provider/ota-provider.cpp
Original file line number Diff line number Diff line change
Expand Up @@ -38,6 +38,7 @@ using namespace chip::app::Clusters::OtaSoftwareUpdateProvider;
using chip::app::Clusters::OTAProviderDelegate;

namespace {
constexpr size_t kLocationLen = 2; // The expected length of the location parameter in QueryImage
constexpr size_t kMaxMetadataLen = 512; // The maximum length of Metadata in any OTA Provider command
constexpr size_t kUpdateTokenMaxLength = 32; // The expected length of the Update Token parameter used in multiple commands
constexpr size_t kUpdateTokenMinLength = 8; // The expected length of the Update Token parameter used in multiple commands
Expand Down Expand Up @@ -174,6 +175,7 @@ bool emberAfOtaSoftwareUpdateProviderClusterQueryImageCallback(app::CommandHandl
auto & hardwareVersion = commandData.hardwareVersion;
auto & softwareVersion = commandData.softwareVersion;
auto & protocolsSupported = commandData.protocolsSupported;
auto & location = commandData.location;
auto & requestorCanConsent = commandData.requestorCanConsent;
auto & metadataForProvider = commandData.metadataForProvider;

Expand All @@ -189,14 +191,22 @@ bool emberAfOtaSoftwareUpdateProviderClusterQueryImageCallback(app::CommandHandl

ChipLogDetail(Zcl, "OTA Provider received QueryImage");

if (location.size() != kLocationLen)
{
ChipLogError(Zcl, "location param length %zu exceeds max %zu", location.size(), kLocationLen);
emberAfSendImmediateDefaultResponse(EMBER_ZCL_STATUS_INVALID_ARGUMENT);
return true;
}

if (metadataForProvider.size() > kMaxMetadataLen)
{
ChipLogError(Zcl, "metadata size %zu exceeds max %zu", metadataForProvider.size(), kMaxMetadataLen);
emberAfSendImmediateDefaultResponse(EMBER_ZCL_STATUS_INVALID_ARGUMENT);
return true;
}

status = delegate->HandleQueryImage(commandObj, vendorId, productId, hardwareVersion, softwareVersion, protocolsSupported,
commandData.location, requestorCanConsent, metadataForProvider);
location, requestorCanConsent, metadataForProvider);
if (status != EMBER_ZCL_STATUS_SUCCESS)
{
emberAfSendImmediateDefaultResponse(status);
Expand Down

0 comments on commit a15cb7c

Please sign in to comment.