Hello list,
I am currently trying to get the example client running with DTLS.
Doing so I found the following bug:
psk ist meant to be a binary buffer and pskLen is the size of this buffer. At least that is how I read the calling code.
BUT – in
get_security_object() they call strdup(psk), which obviously requires a zero-terminated c-style string.
Now, imagine the key “AEEE10001217”, input in main(). This would be crippled to (now binary) 0xAE 0xEE 0x10 by strdup().
Quick and dirty coding ?
Please comment and/or fix.
Thanks !
lwm2m_object_t *
get_security_object(int serverId,
const char* serverUri,
char * bsPskId,
char * psk,
uint16_t pskLen,
bool isBootstrap)
{
lwm2m_object_t * securityObj;
securityObj = (lwm2m_object_t *)lwm2m_malloc(sizeof(lwm2m_object_t));
if (NULL != securityObj)
{
security_instance_t * targetP;
memset(securityObj, 0, sizeof(lwm2m_object_t));
securityObj->objID = 0;
// Manually create an hardcoded instance
targetP = (security_instance_t *)lwm2m_malloc(sizeof(security_instance_t));
if (NULL == targetP)
{
lwm2m_free(securityObj);
return NULL;
}
memset(targetP, 0, sizeof(security_instance_t));
targetP->instanceId = 0;
targetP->uri = (char*)lwm2m_malloc(strlen(serverUri)+1);
strcpy(targetP->uri, serverUri);
if (bsPskId != NULL || psk != NULL)
{
targetP->securityMode = LWM2M_SECURITY_MODE_PRE_SHARED_KEY;
targetP->publicIdentity = strdup(bsPskId);
targetP->publicIdLen = strlen(bsPskId);
targetP->secretKey = strdup(psk);
targetP->secretKeyLen = pskLen;
Frank Gerlach
Senior Software Engineer
Office: +375
17 389 0100
x 23178
Cell: +375
29 877 4976
Email: frank_gerlach@xxxxxxxx
Minsk, Belarus (GMT+3)
epam.com
CONFIDENTIALITY CAUTION AND DISCLAIMER
This message is intended only for the use of the individual(s) or entity(ies) to which it is addressed and contains information that is legally privileged and confidential. If you are not the intended recipient, or the person responsible for delivering the
message to the intended recipient, you are hereby notified that any dissemination, distribution or copying of this communication is strictly prohibited. All unintended recipients are obliged to delete this message and destroy any printed copies.