Skip to content
Permalink
Browse files Browse the repository at this point in the history
[commissioner] use strnlen instead of strlen (#4404)
  • Loading branch information
jwhui committed Dec 16, 2019
1 parent b8c3161 commit c3a3a0c
Showing 1 changed file with 21 additions and 15 deletions.
36 changes: 21 additions & 15 deletions src/core/meshcop/commissioner.cpp
Expand Up @@ -255,7 +255,8 @@ otError Commissioner::AddJoiner(const Mac::ExtAddress *aEui64, const char *aPskd

VerifyOrExit(mState == OT_COMMISSIONER_STATE_ACTIVE, error = OT_ERROR_INVALID_STATE);

VerifyOrExit(strlen(aPskd) <= Dtls::kPskMaxLength, error = OT_ERROR_INVALID_ARGS);
VerifyOrExit(strnlen(aPskd, Dtls::kPskMaxLength + 1) <= Dtls::kPskMaxLength, error = OT_ERROR_INVALID_ARGS);

RemoveJoiner(aEui64, 0); // remove immediately

for (Joiner *joiner = &mJoiners[0]; joiner < OT_ARRAY_END(mJoiners); joiner++)
Expand Down Expand Up @@ -1103,28 +1104,33 @@ otError Commissioner::GeneratePskc(const char * aPassPhrase,
const Mac::ExtendedPanId &aExtPanId,
Pskc & aPskc)
{
otError error = OT_ERROR_NONE;
const char *saltPrefix = "Thread";
uint8_t salt[OT_PBKDF2_SALT_MAX_LEN];
uint16_t saltLen = 0;

VerifyOrExit((strlen(aPassPhrase) >= OT_COMMISSIONING_PASSPHRASE_MIN_SIZE) &&
(strlen(aPassPhrase) <= OT_COMMISSIONING_PASSPHRASE_MAX_SIZE) &&
(strlen(aNetworkName) <= OT_NETWORK_NAME_MAX_SIZE),
otError error = OT_ERROR_NONE;
const char saltPrefix[] = "Thread";
uint8_t salt[OT_PBKDF2_SALT_MAX_LEN];
uint16_t saltLen = 0;
uint16_t passphraseLen;
uint8_t networkNameLen;

passphraseLen = static_cast<uint16_t>(strnlen(aPassPhrase, OT_COMMISSIONING_PASSPHRASE_MAX_SIZE + 1));
networkNameLen = static_cast<uint8_t>(strnlen(aNetworkName, OT_NETWORK_NAME_MAX_SIZE + 1));

VerifyOrExit((passphraseLen >= OT_COMMISSIONING_PASSPHRASE_MIN_SIZE) &&
(passphraseLen <= OT_COMMISSIONING_PASSPHRASE_MAX_SIZE) &&
(networkNameLen <= OT_NETWORK_NAME_MAX_SIZE),
error = OT_ERROR_INVALID_ARGS);

memset(salt, 0, sizeof(salt));
memcpy(salt, saltPrefix, strlen(saltPrefix));
saltLen += static_cast<uint16_t>(strlen(saltPrefix));
memcpy(salt, saltPrefix, sizeof(saltPrefix) - 1);
saltLen += static_cast<uint16_t>(sizeof(saltPrefix) - 1);

memcpy(salt + saltLen, aExtPanId.m8, sizeof(aExtPanId));
saltLen += OT_EXT_PAN_ID_SIZE;

memcpy(salt + saltLen, aNetworkName, strlen(aNetworkName));
saltLen += static_cast<uint16_t>(strlen(aNetworkName));
memcpy(salt + saltLen, aNetworkName, networkNameLen);
saltLen += networkNameLen;

otPbkdf2Cmac(reinterpret_cast<const uint8_t *>(aPassPhrase), static_cast<uint16_t>(strlen(aPassPhrase)),
reinterpret_cast<const uint8_t *>(salt), saltLen, 16384, OT_PSKC_MAX_SIZE, aPskc.m8);
otPbkdf2Cmac(reinterpret_cast<const uint8_t *>(aPassPhrase), passphraseLen, reinterpret_cast<const uint8_t *>(salt),
saltLen, 16384, OT_PSKC_MAX_SIZE, aPskc.m8);

exit:
return error;
Expand Down

0 comments on commit c3a3a0c

Please sign in to comment.