From 0b91068a2d24e35e8c1b2896af0950ed4c50989d Mon Sep 17 00:00:00 2001 From: Boris Zbarsky Date: Tue, 23 May 2023 22:34:29 -0400 Subject: [PATCH] Fix DoorLockServer::getNodeId somewhat. (#26770) It's really not clear why this function is doing all the checks it's doing, but a blind AsSecureSession() could absolutely crash here if this is not a secure session, AsSecureSession() can _never_ return null (it calls a virtual method on "this" before returning "this") and chances are the intent for PASE is not to return the random PASE peer id. --- .../door-lock-server/door-lock-server.cpp | 19 +++++++++++++++---- 1 file changed, 15 insertions(+), 4 deletions(-) diff --git a/src/app/clusters/door-lock-server/door-lock-server.cpp b/src/app/clusters/door-lock-server/door-lock-server.cpp index 757063b5f173af..f63248d022676b 100644 --- a/src/app/clusters/door-lock-server/door-lock-server.cpp +++ b/src/app/clusters/door-lock-server/door-lock-server.cpp @@ -1367,18 +1367,29 @@ chip::FabricIndex DoorLockServer::getFabricIndex(const chip::app::CommandHandler chip::NodeId DoorLockServer::getNodeId(const chip::app::CommandHandler * commandObj) { + // TODO: Why are we doing all these checks? At all the callsites we have + // just received a command, so we better have a handler, exchange, session, + // etc. The only thing we should be checking is that it's a CASE session. if (nullptr == commandObj || nullptr == commandObj->GetExchangeContext()) { ChipLogError(Zcl, "Cannot access ExchangeContext of Command Object for Node ID"); return kUndefinedNodeId; } - auto secureSession = commandObj->GetExchangeContext()->GetSessionHandle()->AsSecureSession(); - if (nullptr == secureSession) + if (!commandObj->GetExchangeContext()->HasSessionHandle()) { - ChipLogError(Zcl, "Cannot access Secure session handle of Command Object for Node ID"); + ChipLogError(Zcl, "Cannot access session of Command Object for Node ID"); + return kUndefinedNodeId; + } + + auto descriptor = commandObj->GetExchangeContext()->GetSessionHandle()->GetSubjectDescriptor(); + if (descriptor.authMode != Access::AuthMode::kCase) + { + ChipLogError(Zcl, "Cannot get Node ID from non-CASE session of Command Object"); + return kUndefinedNodeId; } - return secureSession->GetPeerNodeId(); + + return descriptor.subject; } bool DoorLockServer::userIndexValid(chip::EndpointId endpointId, uint16_t userIndex)