From 10804041d4b6a94f15a375b61c8730bfd1e4e8a7 Mon Sep 17 00:00:00 2001 From: Boris Zbarsky Date: Mon, 8 May 2023 11:25:27 -0400 Subject: [PATCH] Make sure we don't trash our userinfo after we get it and before we send it. (#26373) findOccupiedUserSlot can end up overwriting some of the buffers that emberAfPluginDoorLockGetUser uses, so we need to make sure we call findOccupiedUserSlot before emberAfPluginDoorLockGetUser (or after we are done using the output from emberAfPluginDoorLockGetUser). --- .../door-lock-server/door-lock-server.cpp | 21 ++++++++++++------- 1 file changed, 14 insertions(+), 7 deletions(-) diff --git a/src/app/clusters/door-lock-server/door-lock-server.cpp b/src/app/clusters/door-lock-server/door-lock-server.cpp index 78ed3f63ac06b2..c363ada6d4c30f 100644 --- a/src/app/clusters/door-lock-server/door-lock-server.cpp +++ b/src/app/clusters/door-lock-server/door-lock-server.cpp @@ -453,6 +453,20 @@ void DoorLockServer::getUserCommandHandler(chip::app::CommandHandler * commandOb return; } + Commands::GetUserResponse::Type response; + + // appclusters, 5.2.4.36.1: We need to add next occupied user after userIndex if any. + // + // We want to do this before we call emberAfPluginDoorLockGetUser, because this will + // make its own emberAfPluginDoorLockGetUser calls, and a + // EmberAfPluginDoorLockUserInfo might be pointing into some application-static + // buffers (for its credentials and whatnot). + uint16_t nextAvailableUserIndex = 0; + if (findOccupiedUserSlot(commandPath.mEndpointId, static_cast(userIndex + 1), nextAvailableUserIndex)) + { + response.nextUserIndex.SetNonNull(nextAvailableUserIndex); + } + EmberAfPluginDoorLockUserInfo user; if (!emberAfPluginDoorLockGetUser(commandPath.mEndpointId, userIndex, user)) { @@ -461,7 +475,6 @@ void DoorLockServer::getUserCommandHandler(chip::app::CommandHandler * commandOb return; } - Commands::GetUserResponse::Type response; response.userIndex = userIndex; // appclusters, 5.2.4.36: we should not set user-specific fields to non-null if the user status is set to Available @@ -498,12 +511,6 @@ void DoorLockServer::getUserCommandHandler(chip::app::CommandHandler * commandOb emberAfDoorLockClusterPrintln("[GetUser] User not found [userIndex=%d]", userIndex); } - // appclusters, 5.2.4.36.1: We need to add next occupied user after userIndex if any. - uint16_t nextAvailableUserIndex = 0; - if (findOccupiedUserSlot(commandPath.mEndpointId, static_cast(userIndex + 1), nextAvailableUserIndex)) - { - response.nextUserIndex.SetNonNull(nextAvailableUserIndex); - } commandObj->AddResponse(commandPath, response); }