Skip to content

Commit

Permalink
Fix DoorLockServer::getNodeId somewhat. (#26770)
Browse files Browse the repository at this point in the history
It's really not clear why this function is doing all the checks it's doing, but
a blind AsSecureSession() could absolutely crash here if this is not a secure
session, AsSecureSession() can _never_ return null (it calls a virtual method on
"this" before returning "this") and chances are the intent for PASE is not to
return the random PASE peer id.
  • Loading branch information
bzbarsky-apple authored May 24, 2023
1 parent 014166c commit 7b19957
Showing 1 changed file with 15 additions and 4 deletions.
19 changes: 15 additions & 4 deletions src/app/clusters/door-lock-server/door-lock-server.cpp
Original file line number Diff line number Diff line change
Expand Up @@ -1367,18 +1367,29 @@ chip::FabricIndex DoorLockServer::getFabricIndex(const chip::app::CommandHandler

chip::NodeId DoorLockServer::getNodeId(const chip::app::CommandHandler * commandObj)
{
// TODO: Why are we doing all these checks? At all the callsites we have
// just received a command, so we better have a handler, exchange, session,
// etc. The only thing we should be checking is that it's a CASE session.
if (nullptr == commandObj || nullptr == commandObj->GetExchangeContext())
{
ChipLogError(Zcl, "Cannot access ExchangeContext of Command Object for Node ID");
return kUndefinedNodeId;
}

auto secureSession = commandObj->GetExchangeContext()->GetSessionHandle()->AsSecureSession();
if (nullptr == secureSession)
if (!commandObj->GetExchangeContext()->HasSessionHandle())
{
ChipLogError(Zcl, "Cannot access Secure session handle of Command Object for Node ID");
ChipLogError(Zcl, "Cannot access session of Command Object for Node ID");
return kUndefinedNodeId;
}

auto descriptor = commandObj->GetExchangeContext()->GetSessionHandle()->GetSubjectDescriptor();
if (descriptor.authMode != Access::AuthMode::kCase)
{
ChipLogError(Zcl, "Cannot get Node ID from non-CASE session of Command Object");
return kUndefinedNodeId;
}
return secureSession->GetPeerNodeId();

return descriptor.subject;
}

bool DoorLockServer::userIndexValid(chip::EndpointId endpointId, uint16_t userIndex)
Expand Down

0 comments on commit 7b19957

Please sign in to comment.