diff --git a/.github/workflows/cmake-linux.yml b/.github/workflows/cmake-linux.yml index 471bfa6bf..2365fd1ee 100644 --- a/.github/workflows/cmake-linux.yml +++ b/.github/workflows/cmake-linux.yml @@ -56,8 +56,8 @@ jobs: - args: "-DOC_IPV4_ENABLED=ON -DOC_TCP_ENABLED=ON -DOC_PKI_ENABLED=OFF" # cloud on (ipv4+tcp on), dynamic allocation off, push notifications off - args: "-DOC_CLOUD_ENABLED=ON -DOC_DYNAMIC_ALLOCATION_ENABLED=OFF -DOC_PUSH_ENABLED=OFF" - # cloud on (ipv4+tcp on), collections create on - - args: "-DOC_CLOUD_ENABLED=ON -DOC_COLLECTIONS_IF_CREATE_ENABLED=ON" + # cloud on (ipv4+tcp on), collections create on, dps on, dps test properties on + - args: "-DOC_CLOUD_ENABLED=ON -DOC_COLLECTIONS_IF_CREATE_ENABLED=ON -DPLGD_DEV_DEVICE_PROVISIONING_ENABLED=ON -DPLGD_DEV_DEVICE_PROVISIONING_TEST_PROPERTIES_ENABLED=ON -DPLGD_DEV_DEVICE_PROVISIONING_MAXIMUM_LOG_LEVEL=INFO" # cloud on (ipv4+tcp on), collections create on, custom message buffer size, custom message buffer pool size, custom app data buffer size, custom app data buffer pool size - args: "-DOC_CLOUD_ENABLED=ON -DOC_COLLECTIONS_IF_CREATE_ENABLED=ON -DOC_INOUT_BUFFER_SIZE=2048 -DOC_INOUT_BUFFER_POOL=4 -DOC_APP_DATA_BUFFER_SIZE=2048 -DOC_APP_DATA_BUFFER_POOL=4" # debug on diff --git a/api/oc_endpoint.c b/api/oc_endpoint.c index 785ad5738..16ba8ca4a 100644 --- a/api/oc_endpoint.c +++ b/api/oc_endpoint.c @@ -171,10 +171,7 @@ oc_endpoint_to_cstring(const oc_endpoint_t *endpoint, char *buffer, return -1; } // overflow check for coverity scan - // assert(len <= INT_MAX - written && "Integer overflow detected"); - if (len > INT_MAX - written) { - return -1; - } + assert(len <= INT_MAX - written && "Integer overflow detected"); return len + written; } diff --git a/api/plgd/device-provisioning-client/plgd_dps_dhcp.c b/api/plgd/device-provisioning-client/plgd_dps_dhcp.c index 6d3c07921..ab69be063 100644 --- a/api/plgd/device-provisioning-client/plgd_dps_dhcp.c +++ b/api/plgd/device-provisioning-client/plgd_dps_dhcp.c @@ -143,13 +143,15 @@ plgd_dps_hex_string_to_bytes(const char *isc_dhcp_vendor_encapsulated_options, memset(buffer, 0, buffer_size); } for (size_t i = 0; i < isc_dhcp_vendor_encapsulated_options_size;) { + const char *data = isc_dhcp_vendor_encapsulated_options + i; + size_t data_size = isc_dhcp_vendor_encapsulated_options_size - i; uint8_t val = 0; - ssize_t used = - hex_to_value(isc_dhcp_vendor_encapsulated_options + i, - isc_dhcp_vendor_encapsulated_options_size - i, &val); + ssize_t used = hex_to_value(data, data_size, &val); if (used < 0) { return -1; } + // overflow check for coverity scan + assert((size_t)used <= data_size); if (buffer && (needed < buffer_size)) { buffer[needed] = val; } diff --git a/api/plgd/device-provisioning-client/plgd_dps_log.c b/api/plgd/device-provisioning-client/plgd_dps_log.c index 2e18be024..32c60cfe8 100644 --- a/api/plgd/device-provisioning-client/plgd_dps_log.c +++ b/api/plgd/device-provisioning-client/plgd_dps_log.c @@ -30,9 +30,8 @@ static struct { - plgd_dps_print_log_fn_t fn; ///< logging function - OC_ATOMIC_INT8_T level; ///< enabled log level - OC_ATOMIC_UINT32_T components; ///< mask of enabled log components + plgd_dps_print_log_fn_t fn; ///< logging function + OC_ATOMIC_INT8_T level; ///< enabled log level } g_dps_logger = { .fn = NULL, .level = OC_LOG_LEVEL_INFO, diff --git a/api/plgd/device-provisioning-client/plgd_dps_provision_cloud.c b/api/plgd/device-provisioning-client/plgd_dps_provision_cloud.c index 6e5025e9f..e527cefbd 100644 --- a/api/plgd/device-provisioning-client/plgd_dps_provision_cloud.c +++ b/api/plgd/device-provisioning-client/plgd_dps_provision_cloud.c @@ -181,7 +181,10 @@ dps_handle_set_cloud_response(oc_client_response_t *data) } oc_string_view_t sidv = oc_string_view2(cloud.sid); oc_uuid_t sid; - oc_str_to_uuid_v1(sidv.data, sidv.length, &sid); + if (oc_str_to_uuid_v1(sidv.data, sidv.length, &sid) < 0) { + DPS_ERR("invalid sid(%s) value", sidv.data); + return PLGD_DPS_ERROR_SET_CLOUD; + } const oc_string_t *cloud_apn = oc_cloud_get_authorization_provider_name(cloud_ctx); if (dps_is_equal_string(*cloud_ctx_cis, *cloud.ci_server) && diff --git a/api/plgd/device-provisioning-client/plgd_dps_retry.c b/api/plgd/device-provisioning-client/plgd_dps_retry.c index a016231a3..13c49edde 100644 --- a/api/plgd/device-provisioning-client/plgd_dps_retry.c +++ b/api/plgd/device-provisioning-client/plgd_dps_retry.c @@ -125,11 +125,11 @@ get_delay_from_timeout(uint16_t timeout) if (timeout == 0) { return oc_random_value() % MIN_DELAYED_VALUE_MS; } - uint64_t delay = (uint64_t)timeout * MILLISECONDS_PER_SECOND / 2; + uint32_t delay = (uint32_t)timeout * MILLISECONDS_PER_SECOND / 2; // Include a random delay to prevent multiple devices from attempting to // connect or make requests simultaneously. - delay += oc_random_value() % delay; - return delay; + uint32_t random_delay = oc_random_value() % delay; + return (uint64_t)delay + random_delay; } static bool diff --git a/api/plgd/unittest/plgd_dps_log.cpp b/api/plgd/unittest/plgd_dps_log.cpp index ec1e8dd8b..8048b158c 100644 --- a/api/plgd/unittest/plgd_dps_log.cpp +++ b/api/plgd/unittest/plgd_dps_log.cpp @@ -96,23 +96,4 @@ TEST_F(TestDPSLog, LogToFunction) DPS_LOG(OC_LOG_LEVEL_TRACE, "trace"); } -static void -expectNoLog(oc_log_level_t, const char *, int, const char *, const char *, ...) -{ - FAIL() << "unexpected log"; -} - -TEST_F(TestDPSLog, SkipLogByComponent) -{ - plgd_dps_log_set_level(OC_LOG_LEVEL_TRACE); - plgd_dps_set_log_fn(expectNoLog); - - DPS_ERR("error"); - DPS_WRN("warning"); - DPS_NOTE("notice"); - DPS_INFO("info"); - DPS_DBG("debug"); - DPS_TRACE("trace"); -} - #endif /* OC_HAS_FEATURE_PLGD_DEVICE_PROVISIONING */ diff --git a/apps/dps_cloud_server.c b/apps/dps_cloud_server.c index c57699c29..a0fc9fa68 100644 --- a/apps/dps_cloud_server.c +++ b/apps/dps_cloud_server.c @@ -853,12 +853,21 @@ register_collection(size_t device) oc_resource_set_discoverable(col, true); oc_resource_set_observable(col, true); - oc_collection_add_supported_rt(col, "oic.r.switch.binary"); - oc_collection_add_mandatory_rt(col, "oic.r.switch.binary"); + if (!oc_collection_add_supported_rt(col, "oic.r.switch.binary")) { + printf("ERROR: could not add supported resource type to collection\n"); + return false; + } + if (!oc_collection_add_mandatory_rt(col, "oic.r.switch.binary")) { + printf("ERROR: could not add mandatory resource type to collection\n"); + return false; + } #ifdef OC_COLLECTIONS_IF_CREATE oc_resource_bind_resource_interface(col, OC_IF_CREATE); - oc_collections_add_rt_factory("oic.r.switch.binary", get_switch_instance, - free_switch_instance); + if (!oc_collections_add_rt_factory("oic.r.switch.binary", get_switch_instance, + free_switch_instance)) { + OC_PRINTF("ERROR: could not register rt factory\n"); + return false; + } #endif /* OC_COLLECTIONS_IF_CREATE */ /* The following enables baseline RETRIEVEs/UPDATEs to Collection properties */ @@ -1508,15 +1517,19 @@ dps_dhcp_parse_vendor_encapsulated_options(const char *value, size_t size, ssize_t len = plgd_dps_hex_string_to_bytes(value, size, NULL, 0); if (len < 0) { printf("ERROR: invalid character in vendor encapsulated options\n"); - return true; + return false; } - if (len > (ssize_t)(sizeof(veo->value))) { + if ((size_t)len > sizeof(veo->value)) { printf("ERROR: vendor encapsulated options too long\n"); - return true; + return false; } len = plgd_dps_hex_string_to_bytes(value, size, veo->value, sizeof(veo->value)); - if (len < (ssize_t)(sizeof(veo->value))) { + if (len < 0) { + printf("ERROR: invalid hex string\n"); + return false; + } + if ((size_t)len < sizeof(veo->value)) { veo->value[len] = '\0'; } veo->size = (size_t)len; diff --git a/port/linux/ip.c b/port/linux/ip.c index 9bb82d4ed..b96668d63 100644 --- a/port/linux/ip.c +++ b/port/linux/ip.c @@ -122,7 +122,7 @@ oc_ip_send_msg(int sock, struct sockaddr_storage *receiver, } // overflow check for coverity scan assert(bytes_sent <= SIZE_MAX - (size_t)ret && "Integer overflow detected"); - bytes_sent += ret; + bytes_sent += (size_t)ret; } OC_TRACE("Sent %zu bytes", bytes_sent); if (bytes_sent == 0) { diff --git a/port/linux/tcpsession.c b/port/linux/tcpsession.c index 373ec0ff4..39f9ee905 100644 --- a/port/linux/tcpsession.c +++ b/port/linux/tcpsession.c @@ -956,7 +956,7 @@ tcp_send_message(int sockfd, const oc_message_t *message) // overflow check for coverity scan assert(bytes_sent <= SIZE_MAX - (size_t)send_len && "Integer overflow detected"); - bytes_sent += send_len; + bytes_sent += (size_t)send_len; } while (bytes_sent < message->length); OC_TRACE("Sent %zu bytes", bytes_sent); diff --git a/util/jsmn/jsmn.c b/util/jsmn/jsmn.c index be295abac..83e5c89cd 100644 --- a/util/jsmn/jsmn.c +++ b/util/jsmn/jsmn.c @@ -249,10 +249,7 @@ jsmn_parse_next_char(jsmn_parser_t *parser, jsmntok_t *token, const char *js, return r; } // overflow check for coverity scan - // assert(count <= INT_MAX - r && "Integer overflow detected"); - if (count > INT_MAX - r) { - return -1; - } + assert(count <= INT_MAX - r && "Integer overflow detected"); count += r; break; } @@ -302,10 +299,7 @@ jsmn_parse(jsmn_parser_t *parser, const char *js, const size_t len, return r; } // overflow check for coverity scan - // assert(count <= INT_MAX - r && "Integer overflow detected"); - if (count > INT_MAX - r) { - return -1; - } + assert(count <= INT_MAX - r && "Integer overflow detected"); count += r; }