Skip to content

Commit

Permalink
Fix Null Pointer Dereference in TCP Packet Handling (project-chip#36751)
Browse files Browse the repository at this point in the history
* Fix Null Pointer Dereference in TCP Packet Handling

* Fix handle zero messageSize in TCP packet processing

* Add test for TCP MessageSize

* Modify test

* Restyled by clang-format

* Modify the position of an if statement

* Modify test

---------

Co-authored-by: BoB13-Matter <--global>
Co-authored-by: Restyled.io <commits@restyled.io>
  • Loading branch information
BoB13-Matter and restyled-commits authored Dec 18, 2024
1 parent b0d0614 commit 27ca6ec
Show file tree
Hide file tree
Showing 2 changed files with 16 additions and 1 deletion.
8 changes: 8 additions & 0 deletions src/transport/raw/TCP.cpp
Original file line number Diff line number Diff line change
Expand Up @@ -343,7 +343,15 @@ CHIP_ERROR TCPBase::ProcessReceivedBuffer(Inet::TCPEndPoint * endPoint, const Pe
// We have not yet received the complete message.
return CHIP_NO_ERROR;
}

state->mReceived.Consume(kPacketSizeBytes);

if (messageSize == 0)
{
// No payload but considered a valid message. Return success to keep the connection alive.
return CHIP_NO_ERROR;
}

ReturnErrorOnFailure(ProcessSingleMessage(peerAddress, state, messageSize));
}

Expand Down
9 changes: 8 additions & 1 deletion src/transport/raw/tests/TestTCP.cpp
Original file line number Diff line number Diff line change
Expand Up @@ -64,7 +64,8 @@ constexpr NodeId kSourceNodeId = 123654;
constexpr NodeId kDestinationNodeId = 111222333;
constexpr uint32_t kMessageCounter = 18;

const char PAYLOAD[] = "Hello!";
const char PAYLOAD[] = "Hello!";
const char messageSize_TEST[] = "\x00\x00\x00\x00";

class MockTransportMgrDelegate : public chip::TransportMgrDelegate
{
Expand Down Expand Up @@ -633,6 +634,12 @@ TEST_F(TestTCP, CheckProcessReceivedBuffer)
TestData testData[2];
gMockTransportMgrDelegate.SetCallback(TestDataCallbackCheck, testData);

// Test a single packet buffer with zero message size.
System::PacketBufferHandle buf = System::PacketBufferHandle::NewWithData(messageSize_TEST, 4);
ASSERT_NE(&buf, nullptr);
err = TestAccess::ProcessReceivedBuffer(tcp, lEndPoint, lPeerAddress, std::move(buf));
EXPECT_EQ(err, CHIP_NO_ERROR);

// Test a single packet buffer.
gMockTransportMgrDelegate.mReceiveHandlerCallCount = 0;
EXPECT_TRUE(testData[0].Init((const uint32_t[]){ 111, 0 }));
Expand Down

0 comments on commit 27ca6ec

Please sign in to comment.