Received: by 2002:a25:ad19:0:0:0:0:0 with SMTP id y25csp7153558ybi; Mon, 8 Jul 2019 15:43:56 -0700 (PDT) X-Google-Smtp-Source: APXvYqwEVUNr3cfOP6Uut1/BTI4p0aCnrndtx7lPCTrQh5ZniaY1KEf72usZbtyp4Hnadh0p4ldv X-Received: by 2002:a17:90a:d58c:: with SMTP id v12mr20607299pju.7.1562625836716; Mon, 08 Jul 2019 15:43:56 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1562625836; cv=none; d=google.com; s=arc-20160816; b=0JrVcpu4KgjS8NGLvk6RCCXgA4Vu4rSnmU+7ytikSBM/9h6cT7JiUB7gG7iGkKO/hj 5YWYorkCU1e5FI+UrBiIGxznDdoz8QZpA7iIvsQrBTgP2x5w8xOt0H+N6U6BjpfjbTi6 0iPPWhndpp1wuFnEIslVPrnYnR/0t5XKyIqvyQzuC3qLcv9GIha99UwvfVcdAoxiG0lS JamTmsfHqkFeZ8VOZ3jrUqdYrnsIwg1o0iaYeXJaMBRoPnG8Da4sdlZpAH6qpx/Wqk3k oaU14qC4gDcxAGW0hc8Sb9ogeLxV3UldR6041HTDqC/5CF2YjS5TaKyvckyiCZBnHymt c7AQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:mime-version:content-language :accept-language:in-reply-to:references:message-id:date:thread-index :thread-topic:subject:cc:to:from; bh=V9ihR8KSRYZIlcrI0Wbne+DzIko3XMwMtCH7qfs2Ndw=; b=zWVpVzOwLs2t9ocqsdA2BPm9c6rnnOCKI2o068Rcaos+ZeiyTjyFt2sK2xQv2TMOYg l1otIL1Y6i8sjlv5mN4mXfhnRxI1lq4+XH4NqoOiWIPH+Zc5BKJdp4JmwkKifPNEqtxb 0PD32NIWo/vPdQrEABX4gqjMzbmcxJMNivhzmz4r3cNFrwImE1Mr9WIa0dUF+veyJJCr xkeLXojepbOQ8ug/lVf3MTRA0fc079pgtwsMg+5BqAQcC9u9k4cMBlz7eJfi/LR1vq1N M2VHAySP770qO7bq5sc6aCOgOqQ2uP3NY4aUHgZVzi8THnv8ep4WqH5jH1kfWHKkEPB9 vfYg== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-bluetooth-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-bluetooth-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id 77si21779762pge.315.2019.07.08.15.43.26; Mon, 08 Jul 2019 15:43:56 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-bluetooth-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-bluetooth-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-bluetooth-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1732764AbfGHQxI (ORCPT + 99 others); Mon, 8 Jul 2019 12:53:08 -0400 Received: from mga14.intel.com ([192.55.52.115]:63275 "EHLO mga14.intel.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726318AbfGHQxH (ORCPT ); Mon, 8 Jul 2019 12:53:07 -0400 X-Amp-Result: UNKNOWN X-Amp-Original-Verdict: FILE UNKNOWN X-Amp-File-Uploaded: False Received: from fmsmga006.fm.intel.com ([10.253.24.20]) by fmsmga103.fm.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 08 Jul 2019 09:53:07 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.63,466,1557212400"; d="p7s'?scan'208";a="364292991" Received: from orsmsx106.amr.corp.intel.com ([10.22.225.133]) by fmsmga006.fm.intel.com with ESMTP; 08 Jul 2019 09:53:07 -0700 Received: from orsmsx123.amr.corp.intel.com (10.22.240.116) by ORSMSX106.amr.corp.intel.com (10.22.225.133) with Microsoft SMTP Server (TLS) id 14.3.439.0; Mon, 8 Jul 2019 09:53:06 -0700 Received: from orsmsx103.amr.corp.intel.com ([169.254.5.44]) by ORSMSX123.amr.corp.intel.com ([169.254.1.245]) with mapi id 14.03.0439.000; Mon, 8 Jul 2019 09:53:06 -0700 From: "Stotland, Inga" To: "jakub.witowski@silvair.com" , "linux-bluetooth@vger.kernel.org" CC: "Gix, Brian" Subject: Re: [RFC BlueZ 0/1] Validate element indexation Thread-Topic: [RFC BlueZ 0/1] Validate element indexation Thread-Index: AQHVNZdTQzhqil0Lq0+dZ8aBJmT0kKbBZWOA Date: Mon, 8 Jul 2019 16:53:06 +0000 Message-ID: <65651744c67ae13bd95ffac88fae42f0f6c16c61.camel@intel.com> References: <20190708141314.13950-1-jakub.witowski@silvair.com> In-Reply-To: <20190708141314.13950-1-jakub.witowski@silvair.com> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: yes X-MS-TNEF-Correlator: x-originating-ip: [10.252.203.194] Content-Type: multipart/signed; micalg=sha-1; protocol="application/x-pkcs7-signature"; boundary="=-4QeeDCZ3bekc6liIvBnX" MIME-Version: 1.0 Sender: linux-bluetooth-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-bluetooth@vger.kernel.org --=-4QeeDCZ3bekc6liIvBnX Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable Hi Jakub, On Mon, 2019-07-08 at 16:13 +0200, Jakub Witowski wrote: > Hello, >=20 > I've prepared validation of element indexation. >=20 > First of all I've used 64-bit unsigned value to collect all given > indexes. > As You can deduce from "4.2.1.1 Composition Data Page 0", the maximum > value of elements can be 61. > It is limited by max message size which is 376. Furthermore the > element indexes should be given > with no gap between them, for example: > element index: 3, 2, 0, 1 will be ok, > element index: 3, 2, 0 should return an error because the idx 1 is > missing >=20 > Secondly I think, that the validation of element index value may be > required, cause for now > we support 255 (uint8_t). >=20 > Please let me know what do You thing of aboves. >=20 > BR, > Jakub Witowski=20 >=20 > Jakub Witowski (1): > mesh: Validate element indexation >=20 > mesh/node.c | 15 +++++++++++++++ > 1 file changed, 15 insertions(+) >=20 I agree that the validation for the gaps is needed. Interesting point about max number of elements... I wonder if a better check woul be to we to add to construct composition data as a validation point to make sure it fits in mesh message= . Plus, an additional strict check can be done when Attach method is called= : stored composition can be byte compared to the one dynamically generated = from collected properties... --=-4QeeDCZ3bekc6liIvBnX Content-Type: application/x-pkcs7-signature; name="smime.p7s" Content-Disposition: attachment; filename="smime.p7s" Content-Transfer-Encoding: base64 MIAGCSqGSIb3DQEHAqCAMIACAQExCzAJBgUrDgMCGgUAMIAGCSqGSIb3DQEHAQAAoIIKbDCCBOsw ggPToAMCAQICEDabxALowUBS+21KC0JI8fcwDQYJKoZIhvcNAQEFBQAwbzELMAkGA1UEBhMCU0Ux FDASBgNVBAoTC0FkZFRydXN0IEFCMSYwJAYDVQQLEx1BZGRUcnVzdCBFeHRlcm5hbCBUVFAgTmV0 d29yazEiMCAGA1UEAxMZQWRkVHJ1c3QgRXh0ZXJuYWwgQ0EgUm9vdDAeFw0xMzEyMTEwMDAwMDBa Fw0yMDA1MzAxMDQ4MzhaMHkxCzAJBgNVBAYTAlVTMQswCQYDVQQIEwJDQTEUMBIGA1UEBxMLU2Fu dGEgQ2xhcmExGjAYBgNVBAoTEUludGVsIENvcnBvcmF0aW9uMSswKQYDVQQDEyJJbnRlbCBFeHRl cm5hbCBCYXNpYyBJc3N1aW5nIENBIDRCMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA yzuW/y/g0bznz8BD48M94luFzqHaqY9yGN9H/W0J7hOVBpl0rTQJ6kZ7z7hyDb9kf2UW4ZU25alC i+q5m6NwHg+z9pcN7bQ84SSBueaYF7cXlAg7z3XyZbzSEYP7raeuWRf5fYvYzq8/uI7VNR8o/43w PtDP10YDdO/0J5xrHxnC/9/aU+wTFSVsPqxsd7C58mnu7G4VRJ0n9PG4SfmYNC0h/5fLWuOWhxAv 6MuiK7MmvTPHLMclULgJqVSqG1MbBs0FbzoRHne4Cx0w6rtzPTrzo+bTRqhruaU18lQkzBk6OnyJ UthtaDQIlfyGy2IlZ5F6QEyjItbdKcHHdjBX8wIDAQABo4IBdzCCAXMwHwYDVR0jBBgwFoAUrb2Y ejS0Jvf6xCZU7wO94CTLVBowHQYDVR0OBBYEFNpBI5xaj3GvV4M+INPjZdsMywvbMA4GA1UdDwEB /wQEAwIBhjASBgNVHRMBAf8ECDAGAQH/AgEAMDYGA1UdJQQvMC0GCCsGAQUFBwMEBgorBgEEAYI3 CgMEBgorBgEEAYI3CgMMBgkrBgEEAYI3FQUwFwYDVR0gBBAwDjAMBgoqhkiG+E0BBQFpMEkGA1Ud HwRCMEAwPqA8oDqGOGh0dHA6Ly9jcmwudHJ1c3QtcHJvdmlkZXIuY29tL0FkZFRydXN0RXh0ZXJu YWxDQVJvb3QuY3JsMDoGCCsGAQUFBwEBBC4wLDAqBggrBgEFBQcwAYYeaHR0cDovL29jc3AudHJ1 c3QtcHJvdmlkZXIuY29tMDUGA1UdHgQuMCygKjALgQlpbnRlbC5jb20wG6AZBgorBgEEAYI3FAID oAsMCWludGVsLmNvbTANBgkqhkiG9w0BAQUFAAOCAQEAp9XGgH85hk/3IuN8F4nrFd24MAoau7Uq M/of09XtyYg2dV0TIPqtxPZw4813r78WwsGIbvtO8VQ18dNktIxaq6+ym2zebqDh0z6Bvo63jKE/ HMj8oNV3ovnuo+7rGpCppcda4iVBG2CetB3WXbUVr82EzECN+wxmC4H9Rup+gn+t+qeBTaXulQfV TYOvZ0eZPO+DyC2pVv5q5+xHljyUsVqpzsw89utuO8ZYaMsQGBRuFGOncRLEOhCtehy5B5aCI571 i4dDAv9LPODrEzm3PBfrNhlp8C0skak15VXWFzNuHd00AsxXxWSUT4TG8RiAH61Ua5GXsP1BIZwl 4WjK8DCCBXkwggRhoAMCAQICEzMAAHkSbxmcZYXZ3q8AAAAAeRIwDQYJKoZIhvcNAQEFBQAweTEL MAkGA1UEBhMCVVMxCzAJBgNVBAgTAkNBMRQwEgYDVQQHEwtTYW50YSBDbGFyYTEaMBgGA1UEChMR SW50ZWwgQ29ycG9yYXRpb24xKzApBgNVBAMTIkludGVsIEV4dGVybmFsIEJhc2ljIElzc3Vpbmcg Q0EgNEIwHhcNMTkwMzI4MTgzOTA4WhcNMjAwMzIyMTgzOTA4WjBBMRcwFQYDVQQDEw5TdG90bGFu ZCwgSW5nYTEmMCQGCSqGSIb3DQEJARYXaW5nYS5zdG90bGFuZEBpbnRlbC5jb20wggEiMA0GCSqG SIb3DQEBAQUAA4IBDwAwggEKAoIBAQC2G5M/W8NZAZ4TJB1BMvVCtoUmCavUkUo2lw8xY/EZcyre fgklUGbk5bVeALgRgWOy/STHNpXu+LxzDICt0uPhoVrpz3WPF8akFdIve4IYMZJ3vkFOeiclseLw Yqg3zQTabz5Z1XMx/iq2MJmC8MUdrovdLGNacPM6+dJWVsslFOBO3vuSaypGKXmKdy8vfSIXX6vK f5VlWW2Gi3WRHfuyuWtnEJbkoPLtydTNvBzqLpe8QmcM5wXio8/mZfnPDDWR8I1FO8MWzQF6rG00 k3sf6w6ZKbZbz2V54rncMEXM3N/P4C6ZHZR0XYqh5m1vWxZYYVzTuDEH1C8W+b3KzldrAgMBAAGj ggIwMIICLDAdBgNVHQ4EFgQUcdzZH9M8OSxLujP+AToiD5oYMRkwHwYDVR0jBBgwFoAU2kEjnFqP ca9Xgz4g0+Nl2wzLC9swZQYDVR0fBF4wXDBaoFigVoZUaHR0cDovL3d3dy5pbnRlbC5jb20vcmVw b3NpdG9yeS9DUkwvSW50ZWwlMjBFeHRlcm5hbCUyMEJhc2ljJTIwSXNzdWluZyUyMENBJTIwNEIu Y3JsMIGeBggrBgEFBQcBAQSBkTCBjjAhBggrBgEFBQcwAYYVaHR0cDovL29jc3AuaW50ZWwuY29t MGkGCCsGAQUFBzAChl1odHRwOi8vd3d3LmludGVsLmNvbS9yZXBvc2l0b3J5L2NlcnRpZmljYXRl cy9JbnRlbCUyMEV4dGVybmFsJTIwQmFzaWMlMjBJc3N1aW5nJTIwQ0ElMjA0Qi5jcnQwCwYDVR0P BAQDAgeAMDwGCSsGAQQBgjcVBwQvMC0GJSsGAQQBgjcVCIbDjHWEmeVRg/2BKIWOn1OCkcAJZ4He vTmV8EMCAWQCAQkwHwYDVR0lBBgwFgYIKwYBBQUHAwQGCisGAQQBgjcKAwwwKQYJKwYBBAGCNxUK BBwwGjAKBggrBgEFBQcDBDAMBgorBgEEAYI3CgMMMEsGA1UdEQREMEKgJwYKKwYBBAGCNxQCA6AZ DBdpbmdhLnN0b3RsYW5kQGludGVsLmNvbYEXaW5nYS5zdG90bGFuZEBpbnRlbC5jb20wDQYJKoZI hvcNAQEFBQADggEBALnl11xd+3X6fVS0VAKeoF0jCPLFZLCk4jMFifFzY2md3MLjVIB3lE5ffNnS mjG9ErOO6as95K6D6hzCJMqNodOyVPRSrMNey0tzFAPLRG3s2bgfmOcvYr4O3WmpDMx8YmH6O2YI 3Xxjyp11aXl5pk6VjpZV/hjN1jwZ/c/X00KsjoMB8mGSBvbwnV0EFQUJ99xsAlqQ4edj2T9z6pF1 WX189YL64c/t3a9LWNaT2CWbBZLIFoor9TpZsIj0lGObmGA76JKn5yxN+jzxhWIAzPi5KKYgJ9EU FDn6fGbJHisZdWX3bVamfpmPogThm1khlD7R4USu0eyym3JRh0tXJeAxggIXMIICEwIBATCBkDB5 MQswCQYDVQQGEwJVUzELMAkGA1UECBMCQ0ExFDASBgNVBAcTC1NhbnRhIENsYXJhMRowGAYDVQQK ExFJbnRlbCBDb3Jwb3JhdGlvbjErMCkGA1UEAxMiSW50ZWwgRXh0ZXJuYWwgQmFzaWMgSXNzdWlu ZyBDQSA0QgITMwAAeRJvGZxlhdnerwAAAAB5EjAJBgUrDgMCGgUAoF0wGAYJKoZIhvcNAQkDMQsG CSqGSIb3DQEHATAcBgkqhkiG9w0BCQUxDxcNMTkwNzA4MTY1MzA1WjAjBgkqhkiG9w0BCQQxFgQU IdOUyqnvqQr2UXoY34DJpA8kLkowDQYJKoZIhvcNAQEBBQAEggEANmFgN2l5Kf3pUIPk5xJVHFVw wfc/bq0a11ez/8J9WaqB6VdCH2RXICwdwcOb4xgE6nxmeUz2+RgOzakTJDobsqYhS/WiilxhPUW2 XUmGCVhutzFrJLEhiphe9QUCDQrjySEVS7WVp1c6h2FnW14gVAUZyZlnDq0vCItG8bLejvP1Hhs7 6dPmqgPXC1kDOLjaISNmHMKg2nU2ITe/LStbGVv7+9yUE7DZlC2G3PbKm2edgh4hXxH6MiZUnhgR zh3QLnO7V+JIM+s0HULgOZklXKwf40ssGcMkGwFd5FbHk+2mtOTYxkQHvNhR6ZjyLaYG2rB6w5Kp 5lrKUdyZfkuXxwAAAAAAAA== --=-4QeeDCZ3bekc6liIvBnX--