net: lwm2m: check for read permission on observe

When processing an observe request we fail to check whether a resource has the read permission set. Let's check and if it doesn't return -EPERM. NOTE: Also do diligence and return -ENOENT when an object field cannot be found while looking for the permission. Fixes https://github.com/zephyrproject-rtos/zephyr/issues/8286 Signed-off-by: Michael Scott <mike@foundries.io>
2018-08-27 13:57:23 -07:00 · 2018-08-27 13:57:23 -07:00 · be2b361b35
parent 3b80998ff2
commit be2b361b35
1 changed files with 16 additions and 0 deletions
--- a/subsys/net/lib/lwm2m/lwm2m_engine.c
+++ b/subsys/net/lib/lwm2m/lwm2m_engine.c
@ -413,6 +413,7 @@ static int engine_add_observer(struct lwm2m_message *msg,
 			       u16_t format)
 {
 	struct lwm2m_engine_obj *obj = NULL;
+	struct lwm2m_engine_obj_field *obj_field = NULL;
 	struct lwm2m_engine_obj_inst *obj_inst = NULL;
 	struct observe_node *obs;
 	struct sockaddr *addr;
@ -502,6 +503,21 @@ static int engine_add_observer(struct lwm2m_message *msg,
 			return -ENOENT;
 		}

+		/* load object field data */
+		obj_field = lwm2m_get_engine_obj_field(obj,
+				obj_inst->resources[i].res_id);
+		if (!obj_field) {
+			SYS_LOG_ERR("unable to find obj_field: %u/%u/%u",
+				    path->obj_id, path->obj_inst_id,
+				    path->res_id);
+			return -ENOENT;
+		}
+
+		/* check for READ permission on matching resource */
+		if (!LWM2M_HAS_PERM(obj_field, LWM2M_PERM_R)) {
+			return -EPERM;
+		}
+
 		ret = update_attrs(&obj_inst->resources[i], &attrs);
 		if (ret < 0) {
 			return ret;