I agree, if a remote entity can ever cause a crash, a bug should be filed and fixed.
From: iotivity-dev-bounces at lists.iotivity.org [mailto:[email protected]] On Behalf Of Morten Nielsen Sent: Tuesday, November 8, 2016 8:30 AM To: Thiago Macieira <thiago.macieira at intel.com>; iotivity-dev at lists.iotivity.org Subject: Re: [dev] Crashing the Iotivity samples Correct. If I add gibberish after the localhost path, I?m not seeing this crash. As I said, I don?t believe this is a valid Uri, but my point was you shouldn?t be able to bring down all the services by simply doing invalid requests. That could mean any poorly written client like mine could bring down my entire home from a smart home to a bricked home ? /Morten From: Thiago Macieira<mailto:[email protected]> Sent: Monday, November 7, 2016 4:02 PM To: iotivity-dev at lists.iotivity.org<mailto:iotivity-dev at lists.iotivity.org> Cc: Morten Nielsen<mailto:mn at iter.dk> Subject: Re: [dev] Crashing the Iotivity samples On segunda-feira, 7 de novembro de 2016 23:24:39 CST Morten Nielsen wrote: > So yes my request probably isn?t valid, but I assume it shouldn?t be so easy > to crash the services ? Hello Morten Given the screenshot of the code which you included (which I can't quote because it's a screenshot, not a copy & paste of the source code), my guess is that the CoAP client did not send any Uri-Path header, which probably means that requestInfo->info.resourceUri was a null pointer. -- Thiago Macieira - thiago.macieira (AT) intel.com Software Architect - Intel Open Source Technology Center -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.iotivity.org/pipermail/iotivity-dev/attachments/20161108/000aeec2/attachment.html>
