Merge branch 'bugfix/esp_local_ctrl_arg_check' into 'master'

fix(esp_local_ctrl): validate payload_case matches msg_type in command dispatcher See merge request espressif/esp-idf!45817
2026-04-27 19:13:21 +00:00 · 2026-02-13 09:13:16 +05:30
parent 97d9585357 4631b4a5d9
commit ecc8fda914
7 changed files with 36 additions and 1 deletions
@@ -1,5 +1,5 @@
 /*
- * SPDX-FileCopyrightText: 2019-2024 Espressif Systems (Shanghai) CO LTD
+ * SPDX-FileCopyrightText: 2019-2026 Espressif Systems (Shanghai) CO LTD
 *
 * SPDX-License-Identifier: Apache-2.0
 */
@@ -25,6 +25,7 @@ static const char* TAG = "esp_local_ctrl_handler";

 typedef struct esp_local_ctrl_cmd {
    int cmd_num;
+    int expected_payload_case;
    esp_err_t (*command_handler)(LocalCtrlMessage *req,
                                 LocalCtrlMessage *resp, void **ctx);
 } esp_local_ctrl_cmd_t;
@@ -41,14 +42,17 @@ static esp_err_t cmd_set_prop_vals_handler(LocalCtrlMessage *req,
 static esp_local_ctrl_cmd_t cmd_table[] = {
    {
        .cmd_num = LOCAL_CTRL_MSG_TYPE__TypeCmdGetPropertyCount,
+        .expected_payload_case = LOCAL_CTRL_MESSAGE__PAYLOAD_CMD_GET_PROP_COUNT,
        .command_handler = cmd_get_prop_count_handler
    },
    {
        .cmd_num = LOCAL_CTRL_MSG_TYPE__TypeCmdGetPropertyValues,
+        .expected_payload_case = LOCAL_CTRL_MESSAGE__PAYLOAD_CMD_GET_PROP_VALS,
        .command_handler = cmd_get_prop_vals_handler
    },
    {
        .cmd_num = LOCAL_CTRL_MSG_TYPE__TypeCmdSetPropertyValues,
+        .expected_payload_case = LOCAL_CTRL_MESSAGE__PAYLOAD_CMD_SET_PROP_VALS,
        .command_handler = cmd_set_prop_vals_handler
    }
 };
@@ -238,6 +242,12 @@ static esp_err_t esp_local_ctrl_command_dispatcher(LocalCtrlMessage *req,
        return ESP_ERR_INVALID_ARG;
    }

+    if (req->payload_case != cmd_table[cmd_index].expected_payload_case) {
+        ESP_LOGE(TAG, "Payload type mismatch: msg_type %d expects payload %d, got %d",
+                 req->msg, cmd_table[cmd_index].expected_payload_case, req->payload_case);
+        return ESP_ERR_INVALID_ARG;
+    }
+
    esp_err_t ret = cmd_table[cmd_index].command_handler(req, resp, ctx);
    if (ret != ESP_OK) {
        ESP_LOGE(TAG, "Error executing command handler");
@@ -5,6 +5,8 @@ menu "Protocomm"
        default n
        help
            Enable support of security version 0.
+            This version provides no encryption or authentication and should
+            not be used in production. Use only for development and testing.
            Disabling this option saves some code size.
            Consult the Enabling protocomm security version section of the
            Protocomm documentation in ESP-IDF Programming guide for more details.
@@ -14,6 +16,8 @@ menu "Protocomm"
        default n
        help
            Enable support of security version 1.
+            Security version 2 (SRP6a + AES-GCM) is recommended over this
+            version for new designs.
            Disabling this option saves some code size.
            Consult the Enabling protocomm security version section of the
            Protocomm documentation in ESP-IDF Programming guide for more details.
@@ -97,6 +97,9 @@ You may set security for transport in ESP local control using following options:
 3. ``PROTOCOM_SEC0``: specifies that data will be exchanged as a plain text (no security).
 4. ``PROTOCOM_SEC_CUSTOM``: you can define your own security requirement. Please note that you will also have to provide ``custom_handle`` of type ``protocomm_security_t *`` in this context.

+.. warning::
+    It is strongly recommended to use ``PROTOCOM_SEC2`` for production deployments. ``PROTOCOM_SEC0`` provides no encryption or authentication, leaving device properties exposed to any client on the local network. ``PROTOCOM_SEC1`` provides weaker security compared to ``PROTOCOM_SEC2`` and its use is discouraged for new designs.
+
 .. note::
    The respective security schemes need to be enabled through the project configuration menu. Please refer to the Enabling protocom security version section in :doc:`Protocol Communication </api-reference/provisioning/protocomm>` for more details.

@@ -49,6 +49,9 @@ The protocomm component provides a project configuration menu to enable/disable

    Enabling multiple security versions at once offers the ability to control them dynamically but also increases the firmware size.

+.. warning::
+    ``protocomm_security0`` provides no encryption or authentication and should not be used in production. ``protocomm_security2`` (SRP6a + AES-GCM) is the recommended security version for all production use cases.
+
 .. only:: SOC_WIFI_SUPPORTED

    SoftAP + HTTP Transport Example with Security 2
@@ -97,6 +97,9 @@ ESP 本地控制
 3. ``PROTOCOM_SEC0``: 指定以明文（无安全性）方式交换数据。
 4. ``PROTOCOM_SEC_CUSTOM``: 自定义安全需求。注意，使用这一选项时，必须提供 ``protocomm_security_t *`` 类型的 ``custom_handle``。

+.. warning::
+    强烈建议在生产部署中使用 ``PROTOCOM_SEC2``。``PROTOCOM_SEC0`` 不提供加密或身份验证，本地网络上的任何客户端都可以访问设备属性。``PROTOCOM_SEC1`` 的安全性弱于 ``PROTOCOM_SEC2``，不建议在新设计中使用。
+
 .. note::
    相应的安全方案需通过项目配置菜单启用。要了解详情，请参考 :doc:`Protocol Communication </api-reference/provisioning/protocomm>` 中关于启用 protocomm 安全版本的章节。

@@ -49,6 +49,9 @@ Protocomm 为以下各种传输提供框架：

    启用多个安全版本后可以动态控制安全版本，但也会增加固件大小。

+.. warning::
+    ``protocomm_security0`` 不提供加密或身份验证，不应在生产环境中使用。建议在所有生产场景中使用 ``protocomm_security2`` （SRP6a + AES-GCM）。
+
 .. only:: SOC_WIFI_SUPPORTED

    使用 Security 2 的 SoftAP + HTTP 传输方案示例
@@ -27,14 +27,23 @@ menu "Example Configuration"
        config EXAMPLE_PROTOCOMM_SECURITY_VERSION_0
            bool "Security Version 0"
            select ESP_PROTOCOMM_SUPPORT_SECURITY_VERSION_0
+            help
+                No security. Data is exchanged as plain text.
+                This mode is not recommended for production use.

        config EXAMPLE_PROTOCOMM_SECURITY_VERSION_1
            bool "Security version 1"
            select ESP_PROTOCOMM_SUPPORT_SECURITY_VERSION_1
+            help
+                Curve25519 key exchange + AES-CTR encryption.
+                Security version 2 is recommended over this for new designs.

        config EXAMPLE_PROTOCOMM_SECURITY_VERSION_2
            bool "Security version 2"
            select ESP_PROTOCOMM_SUPPORT_SECURITY_VERSION_2
+            help
+                SRP6a-based key exchange + AES-GCM encryption. Preferred security
+                version for new designs.
    endchoice

    choice EXAMPLE_PROTOCOMM_SEC2_MODE