The command dispatcher routed handlers based solely on msg_type without
verifying that the protobuf payload_case field matched. A crafted message
with mismatched msg_type and payload_case could cause type confusion,
leading to an out-of-bounds read or NULL pointer dereference.
Add expected_payload_case to the command table and validate it in the
dispatcher before invoking any handler.
Please note that this issue was applicable for authenticated clients
only (with security1/2 scheme) and hence the impact is on lower side.
1) Rename srp component to esp_srp
2) Remove dependency on hkdf sha
3) Restructure protocomm component APIs to make them more flexible for allowing multiple security versions
4) esp_srp: convert API return type from int to esp_err_t
5) esp_srp: Formatting changes
6) Added mbedtls_gcm instead of aes_ctr
Co-authored-by: Laukik hase <laukik.hase@espressif.com>
1. Added config options to chose from protocom security.
It can be chosen 0/1 or custom.
Possible to set POP as well
2. Added support in `esp_local_ctrl.py` test script for sec_ver selection
Signed-off-by: Vikram Dattu <vikram.dattu@espressif.com>
List of changes:
* New component esp_local_ctrl added
* Example added under examples/protocols/esp_local_ctrl
* Documentation added under protocols/esp_local_ctrl
* Demo client side app esp_local_ctrl.py added under examples/protocols/esp_local_ctrl/scripts
* protocomm_ble : protocomm_ble_config_t given struct name for allowing forward declaration
* esp_prov/transport_softap renamed to transport_http
* transport_http module supports verification of server certificate
* transport_http module performs name resolution before connection
Ashish Sharma
Mahavir Jain
Alexey Lapshin
Laukik Hase
gabsuren
Aditya Patwardhan
Harshit Malpani
Nathan Phillips
Vikram Dattu
aditi_lonkar
morris
David Cermak
Anurag Kar