binding: nfc: check request value field on subscribe & unsubscribeflounder_6.0.5flounder_6.0.4flounder/6.0.5flounder/6.0.46.0.56.0.4flounder

 Bug-AGL: SPEC-1994
     - check subscribe/unsubscribe requests from client are for a valid event.

Change-Id: Icb020e35f2c70a83b1a043a03827d25ed2e94d17
Signed-off-by: Raquel Medina <raquel.medina@konsulko.com>

1 files changed, 18 insertions, 2 deletions

diff --git a/binding/afm-nfc-binding.c b/binding/afm-nfc-binding.c
index ef87a7d..8ec9687 100644
--- a/binding/afm-nfc-binding.c
+++ b/binding/afm-nfc-binding.c
@@ -275,10 +275,18 @@ static int init(afb_api_t api)
 
 static void subscribe(afb_req_t request)
 {
+	const char *value = afb_req_value(request, "value");
+	const char *ename = afb_event_name(presence_event);
+
+	if (!value || !ename)
+		return afb_req_reply(request, NULL, "invalid", NULL);
+
+	if (strcasecmp(value, ename))
+		return afb_req_reply(request, NULL, "invalid", NULL);
+
 	if (afb_req_subscribe(request, presence_event) < 0) {
 		AFB_REQ_ERROR(request, "subscribe to presence_event failed");
 		afb_req_reply(request, NULL, "failed", "Invalid event");
-
 		return;
 	}
 
@@ -287,11 +295,19 @@ static void subscribe(afb_req_t request)
 
 static void unsubscribe(afb_req_t request)
 {
+	const char *value = afb_req_value(request, "value");
+	const char *ename = afb_event_name(presence_event);
+
+	if (!value || !ename)
+		return afb_req_reply(request, NULL, "invalid", NULL);
+
+	if (strcasecmp(value, ename))
+		return afb_req_reply(request, NULL, "invalid", NULL);
+
 	if (afb_req_unsubscribe(request, presence_event) < 0) {
 		AFB_REQ_ERROR(request,
 			      "unsubscribe to presence_event failed");
 		afb_req_reply(request, NULL, "failed", "Invalid event");
-
 		return;
 	}