From aab5e5d8ff58b2ec6503615efb9ea35e9f0d93f2 Mon Sep 17 00:00:00 2001
From: Raquel Medina <raquel.medina@konsulko.com>
Date: Mon, 3 Dec 2018 20:39:22 +0200
Subject: binding: nfc: check request value field on subscribe & unsubscribe

 Bug-AGL: SPEC-1994
     - check subscribe/unsubscribe requests from client are for a valid event.

Change-Id: Icb020e35f2c70a83b1a043a03827d25ed2e94d17
Signed-off-by: Raquel Medina <raquel.medina@konsulko.com>
---
 binding/afm-nfc-binding.c | 20 ++++++++++++++++++--
 1 file changed, 18 insertions(+), 2 deletions(-)

diff --git a/binding/afm-nfc-binding.c b/binding/afm-nfc-binding.c
index eb667de..5331d6c 100644
--- a/binding/afm-nfc-binding.c
+++ b/binding/afm-nfc-binding.c
@@ -281,10 +281,18 @@ static int init(afb_api_t api)
 
 static void subscribe(afb_req_t request)
 {
+	const char *value = afb_req_value(request, "value");
+	const char *ename = afb_event_name(presence_event);
+
+	if (!value || !ename)
+		return;
+
+	if (strcasecmp(value, ename))
+		return;
+
 	if (afb_req_subscribe(request, presence_event) < 0) {
 		AFB_REQ_ERROR(request, "subscribe to presence_event failed");
 		afb_req_reply(request, NULL, "failed", "Invalid event");
-
 		return;
 	}
 
@@ -293,10 +301,18 @@ static void subscribe(afb_req_t request)
 
 static void unsubscribe(afb_req_t request)
 {
+	const char *value = afb_req_value(request, "value");
+	const char *ename = afb_event_name(presence_event);
+
+	if (!value || !ename)
+		return;
+
+	if (strcasecmp(value, ename))
+		return;
+
 	if (afb_req_unsubscribe(request, presence_event) < 0) {
 		AFB_REQ_ERROR(request, "unsubscribe to presence_event failed");
 		afb_req_reply(request, NULL, "failed", "Invalid event");
-
 		return;
 	}
 
-- 
cgit 1.2.3-korg