You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
-[#152] Fixes potential buffer overflows in `parseStringValue` by requiring a size parameter in `jsonStruct_t`.
7
+
-[#155] Fixes other memory corruption bugs; also improves stability.
8
+
9
+
The two bug fixes above are not backwards compatible with v2.3.0. Please see [README.md](README.md#migrating-from-2x-to-3x) for details on migrating to v3.0.0.
Copy file name to clipboardExpand all lines: README.md
+150
Original file line number
Diff line number
Diff line change
@@ -85,6 +85,156 @@ The 2.x branch makes several changes to the SDK. This section provides informati
85
85
86
86
You can find more information on how to use the new APIs in the Readme file for samples that can be found [here](https://github.com/aws/aws-iot-device-sdk-embedded-c/blob/master/samples/README.md)
87
87
88
+
## Migrating from 2.x to 3.x
89
+
AWS IoT Device SDK for Embedded C v3.0.0 fixes two bugs (see #152 and #155) that create a potential buffer overflows. This version is not backward compatible with previous versions, so users will need to recompile their applications with the new version.
90
+
91
+
Users of AWS IoT Device Shadows or Json utility functions such as `extractClientToken`, `emptyJsonWithClientToken`, `isJsonValidAndParse` and `isReceivedJsonValid` are encouraged to upgrade to version v3.0.0. For users who cannot upgrade, review all parts of your solution where user input can be sent to the device, and ensure sufficient authorization of these operations is enforced.
92
+
93
+
Details of the required changes to public functions and data structures are shown below:
94
+
95
+
### Changes in the `jsonStruct` data structure:
96
+
The member `dataLength` has been added to struct `jsonStruct`, which is declared in [include/aws_iot_shadow_json_data.h](include/aws_iot_shadow_json_data.h#L60).
97
+
98
+
```c
99
+
struct jsonStruct {
100
+
const char * pKey;
101
+
void * pData;
102
+
size_t dataLength;
103
+
JsonPrimitiveType type;
104
+
JsonStructCallback_t cb;
105
+
};
106
+
```
107
+
108
+
The size of the buffer `pData` must now be specified by `dataLength`. **Failure to do so may result in undefined behavior**. Below are examples of the code changes required to use the new jsonStruct.
109
+
110
+
With a primitive data type, such as `int32_t`:
111
+
112
+
```c
113
+
…
114
+
jsonStruct_t exampleJsonStruct;
115
+
int32_t value = 0L;
116
+
117
+
/* Set the members of exampleJsonStruct. */
118
+
exampleJsonStruct.pKey = “exampleKey”;
119
+
exampleJsonStruct.pData = &value;
120
+
exampleJsonStruct.type = SHADOW_JSON_INT32;
121
+
exampleJsonStruct.cb = exampleCallback;
122
+
123
+
/* Register a delta callback using example JsonStruct. */
The function `parseStringValue`, declared in [include/aws_iot_json_utils.h](include/aws_iot_json_utils.h#L179) and implemented in [src/aws_iot_json_utils.c](src/aws_iot_json_utils.c#L184), now requires the inclusion of a buffer length. Its new function signature is:
### Changes to functions intended for internal usage:
212
+
Version 3.0.0 changes the signature of four functions intended for internal usage. The new signatures explicitly carry the information for the size of the buffer or JSON document passed as a parameter to the functions. Users of the SDK may need to change their code and recompile to ingest the changes. We report the old and new signatures below.
0 commit comments