ADD: Http Support#4
Conversation
…re API endpoint paths
![gemini-code-assist[bot]](https://avatars.githubusercontent.com/in/956858?s=60&v=4){kind=small}
There was a problem hiding this comment.
Code Review
This pull request adds HTTP support to the Anedya SDK, allowing operations like device binding and data submission via REST API. It also refactors configuration to use Kconfig and applies consistent formatting. The review highlights critical issues including missing struct members for dynamic allocation, potential null pointer dereferences in OTA and transaction handling, and a buffer overflow risk in response parsing. Additionally, the feedback recommends avoiding large stack allocations and cleaning up redundant code declarations.
| char http_base_url[100]; // e.g. "device.ap-in-1.anedya.io" | ||
| #endif | ||
| uint8_t is_connected; | ||
| anedya_txn_store_t txn_store; |
There was a problem hiding this comment.
The anedya_client_t structure is missing the tx_buffer and rx_buffer members, which are required when ANEDYA_ENABLE_DYNAMIC_ALLOCATION is defined, as seen in the initialization code in src/anedya_client.c (lines 22 and 25). This will result in a compilation error.
| int str_len = payload_len; | ||
| memset(str, 0, ANEDYA_RX_BUFFER_SIZE); | ||
| memset(buffer, 0, ANEDYA_RX_BUFFER_SIZE); | ||
| memcpy(str, payload, payload_len); | ||
| memcpy(buffer, str, str_len); | ||
| // printf("Payload Received: %s\r\n", str); | ||
| str[str_len] = '\0'; | ||
| buffer[str_len] = '\0'; |
There was a problem hiding this comment.
Critical buffer overflow and out-of-bounds write risk. The payload_len is not validated against ANEDYA_RX_BUFFER_SIZE before the memcpy operations. If payload_len is too large, it will overflow the str and buffer arrays. Additionally, writing a null terminator at str[str_len] and buffer[str_len] is out of bounds if str_len equals ANEDYA_RX_BUFFER_SIZE.
| int str_len = payload_len; | |
| memset(str, 0, ANEDYA_RX_BUFFER_SIZE); | |
| memset(buffer, 0, ANEDYA_RX_BUFFER_SIZE); | |
| memcpy(str, payload, payload_len); | |
| memcpy(buffer, str, str_len); | |
| // printf("Payload Received: %s\r\n", str); | |
| str[str_len] = '\0'; | |
| buffer[str_len] = '\0'; | |
| if (payload_len >= ANEDYA_RX_BUFFER_SIZE) { | |
| _anedya_interface_std_out("Error: Payload too large for RX buffer"); | |
| return; | |
| } | |
| int str_len = payload_len; | |
| memset(str, 0, ANEDYA_RX_BUFFER_SIZE); | |
| memset(buffer, 0, ANEDYA_RX_BUFFER_SIZE); | |
| memcpy(str, payload, payload_len); | |
| memcpy(buffer, str, str_len); | |
| str[str_len] = '\0'; | |
| buffer[str_len] = '\0'; |
| if (_anedya_uuid_parse(deployment_id, dst->deployment_id) != ANEDYA_OK) | ||
| return ANEDYA_ERR_PARSE_ERROR; | ||
|
|
||
| // assetId |
There was a problem hiding this comment.
Potential null pointer dereference. The asset member of anedya_op_ongoing_asset_list_t is a pointer that is accessed here without ensuring it points to a valid anedya_asset_t structure. If the caller has not pre-allocated these structures, the application will crash.
| if (!txn_id || JSON_TEXT != json_getType(txn_id)) { | ||
| _anedya_interface_std_out( | ||
| "Error, the reqId property is not found in the response."); | ||
| } |
There was a problem hiding this comment.
The function continues execution even if the reqId property is missing or invalid. This will lead to a null pointer dereference when json_getValue(txn_id) is called on line 360. A return statement should be added after logging the error.
| if (!txn_id || JSON_TEXT != json_getType(txn_id)) { | |
| _anedya_interface_std_out( | |
| "Error, the reqId property is not found in the response."); | |
| } | |
| if (!txn_id || JSON_TEXT != json_getType(txn_id)) { | |
| _anedya_interface_std_out( | |
| "Error, the reqId property is not found in the response."); | |
| return; | |
| } |
There was a problem hiding this comment.
cannot add api missing it
| #endif /* ANEDYA_CONNECTION_METHOD_MQTT */ | ||
|
|
||
| #ifdef ANEDYA_CONNECTION_METHOD_HTTP | ||
| char resp_buf[ANEDYA_RX_BUFFER_SIZE]; |
There was a problem hiding this comment.
Allocating a large buffer like resp_buf[ANEDYA_RX_BUFFER_SIZE] on the stack is dangerous in embedded systems and can lead to stack overflow. It is better to use a buffer from the client instance or allocate it dynamically.
There was a problem hiding this comment.
will it it later when optimize for the dynamzic allocation
| #ifdef ANEDYA_CONNECTION_METHOD_HTTP | ||
| void _anedya_handle_http_txn_response(anedya_client_t *cl, char *payload, int payload_len, anedya_txn_t *txn); | ||
| #endif |
There was a problem hiding this comment.
The declaration of _anedya_handle_http_txn_response is duplicated here. It is already declared on lines 81-83.
| anedya_err_t err = _anedya_txn_register(client, txn); | ||
| if (err != ANEDYA_OK) { | ||
| return err; | ||
| } | ||
|
|
There was a problem hiding this comment.
Redundant nested #ifdef blocks for ANEDYA_CONNECTION_METHOD_MQTT found here.
#ifdef ANEDYA_CONNECTION_METHOD_MQTT
p = anedya_json_nstr(p, "reqId", slot_number, digitLen, &marker);
#endif…t payload size validation in response handler
| * | ||
| * In HTTP mode there is no long-lived connection to establish. This function | ||
| * simply validates the configuration, builds the base URL, and marks | ||
| * is_connected = 1 so that all operation functions can proceed. |
There was a problem hiding this comment.
is_connected = 1 is misleading when there is no connection. Client programs can break when there is no internet but called client_connect by changing connection method to HTTP by mistake. As programs can simply call is_connected and see it is set to 1 while ther might be situation that device isn't even connected. In fact I suggest that we remove anedya_client_connect from HTTP altogether when HTTP mode is selcted, as there's literally nothing to connect.
There was a problem hiding this comment.
Or other option is throw ANEDYA_UNSUPPORTED_FUNCTION error. The only purpose is if we don't do this users will never know the failure until it happens, as same code which was written for MQTT for checking connection status will keep workign with HTTP mode until operations do not work. That will be a silent failure.
| * | ||
| * @param[in] client Pointer to the anedya_client_t to operate on. | ||
| * @retval ANEDYA_OK always. | ||
| */ |
There was a problem hiding this comment.
Same applies for disconnect, I suggest remove these methods from HTTP mode. This will force users to handle things as per MQTT or HTTP.
| #endif /* ANEDYA_CONNECTION_METHOD_MQTT */ | ||
|
|
||
| #ifdef ANEDYA_CONNECTION_METHOD_HTTP | ||
| void _anedya_handle_http_txn_response(anedya_client_t *cl, char *payload, |
There was a problem hiding this comment.
If possible let's keep the txn_response handling function common between both MQTT and HTTP mode and rather just adjust the core difference that is changed inside that function as per HTTP or MQTT mode. It'll create future bugs when we add more operations into it as we need to maintain now both HTTP part and MQTT part. Keep the path same as long as possible.
2 participants
No description provided.