Commit Graph

31 Commits

Author SHA1 Message Date
alexstanoev
3a53d96526 Validate MQTT broker IP and escape quotes when displaying
This commit implements address validation for the broker address in the MQTT configuration page of the CC26XX web demo example. Additionally, the Type ID, Org ID, Auth Token, Command Type and Event Type ID fields have quotes escaped (" -> ") to prevent XSS/broken page issues when displaying user-sourced input in HTML input fields.
2017-06-03 00:04:01 +01:00
George Oikonomou
c558e1a559 Revert "Validate MQTT broker IP and escape quotes when displaying" 2017-06-02 23:02:54 +01:00
alexstanoev
6b78ee9a4e MQTT: Validate broker IP and escape quotes when displaying
This commit implements address validation for the broker address in the
MQTT configuration page. Additionally, the Type ID, Org ID, Auth Token,
Command Type and Event Type ID fields have quotes escaped (" -> ")
to prevent XSS issues when displaying user-sourced input.
2017-06-02 15:13:58 +01:00
George Oikonomou
e823ead4b0 Tidy up web demo ADC code style 2017-04-02 13:44:02 +01:00
George Oikonomou
474dc33e12 Wrap web demo ADC functionality inside #if blocks 2017-04-02 13:43:21 +01:00
chenek
22b262ce73 Add ADC example to cc26xx-web-demo 2017-04-02 13:43:12 +01:00
George Oikonomou
e4da7c66e0 Merge pull request #2165 from alexandruioanp/check-ipv6addrconv-mqtt
Check broker IP conversion. Adjust state machine accordingly
2017-04-02 00:33:43 +01:00
Alexandru-Ioan Pop
f15b86158b Check broker IP conversion. Adjust state machine accordingly
The result of converting the IP address of the broker wasn't checked. As a result, the pointer was left uninitialised and the IPv6 address used for connecting was some random data. The function now returns an error. Before connect_to_broker is called, mqtt_register is executed, which memsets conn to 0, making its state 0 (MQTT_CONN_STATE_ERROR). In order to recover from this error state, the extra check was added in the MQTT_CLIENT_STATE_NEWCONFIG state.

This was discovered using [CodeSonar](https://www.grammatech.com/products/codesonar)
2017-03-31 17:33:29 +01:00
alexstanoev
a30364189a Zero out httpd_state before deallocating
When a connection is aborted by the HTTP server while it's still being processed it is possible to hit a null pointer dereference issue by jumping back to a protothread (outputpt) after its httpd_state has been freed. This can be triggered by sending a POST to any form in the CC26xx web demo server using Firefox.
This patch prevents that by zeroing out httpd_state structs before freeing them, thus also clearing the httpd_state->outputpt field.
Tested using Firefox 55.0a1 on a CC2650 LaunchPad.
2017-03-31 16:44:11 +01:00
George Oikonomou
94413f99fe Shrink ND cache and routing table for the CC26xx web demo 2016-07-17 01:31:21 +01:00
George Oikonomou
9839b91be5 Enable the ROM bootloader in our examples 2016-07-17 00:26:52 +01:00
George Oikonomou
61e619dfcd Extend the CC26xx web demo to support the LaunchPad 2016-01-28 11:23:20 +00:00
Jonas Olsson
67045d4012 Export RSSI to default parent in the CC26xx web demo
The current version of the CC26xx web demo publishes over MQTT the default parent's IPv6 address and the last observed RSSI of this link. This is collected by active probing (periodic ping).

This commit brings the probing functionality to the example's main code module. The MQTT client keeps publishing as previously, but we now also export the same information through CoAP resources. Configuration is still possible through the example's web server.
2015-08-23 20:41:12 +01:00
Jonas Olsson
72b586cb7d Modify cc26xx examples to play nicely with the CC13xx addition 2015-08-23 20:41:11 +01:00
Antonio Lignan
2cee62eb33 Merge pull request #1074 from g-oikonomou/cc26xx/contrib/new-cc26xxware
Update to latest CC26xxware and add it as a submodule
2015-05-21 10:01:00 +02:00
Adam Dunkels
730bda2001 Merge pull request #883 from cmorty/pull/global-macros
Move MAX, MIN and ABS to contiki-macros
2015-05-18 21:33:00 +02:00
Moritz 'Morty' Strübe
0dab6926b3 Move MAX, MIN and ABS to sys/cc.h 2015-05-18 08:53:17 +02:00
George Oikonomou
5f4154a0e3 Adjust AON BatMon usage 2015-05-17 14:09:51 +01:00
George Oikonomou
421fbfae25 Change the LPM locks API:
Instead of using a separate data structure to request that a PD remain powered during deep sleep,
we do the same within the main LPM data structure through an additional field.

This allows us to maintain only one linked list of LPM modules and overall improves code clarity
2015-05-15 09:21:02 +01:00
George Oikonomou
00a6c31158 Improve OPT sensor driver and usage
* Query the sensor about its state, rather than using variables in the driver
* Correctly put the sensor to deep sleep
* Fix doxygen comments
* Don't turn off the sensor in examples since it is no longer needed
2015-05-15 09:20:59 +01:00
George Oikonomou
e4722bb0ea Replace SHT21 with HDC1000 in the web demo 2015-05-14 13:20:39 +01:00
George Oikonomou
447be526ae Merge pull request #1046 from g-oikonomou/cc26xx/contrib/slip-and-br
Enable slip-radio and rpl-border-router for CC26xx
2015-05-09 22:51:06 +01:00
George Oikonomou
6e3197b0bf Merge pull request #1008 from g-oikonomou/cc26xx/contrib/web-demo-httpd
Improve HTTPD in the CC26xx web demo
2015-05-09 22:46:26 +01:00
George Oikonomou
f83c4e7286 Improve code style 2015-05-03 22:36:03 +01:00
George Oikonomou
a72d90e283 Control TCP MSS in the project's conf 2015-05-03 13:31:03 +01:00
George Oikonomou
7730215f99 Point all form action attributes to the current html page 2015-03-27 20:18:58 +00:00
George Oikonomou
7637164ae7 Parse filename for POST requests
so we can return it in the "Location:" header subsequently
2015-03-27 20:18:58 +00:00
George Oikonomou
54c1cd05e8 Simplify the page name to script mapping 2015-03-27 20:18:58 +00:00
George Oikonomou
90a3cd8e14 Change the way we handle HTTP response headers 2015-03-27 20:18:58 +00:00
George Oikonomou
733378679f Prettify httpd top matter in the web demo 2015-03-27 20:11:44 +00:00
Jonas Olsson
0f567e499f Add CC26xx examples 2015-02-25 13:15:35 +01:00