Bug: Possible to overwrite existing observe.

[H732948]

It's possible to partially overwrite an existing observe on resource-level by requesting an observe on object-level for the same object. The first observe will then send a notification with the token of the second observe. The reason for mixing up observes is an insufficient URI match check in prv_findObserved().

I fixed this by changing findObserved() in observe.c to explicitly check that each observe-level is set both in new and existing observe, or unset in both. Otherwise, the entries are considered non-matching.

The function with changes:

static lwm2m_observed_t prv_findObserved(lwm2m_context_t contextP, lwm2m_uri_t uriP) { lwm2m_observed_t targetP; targetP = contextP->observedList; while (targetP != NULL && ((LWM2M_URI_IS_SET_OBJECT(uriP) && targetP->uri.objectId != uriP->objectId) || ((LWM2M_URI_IS_SET_INSTANCE(uriP) != LWM2M_URI_IS_SET_INSTANCE(&targetP->uri)) || (LWM2M_URI_IS_SET_INSTANCE(uriP) && targetP->uri.instanceId != uriP->instanceId)) || ((LWM2M_URI_IS_SET_RESOURCE(uriP) != LWM2M_URI_IS_SET_RESOURCE(&targetP->uri)) || (LWM2M_URI_IS_SET_RESOURCE(uriP) && targetP->uri.resourceId != uriP->resourceId))

ifndef LWM2M_VERSION_1_0

    || (LWM2M_URI_IS_SET_RESOURCE_INSTANCE(uriP) != LWM2M_URI_IS_SET_RESOURCE_INSTANCE(&targetP->uri) ||
        (LWM2M_URI_IS_SET_RESOURCE_INSTANCE(uriP) && targetP->uri.resourceInstanceId != uriP->resourceInstanceId))

endif

       ))
{
    targetP = targetP->next;
}
return targetP;

}

Hope this helps, I don't have time to set up everything to make a proper pull request.

BR, Samuel

[LukasWoodtli]

Thank you for your contribution. I don't know yet if and when we will have the time to integrate it properly with a PR.