GenericNetworkProvisioningServerImpl.ipp has invalid comparison

openweave / openweave-core

openWeave is a home area network application protocol stack designed to enable asynchronous, symmetric, device-to-device, device-to-mobile and device-to-cloud communications for control path and data path messaging.

Apache License 2.0

232 stars 106 forks source link

GenericNetworkProvisioningServerImpl.ipp has invalid comparison #613

Closed jasongraffius closed 3 years ago

jasongraffius commented 4 years ago

The comparison to validate the Thread channel in GenericNetworkProvisioningServerImpl.ipp:

        if (netInfo.ThreadChannel < 11 && netInfo.ThreadChannel > 26)
        {
            statusProfileId = kWeaveProfile_NetworkProvisioning;
            statusCode = kStatusCode_InvalidNetworkConfiguration;
            ExitNow(err = WEAVE_ERROR_INVALID_ARGUMENT);
        }

is invalid, it will always be false due to the non-overlapping comparison.