Credential modification should check type, not just index. (#35074)

bzbarsky-apple · web-flow · commit 232543f2dac3 · 2024-08-30T05:33:19.000-04:00
Credential indices are per-type, so we should be checking both when locating the credential to be modified. This is a backport of #34841 to the 1.2 branch.
diff --git a/src/app/clusters/door-lock-server/door-lock-server.cpp b/src/app/clusters/door-lock-server/door-lock-server.cpp
@@ -2250,8 +2250,9 @@ DlStatus DoorLockServer::modifyCredentialForUser(chip::EndpointId endpointId, ch
 
     for (size_t i = 0; i < user.credentials.size(); ++i)
     {
-        // appclusters, 5.2.4.40: user should already be associated with given credentialIndex
-        if (user.credentials.data()[i].credentialIndex == credential.credentialIndex)
+        // appclusters, 5.2.4.40: user should already be associated with given credential
+        if (user.credentials[i].credentialType == credential.credentialType &&
+            user.credentials[i].credentialIndex == credential.credentialIndex)
         {
             chip::Platform::ScopedMemoryBuffer<CredentialStruct> newCredentials;
             if (!newCredentials.Alloc(user.credentials.size()))
@@ -2295,7 +2296,7 @@ DlStatus DoorLockServer::modifyCredentialForUser(chip::EndpointId endpointId, ch
         }
     }
 
-    // appclusters, 5.2.4.40: if user is not associated with credential index we should return INVALID_COMMAND
+    // appclusters, 5.2.4.40: if user is not associated with the given credential we should return INVALID_COMMAND
     ChipLogProgress(Zcl,
                     "[ModifyUserCredential] Unable to modify user credential: user is not associated with credential index "
                     "[endpointId=%d,userIndex=%d,credentialIndex=%d]",

Original file line number	Diff line number	Diff line change
`@@ -2250,8 +2250,9 @@ DlStatus DoorLockServer::modifyCredentialForUser(chip::EndpointId endpointId, ch`
`2250`	`2250`
`2251`	`2251`	`for (size_t i = 0; i < user.credentials.size(); ++i)`
`2252`	`2252`	`{`
`2253`		`- // appclusters, 5.2.4.40: user should already be associated with given credentialIndex`
`2254`		`- if (user.credentials.data()[i].credentialIndex == credential.credentialIndex)`
	`2253`	`+ // appclusters, 5.2.4.40: user should already be associated with given credential`
	`2254`	`+ if (user.credentials[i].credentialType == credential.credentialType &&`
	`2255`	`+ user.credentials[i].credentialIndex == credential.credentialIndex)`
`2255`	`2256`	`{`
`2256`	`2257`	`chip::Platform::ScopedMemoryBuffer<CredentialStruct> newCredentials;`
`2257`	`2258`	`if (!newCredentials.Alloc(user.credentials.size()))`
`@@ -2295,7 +2296,7 @@ DlStatus DoorLockServer::modifyCredentialForUser(chip::EndpointId endpointId, ch`
`2295`	`2296`	`}`
`2296`	`2297`	`}`
`2297`	`2298`
`2298`		`- // appclusters, 5.2.4.40: if user is not associated with credential index we should return INVALID_COMMAND`
	`2299`	`+ // appclusters, 5.2.4.40: if user is not associated with the given credential we should return INVALID_COMMAND`
`2299`	`2300`	`ChipLogProgress(Zcl,`
`2300`	`2301`	`"[ModifyUserCredential] Unable to modify user credential: user is not associated with credential index "`
`2301`	`2302`	`"[endpointId=%d,userIndex=%d,credentialIndex=%d]",`