Credential modification should check type, not just index. (#35073)

bzbarsky-apple · web-flow · commit a5d5d130a98f · 2024-08-30T05:33:13.000-04:00
Credential indices are per-type, so we should be checking both when locating the credential to be modified. This is a backport of #34841 to the 1.3 branch.
diff --git a/src/app/clusters/door-lock-server/door-lock-server.cpp b/src/app/clusters/door-lock-server/door-lock-server.cpp
@@ -2312,8 +2312,9 @@ DlStatus DoorLockServer::modifyCredentialForUser(chip::EndpointId endpointId, ch
 
     for (size_t i = 0; i < user.credentials.size(); ++i)
     {
-        // appclusters, 5.2.4.40: user should already be associated with given credentialIndex
-        if (user.credentials.data()[i].credentialIndex == credential.credentialIndex)
+        // appclusters, 5.2.4.40: user should already be associated with given credential
+        if (user.credentials[i].credentialType == credential.credentialType &&
+            user.credentials[i].credentialIndex == credential.credentialIndex)
         {
             chip::Platform::ScopedMemoryBuffer<CredentialStruct> newCredentials;
             if (!newCredentials.Alloc(user.credentials.size()))
@@ -2357,7 +2358,7 @@ DlStatus DoorLockServer::modifyCredentialForUser(chip::EndpointId endpointId, ch
         }
     }
 
-    // appclusters, 5.2.4.40: if user is not associated with credential index we should return INVALID_COMMAND
+    // appclusters, 5.2.4.40: if user is not associated with the given credential we should return INVALID_COMMAND
     ChipLogProgress(Zcl,
                     "[ModifyUserCredential] Unable to modify user credential: user is not associated with credential index "
                     "[endpointId=%d,userIndex=%d,credentialIndex=%d]",

Original file line number	Diff line number	Diff line change
`@@ -2312,8 +2312,9 @@ DlStatus DoorLockServer::modifyCredentialForUser(chip::EndpointId endpointId, ch`
`2312`	`2312`
`2313`	`2313`	`for (size_t i = 0; i < user.credentials.size(); ++i)`
`2314`	`2314`	`{`
`2315`		`- // appclusters, 5.2.4.40: user should already be associated with given credentialIndex`
`2316`		`- if (user.credentials.data()[i].credentialIndex == credential.credentialIndex)`
	`2315`	`+ // appclusters, 5.2.4.40: user should already be associated with given credential`
	`2316`	`+ if (user.credentials[i].credentialType == credential.credentialType &&`
	`2317`	`+ user.credentials[i].credentialIndex == credential.credentialIndex)`
`2317`	`2318`	`{`
`2318`	`2319`	`chip::Platform::ScopedMemoryBuffer<CredentialStruct> newCredentials;`
`2319`	`2320`	`if (!newCredentials.Alloc(user.credentials.size()))`
`@@ -2357,7 +2358,7 @@ DlStatus DoorLockServer::modifyCredentialForUser(chip::EndpointId endpointId, ch`
`2357`	`2358`	`}`
`2358`	`2359`	`}`
`2359`	`2360`
`2360`		`- // appclusters, 5.2.4.40: if user is not associated with credential index we should return INVALID_COMMAND`
	`2361`	`+ // appclusters, 5.2.4.40: if user is not associated with the given credential we should return INVALID_COMMAND`
`2361`	`2362`	`ChipLogProgress(Zcl,`
`2362`	`2363`	`"[ModifyUserCredential] Unable to modify user credential: user is not associated with credential index "`
`2363`	`2364`	`"[endpointId=%d,userIndex=%d,credentialIndex=%d]",`